Hi, On Wed, 2025-04-16 at 07:27 +0200, Simon Josefsson wrote: > Yes that seems likely. I think that the decision in other distributions > may have had more to do with aligning interests with organization who > fund them, though.
This is moving into conspiracy theory territory... We can as well suspect reptiloids behind this. Maybe other distributions also noticed that the system library exception is required to distribute most GPL-2-only or GPL-3-only software in practice. That is something the FSF forced, whatever their motivations behind this are. > I believe that those components (compiler, kernel, OpenSSL, etc) > accompany the executable for Debian. So the exception does not appear > applicable to me. > > The system library exception was not intended for distributions to be > able to link GPLv2 code to GPLv2-incompatible code: there is no "just > happens to" occuring in this situation, it is an intentional decision > made by packagers (which can be reversed to respect copyright holders). Debian has always allowed GPL-2-only code linked against GPL-3+-only libraries such as the libstdc++ or GCC runtime libraries. (You ignore that libraries aside of OpenSSL exist.) Debian also has always allowed GPL-2-only code linked against OpenSSL if one specific means of doing so was not used, for example we had (and continue to have) GPL-2-only code using `import ssl` (directly or indirectly) in Debian which happens to... link OpenSSL at runtime. Debian treated one specific technical implementation of linking (instructions for ld.so) for one specific system library (OpenSSL) differently and stopped doing so. So let me ask you directly: do you think we should remove all GPL-3 software directly or indirectly including anything from /usr/include/linux/*.h? Do you think we should remove all GPL-2 software linking libstdc++ or other GCC runtime libraries? Do you think we should remove all GPL-2 software linking (L)GPL-3+ libraries such as GnuTLS? Do you think we should remove all GPL-2 software linking OpenSSL in any way (including via `import ssl` or similar)? Do you think we should remove all GPL-2 software linking any other library licensed under, say, Apache-2 in any way (including via Python imports or similar)? Do you have any idea how much software would be affected? Which of those must in your opinion be done before the release of trixie? Ansgar
