all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others
@ 2019-03-03  1:58 Vagrant Cascadian
  2019-03-06 15:15 ` Ludovic Courtès
  0 siblings, 1 reply; 22+ messages in thread
From: Vagrant Cascadian @ 2019-03-03  1:58 UTC (permalink / raw)
  To: 34717

[-- Attachment #1: Type: text/plain, Size: 1941 bytes --]

The u-boot package definition includes openssl amoung it's inputs, but
is also a GPL2+ software project... but the GPL and OpenSSL licenses are
incompatible:

  https://www.gnu.org/licenses/license-list.html#OpenSSL

It doesn't explain the details of *why* they're incompatibly, which is
astoundingly unhelpful. The best explanation I've found is here:

  https://people.gnome.org/~markmc/openssl-and-the-gpl.html

Essentially, the Openssl/SSLeay license(s) place additional restrictions
requiring "advertising" clause when distributing in binary form, while
the GPL forbids placing additional restrictions on distribution.


I'm not sure if there's a simple way to search for other packages with
license:gpl and openssl as an input in order to do a quick pass at
auditing... some packages may use the openssl binary as part of the
build process or tests, and not linking any GPLed code against it; in
those cases there would be no license conflict.


Since I believe the incompatibility is only invoked when distributing
binaries, GNU Guix may be in an interesting position to at least make a
simple workaround for affected packages by using:

  (arguments `(#:substitutable? #f))

Thus disabling substitutes. Though it poses a curious philosophical
question weather that is an acceptible/appropriate workaround for GNU
Guix...


In the Debian u-boot packaging, some of the features using openssl are
disabled, and some of the u-boot targets that require openssl are not
part of the packages. I'd be happy to help with making such adjustments
if this is deemed the better approach for u-boot specifically.


Other more long-term approaches:

Patch (and submit upstream) the affected packages to support using other
GPL compatible libraries, such as gnutls.

If upstream is reasonably able to add a license exception, that could
also resolve the issue:

  https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

end of thread, other threads:[~2021-10-24  8:53 UTC | newest]

Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-03-03  1:58 bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Vagrant Cascadian
2019-03-06 15:15 ` Ludovic Courtès
2019-03-06 18:12   ` Danny Milosavljevic
2019-03-08  9:59     ` Ludovic Courtès
2019-03-07  4:17   ` Vagrant Cascadian
2019-03-07 23:02     ` Vagrant Cascadian
2019-03-08 10:23       ` Ludovic Courtès
2019-03-08 19:14         ` Vagrant Cascadian
2019-03-09 21:57           ` Ludovic Courtès
2019-03-09 23:10             ` Vagrant Cascadian
2019-03-10  3:58               ` Jack Hill
2019-03-10 17:12               ` Ludovic Courtès
2021-10-22  6:17         ` Vagrant Cascadian
2021-10-22 20:35           ` Leo Famulari
2021-10-22 21:15             ` Vagrant Cascadian
2021-10-23  9:08               ` Maxime Devos
2021-10-22 21:17           ` Vagrant Cascadian
2021-10-23 19:44             ` Leo Famulari
2021-10-24  8:50               ` Dr. Arne Babenhauserheide
2019-03-08 10:08     ` Ludovic Courtès
2019-03-08 10:16       ` Ludovic Courtès
2019-03-15 23:55     ` Adonay Felipe Nogueira

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.