[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openssl is now a dependency of guix: possible license conflict?
|
From: |
Mark H Weaver |
|
Subject: |
Re: openssl is now a dependency of guix: possible license conflict? |
|
Date: |
Wed, 16 Aug 2017 22:29:57 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hi Alex,
Alex Vong <address@hidden> writes:
> Recently, guix changes to use guile-git for 'guix pull', which is a
> libgit2 binding for guile, while libgit2 itself uses openssl to talk
> over https.
>
> Now the potential problem is that guix is licensed in gpl3+ while
> openssl is licensed in openssl. It is well-known the two licenses have
> incompatibility disallowing one from distributing the result of linking
> a gpl program with openssl[0].
Thanks for bringing this to our attention. I looked into this, and it
turns out that Debian's libgit2 package no longer depends on OpenSSL:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798421
libgit2 can use libcurl for HTTPS support, in which case it does not
need OpenSSL. Our libcurl already uses GnuTLS instead of OpenSSL. So,
I expect this issue can be easily resolved. I'll work on it.
Thanks,
Mark