[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-mac
Subject: Re: [KDE/Mac] Binary distribution license check
From: John Layt <jlayt () kde ! org>
Date: 2014-04-13 13:26:36
Message-ID: CAM1DM6kXLGEcgM_msNnOH1=6KZsUsovMJ6O=OZGUfggfZGi3XQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 12 April 2014 23:36, <mk-lists@email.de> wrote:
> Hi guys,
>
> perhaps this is the wrong list for such a question, but let's start here
> first...
>
> When I check on MacPorts for a typical KDE application whether it is
> binary distributable, e.g. for KMyMoney, I get something like this:
> --
> "git-core" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> "p5.16-net-ssleay" is not distributable because its license "OpenSSL"
> conflicts with license "GPL-3+" of dependency "gdbm"
> "soprano" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> "gtk-doc" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> "itstool" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> "virtuoso" is not distributable because its license "GPL" conflicts with
> license "OpenSSL" of dependency "openssl"
> "virtuoso-7" is not distributable because its license "GPL" conflicts with
> license "OpenSSL" of dependency "openssl"
> "ImageMagick" is not distributable because its license "apache" conflicts
> with license "GPL-2" of dependency "libpaper"
> "ghostscript" is not distributable because its license "agpl" conflicts
> with license "GPL-2" of dependency "libpaper"
> "dbusmenu-qt" is not distributable because its license "gpl" conflicts
> with license "OpenSSL" of dependency "openssl"
> "mysql5" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> "poppler-qt4-mac" is not distributable because its license "gpl" conflicts
> with license "OpenSSL" of dependency "openssl"
> "poppler" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> "gnupg" is not distributable because its license "gpl" conflicts with
> license "OpenSSL" of dependency "openssl"
> --
> i.e. 14 ports which must be build by the user due to conflicting licenses,
> mostly due to OpenSSL.
>
> I am curious on how typical Linux distributions actually handle these
> cases.
>
I was just about to ask on the other thread what the licensing issues are,
so is it just OpenSSL causing problems?
We do have a special KDE list for licensing issues
https://mail.kde.org/mailman/listinfo/kde-licensing that it may be worth
asking things on. Another option is to ask Sune Vuorela, a core KDE hacker
and Debian packager who is usually very clued-up on such issues, or better
yet ask on the
I think most distros get around it by using the "part of the OS" exception
in the GPL that OpenSSL themselves says applies [1], although it appears
Debian no longer finds this viable as individual GPL authors could say they
don't believe the exemption applies [2], but it could well be argued that
any GPL author who decides to use OpenSSL is implicitly saying they think
the exception applies. I'm not sure the exception is an option for
MacPorts though.
I believe though that LGPL is allowed to link against OpenSSL, and GPL apps
can link to the LGPL apps, so a lot of the problem seems to be unnecessary,
the apps affected just need to use an LGPL wrapper (like Qt), or find an
alternative library to use for their needs GnuTSL, or something that
supports just the bits they need. Perhaps you need to open bugs against
each of the affected apps to find out why they need to depend on things
that use OpenSSL (e.g. I really don't see why KMyMoney needs git-core or
gtk-doc, or is that a MacPorts packaging problem?). If they can't stop
using it then they could try make it a plugin that can be built and shipped
separately.
From that list, the big problems for KDE are Poppler and MySQL and perhaps
GnuPG for PIM (as Ian notes, Virtuoso and Soprano are going away in 4.14).
Cheers!
John.
