Hi debian-legal, Some people, who submitted or commented on bug #515200 would like to have a version of pycurl linked with OpenSSL, mostly because of features provided.
Before going ahead with that, the maintainer asked to have some opinion from -legal, so with this post I'm trying to solicit comments. According to my understandment: - OpenSSL is released under a license which is GPL incompatible, unless an exception to the GPL is used in the software compiled with it. Debian cannot distribute GPL software released under the unmodified GPL and linked against OpenSSL. - pycurl is released under the LGPL (2.1 or later) or a MIT/X derivative license based on the one of curl itself. Neither of these licenses is incompatible with OpenSSL, and as for curl itself we should be able to provide a version of pycurl which uses openssl. Am I correct up to here? Now, what would be the status of (unmodified) GPL python software which imports pycurl? Is this considered the same as linking, and would it have to make sure it uses the GNUTLS version, by depending on it? This might open discussions about how to provide the feature tecnically (different module names in python, conflicting packages, etc) and make sure legality is kept, but in the meantime we'd just like a legal opinion on what would or would not be ok. (also considering it's OK for a user to use GPL+OpenSSL software if he wants, it's just not OK for us to distribute it). Thanks a lot for your help and attention, Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
