Bug#747031: fixed in python-debian 0.1.22
Stuart Prescott
stuart at debian.org
Fri Jun 13 14:00:27 UTC 2014
Hi John,
> > I'm quite unconvinced by the argument that a GPL'd script can't import
> > hashlib; I think GPLv3 is quite clear that "hashlib" is a Standard
> > Interface of the Python programming language and that making use of it
> > is fine; the language is less precise for GPLv2 but I still don't think
> > there's a problem there. There are plenty of other GPL'd things in
> > Debian that "import hashlib" and I don't think anyone's interested in
> > working on this.
>
> I actually am convinced by the debian-legal argument that the exception
> doesn't apply for Debian (because Debian distributes both OpenSSL and
> python-debian),
Saying that it is a Standard Interface (in GPLv3 speak) is not the same as the
system library exception which has been widely discussed for GPLv2. The system
library exception from GPLv2 is couched in terms of whether the objects are
distributed together which is why Debian has taken the position that an OS
distributor (like Debian) can't make use of the system library exception. The
Standard Interface description contains no such restrictions.
| A “Standard Interface” means an interface that either is an official standard
| defined by a recognized standards body, or, in the case of interfaces
| specified for a particular programming language, one that is widely used
| among developers working in that language.
hashlib meets that definition as being specified by the python programming
language. It's also no different to people writing GPL'd code in C# or VB.net
and making use of some of the non-free but standard interfaces in those
languages.
> but the alternative to this hacky crap is to modify our
> own license to allow linking with OpenSSL. Which honestly is probably
> not too hard since there were only a handful of contributors to
> python_support.py.
It would be easy to do (yes, I did look at git history to see how many people
have touched it a couple of weeks ago) but I don't think it really helps.
Relicensing would only shift the problem on to anything that makes use of
python-debian -- if we were to accept that hashlib and GPL'd python-debian
were incompatible, then GPL'd stuff would also not be able to import
debian_support for the same reasons.
cheers
Stuart
--
Stuart Prescott http://www.nanonanonano.net/ stuart at nanonanonano.net
Debian Developer http://www.debian.org/ stuart at debian.org
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
More information about the pkg-python-debian-maint
mailing list