[Pkg-openssl-devel] Bug#804487: Bug#804487: openssl_1.0.2d-3 breaks mumble and mumble-server after binNMU

Mikkel Krautz mikkel at krautz.dk
Sun Mar 13 15:35:24 UTC 2016


On Sun, Mar 13, 2016 at 4:18 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Sun, Mar 13, 2016 at 03:55:54PM +0100, Mikkel Krautz wrote:
>> On Sun, Mar 13, 2016 at 3:36 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
>> > On Sun, Mar 13, 2016 at 03:28:30PM +0100, Mikkel Krautz wrote:
>> >> A tiny bit of follow-up to my suggestion of using "-openssl-linked" for Qt:
>> >>
>> >> In the earlier Debian bug that was linked by Chris, it was brought up
>> >> that an application may use QtNetwork without using SSL, and therefore
>> >> might not be able to link against OpenSSL due to license
>> >> incompatibilities:
>> >>
>> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623596#94
>> >
>> > OpenSSL will be changing it's license, so hopefully this won't be
>> > a problem in the future.
>>
>> While I applaud the license change (I love it!), I don't think it
>> comes without problems of its own.
>>
>> Last I heard, the chosen license was Apache 2 (per the blog post), so
>> I obviously don't know if things have changed.
>>
>> The FSF considers the Apache 2 license incompatible with GPLv2, so
>> there are still going to be issues, since it's inevitable that some
>> software will stick to GPLv2 (like Linux). But the incompatibility
>> seems to only apply to some situations:
>
> We are considering a GPLv2 exception, but I really have no details
> about that yet.
>
>> I think it would have been better to align with BoringSSL and
>> LibreSSL's ISC license instead to facilitate code sharing (patent
>> grant is already explicitly spelled out in the CLAs). But perhaps
>> there are good news coming on that front. :-)
>
> I have no idea if the patent grant in the CLA is good enough, that
> would only cover people that contribute code.
>
>> ...Anyway, my point is, that from my perspective, with the information
>> I am privy to, it seems to me there are -- sadly -- still cases where
>> it might be necessary to dynamically load OpenSSL in Qt, even with
>> OpensSSL 1.1.
>
> I don't think the 1.1 version will already be under the new
> license.  We still have many people to contact for this to happen.

Thanks for the update, Kurt. Much appreciated!

Also, the code sharing aspect is more complex than I had anticipated
in my previous message, because of the presence of a CLA -- so feel
free disregard (some of) my blabbering. ;-)



More information about the Pkg-openssl-devel mailing list