On 14/04/2025 11:14 am, Andreas Metzler wrote:
Didn't OpenSSL switch license to Apache 2.0 and now compatible with GPL? What am I missing here?On 2025-04-13 Chris Hofstaedtler <z...@debian.org> wrote:brian m. carlson (one of the git upstream copyright holders) claims in Bug #1094969 that git cannot be distributed when linked with OpenSSL. IIRC the Debian position is to use the system library exception. Indeed our /usr/lib/git-core/git-remote-https links against libssl.so.3, probably via libcurl-gnutls.so.4. To avoid introducing distro-wide changes at a time where this seems inappropriate, an option is to disable building git with libcurl. Below is a simple patch to accomplish this. Barring any new insights or feedback from the involved maintainers, this might be a way out. I believe all relevant people are in CC:, and they can figure this out. Details can be found in the bug.[...]Hello, well, we have decided to use the system library exception because we thought we had the right to so, not because we hoped that no copyright holder would notice. Undoing this for specific packages where a copyright holders tells us he disagrees undermines this position. Imho we need to either with using the exception or somebody(TM) needs to do a license analysis of our packages and we then need to implement coding changes to weed out any and all GPL<->openssl linkage. Personally I doubt we have the manpower nowadays to switch back from linking against OpenSSL. cu Andreas
OpenPGP_0x8F53E0193B294B75.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
