GNAT GPL vs non-GPL compatible open source license

GNAT GPL vs non-GPL compatible open source license

[Brian May]

Hello,

An argument against GNAT GPL was that you could not distribute
software that linked against non-GPL compatible licenses, such as
openssl.

Lets say I have an Ada package ABC. It uses openssl extensively. I use
the GPL license for ABC, but add a clause expressly allowing it to be
linked against openssl.

Is this a problem? On one hand ABC and openssl should be OK, but on
the other hand openssl and the GNAT runtime library are both linked in
the one executable. Is this really a problem? Openssl is not derived
from the GNAT run time library, it doesn't even use the GNAT run time
library.

As much as I like the GPL, I dislike the fact if it affects unrelated
software that just happens to be used by the one package.
-- 
Brian May <bam@snoopy.apana.org.au>

Re: GNAT GPL vs non-GPL compatible open source license

[Simon Wright]

Brian May <bam@snoopy.apana.org.au> writes:

> An argument against GNAT GPL was that you could not distribute
> software that linked against non-GPL compatible licenses, such as
> openssl.
>
> Lets say I have an Ada package ABC. It uses openssl extensively. I
> use the GPL license for ABC, but add a clause expressly allowing it
> to be linked against openssl.
>
> Is this a problem? On one hand ABC and openssl should be OK, but on
> the other hand openssl and the GNAT runtime library are both linked
> in the one executable. Is this really a problem? Openssl is not
> derived from the GNAT run time library, it doesn't even use the GNAT
> run time library.

It seems clear enough that at the moment you (and your users) could
not distribute such a binary. Note, the Debian guys seem to think
there's an LGPL replacement for openssl (GNU TLS).

> As much as I like the GPL, I dislike the fact if it affects
> unrelated software that just happens to be used by the one package.

I don't see where it's affecting openssl. It's just affecting the use
you want to make of openssl + GNAT GPL.

I think you (and your users) have to distribute in source form;
problem solved! (I guess there should be a smiley in there somewhere).

Re: GNAT GPL vs non-GPL compatible open source license

[Maxim Reznik]

Brian May wrote:
> Hello,
> 
> An argument against GNAT GPL was that you could not distribute
> software that linked against non-GPL compatible licenses, such as
> openssl.
> 
AFIK openssl is distributed under BSD-style Open Source licenses.
But BSD license is compatible with GPL. You may distribute
your program under GPL even if it includes openssl.

Actualy AWS (Ada Web Server) distributed under GPL even it
contains binding to openssl.

Re: GNAT GPL vs non-GPL compatible open source license

[Brian May]

>>>>> "Maxim" == Maxim Reznik <reznikmm@front.ru> writes:

    Maxim> Brian May wrote:

    >> An argument against GNAT GPL was that you could not distribute
    >> software that linked against non-GPL compatible licenses, such
    >> as openssl.

    Maxim> AFIK openssl is distributed under BSD-style Open Source
    Maxim> licenses.  But BSD license is compatible with GPL. You may
    Maxim> distribute your program under GPL even if it includes
    Maxim> openssl.

That is incorrect.

Looking at the license in Debian:

--- cut ---
  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
  the OpenSSL License and the original SSLeay license apply to the toolkit.
  See below for the actual license texts. Actually both licenses are BSD-style
  Open Source licenses. In case of any license issues related to OpenSSL
  please contact openssl-core@openssl.org.
--- cut ---

This IIRC presents to problems:

1. The BSD license is the old BSD style license with advertising
   clause.

2. The original SSLeay license has a similar clause.

It is the opinion of the Debian legal time that both of these make the
license GPL incompatible. As such, it would be considered a bug if you
were to package code that uses both of these in Debian.

If on the other hand it used the new BSD license without the
advertising clause, that would be OK (my understanding at least).

    Maxim> Actualy AWS (Ada Web Server) distributed under GPL even it
    Maxim> contains binding to openssl.

That looks like a can a worms to me, I think I will stay away...

I will say though that the copyright holder is allowed to do what they
want with their own code - there is no need for the copyright holder
to comply with their own license - the problem exists when third
parties want to be able to distribute the code with incompatible
licenses.

In the case of programmers using libgnat, we don't hold the copyright
for the library so we have to follow the legal requirements for
redistribution.

