[Pkg-openssl-devel] How Debian ensures that Openssl Apache2.0 license does not link to GPL2.0 licensed modules
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Thu Feb 16 20:19:42 GMT 2023
On 2023-02-13 10:52:43 [+0530], Muhammad Yaaseen wrote:
> Hi,
Hi,
> I see that Apache2.0 and GPL2.0 licenses cannot co-exist within a
> process address space.
>
> In bookworm, OpenSSL 3.0.7 is Apache2.0 licensed. How does debian
> ensure that none of its packages are linking to both Openssl and
> GPL2.0 licensed libraries at the same time?
The individual downstream package maintainer need to ensure not to link
against OpenSSL if it would violate the license.
There are two things you should keep in mind:
- prio the Apache license OpenSSL use a custom license the so called
"dual OpenSSL and SSLeay license". This was also considered
incompatible with GPLv2 and therefore GPLv2 programs had a "OpenSSL
exception". Due to the wording in the exception it considered to be
compatible with Apache 2 license.
https://en.wikipedia.org/wiki/OpenSSL#Licensing
- OpenSSL is considered a system library.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924937#105
https://www.gnu.org/licenses/gpl-faq.en.html#SystemLibraryException
> Regards
> Yaaseen
Sebastian
More information about the Pkg-openssl-devel
mailing list