-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 5 Jun 2004, Thomas Anders wrote:
> Remember, the license problem is OpenSSL, not Net-SNMP itself.
> This question may sound strange, but: Are we *really* already
> violating their license if we just happen to link against libcrypto
> (due to compile-time dependencies) without using *any* of their
> functionality, neither directly (Ethereal), nor indirectly (through
> the net-snmp functions we use)?
Fortunately it appears that such hairsplitting is not necessary. The GPL
is about copying and distribution, not use. I find only one instance of
the idea of restricting use of the covered program, in section 8, and that
section speaks of restrictions on use imposed by local laws and *not* of
any conditions of use required by the GPL.
I guess the answer to the question is: yes, if someone is distributing
binaries which link OpenSSL with code whose license is incompatible with
OpenSSL's, such distribution is not permitted by the terms of OpenSSL's
license and should cease.
> Even then, we can still produce binary distributions under GPL with
> the existing code and full SNMP functionality if we compile Net-SNMP
> without OpenSSL support and link with it. Our source distributions
> don't include any OpenSSL code either. So what?
Exactly. The *distribution* of a binary which aggregates packages with
incompatible licenses is the problem. There's no problem I can see (so
far as GPL is concerned) with linking Ethereal, Net-SNMP, and OpenSSL
together for one's own use; one is merely prohibited from distributing the
result. There's no need to cripple the build process just because someone
[raises hand] prefers to have Net-SNMP linked with OpenSSL, requiring that
perhaps a goodly number of people keep two nearly-identical versions of
Net-SNMP around just to satisfy Ethereal's build rules. The person who
builds Ethereal binaries for distribution is the only one who needs to be
concerned about such matters, so far as I can see. It seems to me that
the only change needed to the package is to ensure that there are warnings
about this issue in the configuration/build documentation.
- --
Mark H. Wood, Lead System Programmer mwood@xxxxxxxxx
Open-source executable: $0.00. Source: $0.00 Control: priceless!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQFAxH1Zs/NR4JuTKG8RAiubAKCPbpVUgRq3PCwizxm0jUIOmVKydgCeKhr7
oK3VRTxbhSg+CfBGJHKmKRY=
=fC4w
-----END PGP SIGNATURE-----