Also, at one stage there was a FAQ on openssl's website stating that
the openssl license was not GPL incompatible (not sure if it is still
there or not). The Debian legal time strongly disagreed with their
interpretation of the GPL.

Another twist: my understanding is that complying with the GPL
requirements is needed when using rights that are normally revoked by
copyright law but expressly allowed by the GPL. Such as distributing
the product. Using a product you already have (assuming you don't have
a contract that specifies otherwise) is not restricted by copyright
law. So if I compile my own code and don't distribute it (ie. use it
exclusively for myself), I think I can use whatever licenses I want
to... Even no license. All rights reserved.

Disclaimer: I am not a lawyer - this is my understanding only from
talking to various sources including an Australian lawyer.
-- 
Brian May <bam@snoopy.apana.org.au>

Re: GNAT GPL vs non-GPL compatible open source license

[Ludovic Brenta]

Brian May <bam@snoopy.apana.org.au> writes:
> Looking at the license in Debian:
>
> --- cut ---
>   The OpenSSL toolkit stays under a dual license, i.e. both the
>   conditions of the OpenSSL License and the original SSLeay license
>   apply to the toolkit.  See below for the actual license
>   texts. Actually both licenses are BSD-style Open Source
>   licenses. In case of any license issues related to OpenSSL please
>   contact openssl-core@openssl.org.
> --- cut ---
>
> This IIRC presents to problems:
>
> 1. The BSD license is the old BSD style license with advertising
>    clause.
>
> 2. The original SSLeay license has a similar clause.
>
> It is the opinion of the Debian legal time that both of these make the
> license GPL incompatible. As such, it would be considered a bug if you
> were to package code that uses both of these in Debian.
>
> If on the other hand it used the new BSD license without the
> advertising clause, that would be OK (my understanding at least).

Yes, this is my understanding too.

>     Maxim> Actualy AWS (Ada Web Server) distributed under GPL even it
>     Maxim> contains binding to openssl.
>
> That looks like a can a worms to me, I think I will stay away...

Correct.  As of now, the AWS in Debian is still version 2.0p under
GMGPL, so I can distribute a binary of libaws linked with OpenSSL:

Package: libaws2
Priority: optional
Section: libs
Installed-Size: 2496
Maintainer: Ludovic Brenta <ludovic@ludovic-brenta.org>
Architecture: i386
Source: libaws
Version: 2.0p-6
Depends: libc6 (>= 2.3.5-1), libgnat-3.15p-1 (>= 3.15p-13),
    libldap2 (>= 2.1.17-1), libssl0.9.7, libxmlada1,
    zlib1g (>= 1:1.2.1)
...

(notice libssl0.9.7: this is the shared library package for OpenSSL)

However, after I do the transition to a newer GNAT, I will want to
package AWS 2.1 which is under pure GPL.  At that point, I will not be
able to distribute binaries linked with OpenSSL.  I may either drop
the SSL functionality, or try to use GNU TLS instead of OpenSSL.  In
fact, if Pascal and Dmitriy are listening, it would help me quite a
lot if you would consider doing this in the next release of AWS.  (It
would also help if you would call it AWS 3.0, because Debian policy
requires that the soname change if the binary interface changes).

-- 
Ludovic Brenta.

Re: GNAT GPL vs non-GPL compatible open source license

[Pascal Obry]

Ludovic,

> However, after I do the transition to a newer GNAT, I will want to
> package AWS 2.1 which is under pure GPL.  At that point, I will not be
> able to distribute binaries linked with OpenSSL.  I may either drop
> the SSL functionality, or try to use GNU TLS instead of OpenSSL.  In
> fact, if Pascal and Dmitriy are listening, it would help me quite a
> lot if you would consider doing this in the next release of AWS.  (It
> would also help if you would call it AWS 3.0, because Debian policy
> requires that the soname change if the binary interface changes).

I'm listening. No surprise here, the move from OpenSSL to GNU/TLS is in
the TODO since the early days. We wanted to use GNU/TLS but when we
started to look at this with Dmitriy it was still beta. At this point
GNU/TLS is mature and we are considering using it instead of OpenSSL.
Note that this is not something we can do without lot of thinking and
testing as the SSL layer is very sensitive.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|              http://www.obry.net
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595