[1] http://www.openssl.org/support/faq.html#LEGAL2
[2] https://people.gnome.org/~markmc/openssl-and-the-gpl.html
[Attachment #5 (text/html)]
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 12 April 2014 \
23:36, <span dir="ltr"><<a href="mailto:mk-lists@email.de" \
target="_blank">mk-lists@email.de</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> Hi guys,<br>
<br>
perhaps this is the wrong list for such a question, but let’s start here \
first...<br> <br>
When I check on MacPorts for a typical KDE application whether it is binary \
distributable, e.g. for KMyMoney, I get something like this:<br> —<br>
"git-core" is not distributable because its license "gpl" \
conflicts with license "OpenSSL" of dependency "openssl"<br> \
"p5.16-net-ssleay" is not distributable because its license \
"OpenSSL" conflicts with license "GPL-3+" of dependency \
"gdbm"<br> "soprano" is not distributable because its license \
"gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "gtk-doc" is not distributable because its license \
"gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "itstool" is not distributable because its license \
"gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "virtuoso" is not distributable because its license \
"GPL" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "virtuoso-7" is not distributable because its \
license "GPL" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "ImageMagick" is not distributable because its \
license "apache" conflicts with license "GPL-2" of dependency \
"libpaper"<br> "ghostscript" is not distributable because its \
license "agpl" conflicts with license "GPL-2" of dependency \
"libpaper"<br> "dbusmenu-qt" is not distributable because its \
license "gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "mysql5" is not distributable because its license \
"gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "poppler-qt4-mac" is not distributable because its \
license "gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "poppler" is not distributable because its license \
"gpl" conflicts with license "OpenSSL" of dependency \
"openssl"<br> "gnupg" is not distributable because its license \
"gpl" conflicts with license "OpenSSL" of dependency \
"openssl”<br> —<br>
i.e. 14 ports which must be build by the user due to conflicting licenses, mostly due \
to OpenSSL.<br> <br>
I am curious on how typical Linux distributions actually handle these \
cases.<br></blockquote><div><br></div><div>I was just about to ask on the other \
thread what the licensing issues are, so is it just OpenSSL causing problems?<br> \
<br>We do have a special KDE list for licensing issues <a \
href="https://mail.kde.org/mailman/listinfo/kde-licensing">https://mail.kde.org/mailman/listinfo/kde-licensing</a> \
that it may be worth asking things on. Another option is to ask Sune Vuorela, \
a core KDE hacker and Debian packager who is usually very clued-up on such issues, \
or better yet ask on the <br><br>I think most distros get around it by using the \
"part of the OS" exception in the GPL that OpenSSL themselves says applies \
[1], although it appears Debian no longer finds this viable as individual GPL authors \
could say they don't believe the exemption applies [2], but it could well be \
argued that any GPL author who decides to use OpenSSL is implicitly saying they \
think the exception applies. I'm not sure the exception is an option for \
MacPorts though.<br><br>I believe though that LGPL is allowed to link against \
OpenSSL, and GPL apps can link to the LGPL apps, so a lot of the problem seems to be \
unnecessary, the apps affected just need to use an LGPL wrapper (like Qt), or find an \
alternative library to use for their needs GnuTSL, or something that supports just \
the bits they need. Perhaps you need to open bugs against each of the affected \
apps to find out why they need to depend on things that use OpenSSL (e.g. I really \
don't see why KMyMoney needs git-core or gtk-doc, or is that a MacPorts packaging \
problem?). If they can't stop using it then they could try make it a plugin \
that can be built and shipped separately.<br> <br></div><div>From that list, the big \
problems for KDE are Poppler and MySQL and perhaps GnuPG for PIM (as Ian notes, \
Virtuoso and Soprano are going away in \
4.14).<br><br></div><div>Cheers!<br><br>John.<br></div></div><br> [1] <a \
href="http://www.openssl.org/support/faq.html#LEGAL2">http://www.openssl.org/support/faq.html#LEGAL2</a><br>[2] \
<a href="https://people.gnome.org/~markmc/openssl-and-the-gpl.html">https://people.gnome.org/~markmc/openssl-and-the-gpl.html</a><br>
</div></div>
_______________________________________________
kde-mac@kde.org
List Information: https://mail.kde.org/mailman/listinfo/kde-mac
KDE/Mac Information: http://techbase.kde.org/index.php?title=Projects/KDE_on_Mac_OS_X
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic