Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries

Sat Jan 19 21:40:18 UTC 2013

Package: elmer
Version: 6.1.0.svn.5396.dfsg2-1
Severity: serious
Justification: Policy 2.3

Hello,
this may sound like a revival of bug #618696 [1], but in fact it's distinct
(although the evergreen OpenCASCADE GPL-incompatibility is still
involved...).

[1] http://bugs.debian.org/618696

Let's start from the beginning, anyway.

I've recently found out that all libav binary packages in Debian are
effectively licensed under the GNU GPL, rather than under the GNU LGPL.
This would have been easier to spot, if more clearly documented [2].

[2] http://bugs.debian.org/698019

After this discover, I searched for packages potentially affected
by this strong copyleft. I noticed that the binary package named "elmer"
depends on some libav packages and I remembered the well-known
OpenCASCADE GPL-incompatibility.

Hence, I examined all the binaries shipped by the elmer binary package
with ldd and I found out that /usr/bin/ElmerGUI.real is linked with
the following libraries, among others:

libTKSTL.so.2
[...]
libTKXSBase.so.2
 => OCE (OpenCASCADE Community Edition) License: OCTPL GPL-incompatible

libmysqlclient.so.18
 => MySQL client library License: GPL-2+ with FOSS exception (which does
    not allow linking with OCTPL-licensed works...)

libavformat.so.53
 => libavformat Effective license: GPL-3+
libavcodec.so.53
 => libavcodec          Effective license: GPL-2+
    or libavcodec-extra Effective license: GPL-3+
libavutil.so.51
 => libavutil Effective license: GPL-2+
libswscale.so.2
 => libswscale Effective license: GPL-2+

(for further details, see the already mentioned bug #698019 [2],
 especially its message #27 [3])

[3] http://bugs.debian.org/698019#27

libcrypto.so.1.0.0
libssl.so.1.0.0
 => OpenSSL License: OpenSSL license (which is GPL-incompatible!)

libjbig.so.0
 => JBIG-KIT library License: GPL-2+

libxvidcore.so.4
 => Xvid library License: GPL-2+

libx264.so.123
 => x264 library License: GPL-2+ (unless used solely through
                                  avisynth_c.h interfaces)

libmp3lame.so.0
 => LAME library License: GPL-2+ (since it apparently includes
                                  GPL-licensed files)

So, in summary, it seems to me that this binary is linked with
a number of GPL-licensed libraries, and with two GPL-incompatible
libraries (OpenCASCADE Community Edition and OpenSSL).

Once again, the possible solutions I can think of, in descending order
of desirability, are:

 (A) Open CASCADE S.A.S. should be contacted and persuaded to
re-license Open CASCADE Technology under GPLv2-and-v3-compatible terms;
OpenSSL should be replaced by GnuTLS or disabled.

 (B) OpenCASCADE Community Edition should be substituted with a
GPLv2-and-v3-compatible replacement, if any is available; OpenSSL
should be replaced by GnuTLS or disabled.

 (C) All the GPL-licensed libraries should be substituted with
non-strong-copyleft replacements or disabled.

As usual, if anyone is willing to contribute to the persuasion effort
I am carrying on to convince Open CASCADE S.A.S. to switch to the
GNU LGPL v2.1, his/her help will be more than appreciated by me!
As explained in bug #617613 [4], I have been trying hard to achieve
this result since April 2009...

[4] http://bugs.debian.org/617613

Thanks for any help you can provide.

P.S.: the binary package named "libelmersolver-6.1" probably needs
      a similar audit