1. Forum
  2. Usenet
  3. LINUX.DEBIAN.LEGAL

  • GPL-2-only packages using GPL-3+ readline

    From Bastian Germann@21:1/5 to All on Sat Jan 2 01:10:02 2021
    Hi,

    There are some packages with GPL-2-only licensed binaries that link with
    GPL-3+ licensed libreadline.so.8. I do not know Debian-legal's current interpretation on that matter. The FSF is on the position that a
    derivative work of a GPL-3 work cannot be GPL-2-only licensed: https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility

    The packages in question are the following:

    abook
    bluez
    connman
    devtodo
    maxima
    nftables

    atari800 (see #977654)
    avrdude
    ctsim
    ferret-vis
    grads
    jackd2
    multipath-tools
    omake
    teg

    All packages compile with replacing build-dependency libreadline-dev
    with the orphaned libreadline-gplv2-dev. The second group can also
    build-depend on libeditreadline-dev instead, which links with libedit.
    Both replacements would heal the license issue.

    Thanks for your comments,
    Bastian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Simon McVittie@21:1/5 to Bastian Germann on Sat Jan 2 11:50:02 2021
    On Sat, 02 Jan 2021 at 00:48:43 +0100, Bastian Germann wrote:
    There are some packages with GPL-2-only licensed binaries that link with GPL-3+ licensed libreadline.so.8. I do not know Debian-legal's current interpretation on that matter.

    debian-legal is purely advisory, does not control what is in Debian, and
    does not necessarily contain any actual lawyers. The archive administrators <ftpmaster@debian.org> are the group that controls what is and isn't
    accepted into Debian.

    smcv
    (not a lawyer either)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Scott@21:1/5 to All on Sat Jan 2 11:16:03 2021
    Copy: bastiangermann@fishpost.de (Bastian Germann)

    In general, this license clash doesn't seem to be a strictly downstream issue. Perhaps you should file bugs with the upstream projects to either revise their licensing if they can or explicitly depend on libeditreadline-dev, especially for the projects that fail to build with it.

    I think you would offer more to say on the dilemma than individual package maintainers, unless your findings were machine-driven going off, say, debian/ copyright (then validating the entries could be left up to them).

    In any case I appreciate the digging you've done.

    maxima
    Check the maxima-sage package too; they have their own source package because they need a build with a different Lisp implementation, and splitting into two source packages had proved easier than not.
    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQT287WtmxUhmhucNnhyvHFIwKstpwUCX/CcQwAKCRByvHFIwKst p8eCAP48J851+0byW/MKlGdNNVJaK8jzUTXvMOXRjVdUT1QoBwEAv/N2OcxMd2nv xxC3s+fuBynMxM4a/IdaZZgNPt2VgAo=
    =Kxu+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jim Wright@21:1/5 to All on Sat Jan 2 18:30:03 2021
    --Apple-Mail-7538FA23-925C-4FEE-918F-D0F4F70730E2
    Content-Type: text/plain;
    charset=utf-8
    Content-Transfer-Encoding: quoted-printable

    There are a few lawyers here, myself included, though I’m not sure anyone on list actually has an attorney-client relationship with the distro or its makers (and to be clear, I have no such relationship and nothing I say here should be construed as
    legal advice).

    All of that said, the suggestion to use an older readline version with GPLv2 or GPLv2+ licensing when building with GPLv2-only packages seems appropriate to me.

    Happy New Year everyone!

    Best,
    Jim

    Sent from my iPhone, apologies for misspellings, odd autocorrects, misplaced edits and other randomness.

    On Jan 2, 2021, at 2:48 AM, Simon McVittie <smcv@debian.org> wrote:

    On Sat, 02 Jan 2021 at 00:48:43 +0100, Bastian Germann wrote:
    There are some packages with GPL-2-only licensed binaries that link with
    GPL-3+ licensed libreadline.so.8. I do not know Debian-legal's current
    interpretation on that matter.

    debian-legal is purely advisory, does not control what is in Debian, and
    does not necessarily contain any actual lawyers. The archive administrators <ftpmaster@debian.org> are the group that controls what is and isn't
    accepted into Debian.

    smcv
    (not a lawyer either)


    --Apple-Mail-7538FA23-925C-4FEE-918F-D0F4F70730E2
    Content-Type: text/html;
    charset=utf-8
    Content-Transfer-Encoding: quoted-printable

    <html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">There are a few lawyers here, myself included, though I’m not sure anyone on list
    actually has an attorney-client relationship with the distro or its makers (and to be clear, I have no such relationship and nothing I say here should be construed as legal advice).&nbsp;</span><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
    <br></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">All of that said, the suggestion to use an older readline version with GPLv2 or GPLv2+ licensing when building with GPLv2-only packages seems appropriate to me.</div><div style="caret-
    color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><br></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Happy New Year everyone!</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);"><br></div><div style="caret-color: rgb(0, 0, 0);
    color: rgb(0, 0, 0);">&nbsp;Best,</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">&nbsp; Jim</div><br><div dir="ltr"><div><span style="font-size: 13pt;">Sent from my iPhone, apologies for misspellings, odd autocorrects, misplaced edits
    and other randomness.</span></div></div><div dir="ltr"><br><blockquote type="cite">On Jan 2, 2021, at 2:48 AM, Simon McVittie &lt;smcv@debian.org&gt; wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>On Sat, 02 Jan 2021 at
    00:48:43 +0100, Bastian Germann wrote:</span><br><blockquote type="cite"><span>There are some packages with GPL-2-only licensed binaries that link with</span><br></blockquote><blockquote type="cite"><span>GPL-3+ licensed libreadline.so.8. I do not know
    Debian-legal's current</span><br></blockquote><blockquote type="cite"><span>interpretation on that matter.</span><br></blockquote><span></span><br><span>debian-legal is purely advisory, does not control what is in Debian, and</span><br><span>does not
    necessarily contain any actual lawyers. The archive administrators</span><br><span>&lt;ftpmaster@debian.org&gt; are the group that controls what is and isn't</span><br><span>accepted into Debian.</span><br><span></span><br><span> &nbsp;&nbsp;&nbsp;smcv</
    span><br><span> &nbsp;&nbsp;&nbsp;(not a lawyer either)</span><br><span></span><br></div></blockquote></body></html>
    --Apple-Mail-7538FA23-925C-4FEE-918F-D0F4F70730E2--

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Francesco Poli@21:1/5 to All on Wed Jan 6 17:30:02 2021
    On Sat, 02 Jan 2021 11:16:03 -0500 John Scott wrote:

    In general, this license clash doesn't seem to be a strictly downstream issue.

    Well, in my own personal opinion, it is also (if not mainly) an issue
    for anyone who distributes prebuilt binaries linked with the
    incompatible library...
    Hence, I think it is indeed a downstream issue (too)...

    Perhaps you should file bugs with the upstream projects to either revise their
    licensing if they can or explicitly depend on libeditreadline-dev, especially
    for the projects that fail to build with it.

    ...although I agree that each of these issues is best resolved
    upstream, if possible.


    I think that the possible suggestions for the upstream developers (or,
    if all else fails, for the Debian package maintainers) should be one of
    the following alternatives (in descending order of preference):

    a) port the program to a GPLv2-compatible readline replacement (such
    as libedit or similar, possibly by using a shim library such as
    libeditreadline)

    b) re-license the program from GPLv2-only to GPLv2-or-later

    c) disable any link with readline and make do without command
    editing/history (which is not great, but it could be necessary in
    some cases)

    d) build the program by linking with an old
    GPLv2-compatible version of readline

    Please note that the drawbacks of option c could be mitigated by using
    wrappers such as rlwrap or rlfe...


    [...]
    In any case I appreciate the digging you've done.

    +1


    --
    http://www.inventati.org/frx/
    There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
    GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAl/15BwACgkQPhwn4R9p v/7SqRAAkbry4Ny7d4laDehbd5acTOgtT34dqtisXs2rKcJXqozEmuS5QLzfb+8O VHffv5b2Hg8z/1Pz64J63q9HcCJk1iaT987s0jUFwKZvxJuNmtj5avLApFQgrkPA qj3j7+t1hXz+O+Qcjw5FrtGyDGdjgFrdJHmctU9TpZmqM1y6JhD2maDgEepZyXhK /SuB8ZlNxbs4Q9rk3P3woxbX9L8k9VFMkKKTCCXdKOq1RInDpZWwfjdXAxcbOD/R yba99TBORmcbqHbuyH5iyCzHFZHKqZL4Vj3IQMAn9ZVMHqvzQPl/DAFjHeURkLIM Nw+m5624WcdITGyDPA+EDUpGj+30fpdazbD+raIijzWpJB1SlQQrgnib46Fa2faS QWNnablIZQy7xGFhNplgstjKJ9DGmkhMb+wpgEchnhKDZsuC0EAE6dpRKp31SRXq BS8GX7R4gdoK+lnTQhDKCYGg91GNB3h1SUm4y7J4sLZMZbQCfbsCxIS0d0MK2AT8 lK5LDq65jPtuhIXb6wPSbfQ+gnUEegEetaoXKta7RKG+igdr7CvWYhEkjuZ3p5c4 4uKWW358mTus0d2oru+2Q8RVcrdzbdC/nm5UFKEt71cVok5x6m/6zWHICJDE8jJ7 pk9ERz5E2AMSz4kp+hjFIuHYAcM9LWto