[Gajim-devel] Licence incompatibility -- GPL and OpenSSL

Jonathan Schleifer js-gajim at webkeks.org
Tue Jan 27 15:08:57 CET 2009

Am 27.01.2009 um 14:56 schrieb Yavor Doganov:

> On Tue, Jan 27, 2009 at 02:48:45PM +0100, Jonathan Schleifer wrote:
>> We do not ship with py-OpenSSL.
>> We do not include any of the code from py-OpenSSL.
> I never said you did.

Then I fail to see the problem.

>> I don't see where we are violating any license.
> You are violating your own license, the GPL.

I am where? Where do we distribute something that includes non-GPL  
code? Neither our source, nor our binaries include non-GPL code.

>> OpenSSL is loaded at runtime, but GPL doesn't cover which code is
>> allowed to be run in memory,
> Please.  All libraries you link against should be under a GPL- 
> compatible
> license.  The fact that you link with libssl via a python wrapper does
> not alleviate that.

We only combine our code with OpenSSL's code in memory. This is  
perfectly legal, as the GPL only covers _DISTRIBUTION_. It's a license  
about _DISTRIBUTION_, _NOT_ about usage. That's why it's a  
_DISTRIBUTION_ license and not an EULA.

>> Additionally, GPL explicitely allows "mere aggregation", so even our
>> Windows binaries are no
> This is not about mere aggregation at all.

It is, because all we do with the Windows binaries is have the OpenSSL  
DLLs included, which are loaded at runtime. So we do _NOT_ distribute  
any combined work. It is combined in memory. This is not covered by  
the GPL at all. Because GPL allows mere aggregation, it is allowed to  
include non-GPL'd stuff in the distribution set.

>> http://groups.google.com/group/comp.lang.python/msg/29c7588fbecproblem 
>> ,
>> as OpenSSL is a separate DLL which is loaded at runtime.
> The link doesn't work for me

Yup, I broke it on pasting, see my second mail.

> but the situation on POSIX systems is the
> same -- when you do "import OpenSSL.SSL" and then use OpenSSL
> facilities, they don't come from PyOpenSSL's independent SSL
> implementation (as there isn't any), they come from libssl.  So  
> the .so
> is loaded at runtime as well.

Right, it is loaded at runtime. So the combined work is created at  
_RUNTIME_, and _NOT_ at distribution. This isn't covered by the GPL at  
all. It doesn't say a single word that it's forbidden to combine GPL'd  
and non-GPL'd code in RAM.


-------------- n?chster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : PGP.sig
Dateityp    : application/pgp-signature
Dateigröße  : 801 bytes
Beschreibung: Signierter Teil der Nachricht
URL         : <http://www.lagaule.org/pipermail/gajim-devel/attachments/20090127/d44e4a0a/attachment.pgp>

More information about the Gajim-devel mailing list