Hi, I'm asking for advice.
The best explanation can be found at this feature request on SourceForge: http://sourceforge.net/tracker/index.php?func=detail&aid=890674&; group_id=8642&atid=358642 This is licence related. I'm using Debian, and prefer to grab netatalk using the appropriate package [1]. However, this package is not allowed to link to OpenSSL (and thus DHX passwords are disabled) [2]. The reason comes from debian- legal (don't ask *me*, I'm an ignorant user): "GPL software linked against OpenSSL is not allowed in the main archive without either a license exemption from the upstream author of the GPL package, a change in the license of OpenSSL itself, or a clear legal precedent sustaining the OpenSSL FAQ's opinion on this point." [3] In short, the OpenSSL and GPL are incompatible (as was noted on this list in 2001), so you may link it yourself, but may not distribute it because the GPL forbids it, despite that both licences are considered "free". (Well, at least that's what people on debian-legal claim). Thankfully, both the OpenSSL FAQ [4] and the GPL FAQ [5] give a solution: Add an exception to the licence, stating that it really is OK with you to compile the whole bunch, link with OpenSSL and put it in a package. So, my question. Could you pretty please add the following statement in one of your legal-blahblah files for both the 1.6 and 2.0 version? I just copied it from gnu.org [5]: "In addition, as a special exception, the netatalk developers give permission to link the code of this program with the OpenSSL library (or with modified versions of OpenSSL that use the same license as OpenSSL), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version." [1] http://packages.debian.org/netatalk [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=191790 [3] http://lists.debian.org/debian-legal/2002/debian-legal -200210/msg00173.html [4] http://www.openssl.org/support/faq.html#LEGAL2 (last paragraph of answer) [5] http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs Thanks a LOT! And sorry to have distracted you from serious coding with this silly feature! I have since bother the maintainer of netatalk debina package and the upstream maintainers. The latter are perfectly happy to make the exception to the licence, but can not: We have discussed this internally, and I fear it is not possible to make that change. Netatalk (at least 2.0) includes some GPL'ed code from other projects, mostly libiconv and Samba. Distributing Netatalk under a different license than the original GPL is AFAIKT (IANAL) therefore impossible without getting the permissions from the original authors and possibly all other contributors. So: my questions: 1. Has anything changed in the statement made to debian-legal in 2002? 2. Is the netatalk upstream author correct that he cannot reasonably make the exception (without asking all possible contributors) 3. Is there any way of getting netatalk with encrypted passwords in sarge? I can think of source-only distributions, or asking to move it out of main. However, I do not fully understand the implications of this. So: what would be a possible next move? Maybe just put it in Sarge, and ask FSF to sue you to create legal precedent? :-) Kind regards, Freek Dijkstra [rant mode on] PS: to play the devils advocate on this list: is this [EMAIL PROTECTED]&$(%$ really necessary for me as an end-user to get open-source software to work? I'd rather had spend all this time doing something *useful*. All lawyers on this list: please find an other job. ;-) [rant mode off]
