On Tue, Aug 14, 2007 at 12:55:41AM +0800, James Andrewartha wrote: > Now that GPLv3 is out, everything that's GPLv2 or later (which is most > packages, except nuauth, zabbix-agent and maybe others) can be distributed > as GPLv3 and linked against OpenSSL, due to the following text of GPLv3:
> The "System Libraries" of an executable work include anything, other than > the work as a whole, that (a) is included in the normal form of packaging > a Major Component, but which is not part of that Major Component, and (b) > serves only to enable use of the work with that Major Component, or to > implement a Standard Interface for which an implementation is available to > the public in source code form. A "Major Component", in this context, > means a major essential component (kernel, window system, and so on) of > the specific operating system (if any) on which the executable work runs, > or a compiler used to produce the work, or an object code interpreter used > to run it. > The "Corresponding Source" for a work in object code form means all the > source code needed to generate, install, and (for an executable work) run > the object code and to modify the work, including scripts to control those > activities. However, it does not include the work's System Libraries, > Of course, IANAL and it might be easier to wait until 2.4 is released than > doing a license audit. FWIW, it seems to be the FSF's position that the rewritten "system libraries" exception in GPLv3 does *not* apply to libraries such as OpenSSL, only to libraries that constitute "language runtimes". I don't think this follows directly from the license as written, but it seems once again to at least be a /tenable/ position for the FSF to hold, so we're no better off vis à vis OpenSSL under GPLv3 than we were under GPLv2. Discussion of this can be found in the debian-legal list archives for July. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
