From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vagrant Cascadian Subject: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Date: Sat, 02 Mar 2019 17:58:20 -0800 Message-ID: <87tvgkiurn.fsf@ponder> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:35422) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0GP9-000421-Qk for bug-guix@gnu.org; Sat, 02 Mar 2019 20:59:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h0GP8-0008Bc-Sn for bug-guix@gnu.org; Sat, 02 Mar 2019 20:59:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:44441) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h0GP8-0008BC-Pe for bug-guix@gnu.org; Sat, 02 Mar 2019 20:59:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h0GP8-000298-G5 for bug-guix@gnu.org; Sat, 02 Mar 2019 20:59:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([209.51.188.92]:35329) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0GOd-0003zL-P7 for bug-guix@gnu.org; Sat, 02 Mar 2019 20:58:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h0GOc-0007Eq-Cp for bug-guix@gnu.org; Sat, 02 Mar 2019 20:58:31 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:54026) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0GOc-0007CS-4f for bug-guix@gnu.org; Sat, 02 Mar 2019 20:58:30 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100e]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 9DC5A1AA27 for ; Sat, 2 Mar 2019 17:58:25 -0800 (PST) List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 34717@debbugs.gnu.org --=-=-= Content-Type: text/plain The u-boot package definition includes openssl amoung it's inputs, but is also a GPL2+ software project... but the GPL and OpenSSL licenses are incompatible: https://www.gnu.org/licenses/license-list.html#OpenSSL It doesn't explain the details of *why* they're incompatibly, which is astoundingly unhelpful. The best explanation I've found is here: https://people.gnome.org/~markmc/openssl-and-the-gpl.html Essentially, the Openssl/SSLeay license(s) place additional restrictions requiring "advertising" clause when distributing in binary form, while the GPL forbids placing additional restrictions on distribution. I'm not sure if there's a simple way to search for other packages with license:gpl and openssl as an input in order to do a quick pass at auditing... some packages may use the openssl binary as part of the build process or tests, and not linking any GPLed code against it; in those cases there would be no license conflict. Since I believe the incompatibility is only invoked when distributing binaries, GNU Guix may be in an interesting position to at least make a simple workaround for affected packages by using: (arguments `(#:substitutable? #f)) Thus disabling substitutes. Though it poses a curious philosophical question weather that is an acceptible/appropriate workaround for GNU Guix... In the Debian u-boot packaging, some of the features using openssl are disabled, and some of the u-boot targets that require openssl are not part of the packages. I'd be happy to help with making such adjustments if this is deemed the better approach for u-boot specifically. Other more long-term approaches: Patch (and submit upstream) the affected packages to support using other GPL compatible libraries, such as gnutls. If upstream is reasonably able to add a license exception, that could also resolve the issue: https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXHs0vAAKCRDcUY/If5cW qpx5AQD1tIZOPkaVIfPvFxiCO5fh+3pHugUaX4ysih2phFjTAAEAvlbLHriinnPU PbP4TpS6+1WPLiuGiADU1wz75h8LZQk= =iuiX -----END PGP SIGNATURE----- --=-=-=--