CUPS is now linked against OpenSSL (and will stay GPLv2-only)

Didier 'OdyX' Raboud odyx at
Tue Jan 14 09:53:51 UTC 2014

Le lundi, 13 janvier 2014, 17.38:12 Didier Raboud a écrit :
> Le samedi, 11 janvier 2014, 14.22:28 Daniel Kahn Gillmor a écrit :
> >  0) ask CUPS to move from GPL2 to GPL2+ (with or without OpenSSL
> >     exception)
> As asking generally can't hurt, I have filed
> on the upstream bugtracker to discuss
> that. I'll keep the list posted.

The answer came back faster than I expected and is public [1], I'm 
quoting it here for completeness' sake:

Le lundi, 13 janvier 2014, 14:24:33 Michael Sweet a écrit :
> We cannot, for a number of legal and (Apple) liability reasons,
> relicense CUPS as [L]GPL2+.  It will never happen.
> OpenSSL support has been removed from the CUPS 2.0 source code and is
> not an option.
> That leaves you with using GnuTLS ([L]GPL2/3) or porting Apple's
> CDSA/Security code (Apache license), although the Apache license may
> not be GPL3 compatible according to the FSF.  Given that GnuTLS is
> included with basically every Linux distribution as a standard OS
> component, it SHOULD automatically fall under the [L]GPL2/3 exception
> for system libraries (just as OpenSSL should have fallen under the
> same exception...)  If not, then I humbly suggest you talk to the FSF.

Now, for the set of options he described:

1) OpenSSL
   As he claims that OpenSSL has been removed from the master CUPS
   branch, I think that this, by itself, disqualifies the linking of
   libcups2 against OpenSSL, as it would be a dead end.

2) GnuTLS
   2.x is useable but deprecated, 3.x is GPLv3+ through GMP. We're back
   to "talk to the FSF to license GMP back to LGPLv2+"

3) Apple CDSA / libsecurity
   From [1], this is currently being deprecated by Apple from OSX v10.7.
   Also, it licensed under the APSL [Apple Public Source License] which
   is incompatible with the GPL. It isn't packaged in Debian as far as I
   could find.

So in the current situation, I don't see any good long-term solution but 
a port to another license-compatible library such as polarssl…


[1] And GPG-signed:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Pkg-gnutls-maint mailing list