On Sun, 25 May 2008 02:44:03 -0000 Peter Clifton <[EMAIL PROTECTED]> wrote:
> On Sun, 2008-05-25 at 00:30 +0000, Jean-Yves Lefort wrote: > > Distributors: please do not ship a MN package with this patch applied. > > Its quality is rather questionable, and I do not want my reputation to > > be damaged by it. > > Is there going to be upstream support for GnuTLS? There is no point. The Debian interpretation [1] is simply wrong, as clearly hinted by the fact that no other vendor seems to adhere to it, and as I am going to demonstrate below. Debian believes that these two OpenSSL licensing clauses conflict with the GPL: * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" According to Debian, "these clauses impose restrictions on people wishing to distribute your program". If this was the case, MN (or any other GPL program linking against OpenSSL) would be infringing the OpenSSL license, since it does not display the mandatory acknowledgement: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" This acknowledgement makes it particularly clear that the two OpenSSL clauses apply to work which includes OpenSSL source code, NOT to work which merely links against the OpenSSL library. Does MN include "software developed by the OpenSSL project"? No. Why should it display an acknowledgement stating that it "includes software developed by the OpenSSL project" when in fact it does not? In other words, if the Debian interpretation was correct, Debian would currently be deliberately violating the OpenSSL licensing terms by shipping hundreds of packages which are linked against OpenSSL but do not include the mandatory acknowledgement. [1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html -- Jean-Yves Lefort <[EMAIL PROTECTED]> -- IMAP/POP3+SSL/TLS are disabled https://bugs.launchpad.net/bugs/44335 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
