On 11/20/2013 09:48 PM, Tom Callaway wrote:
On 11/19/2013 02:11 PM, Florian Weimer wrote:
> What's Fedora's stance on linking GPL-only libraries into the same
> process as a library which is considered GPL-incompatible (such as
> 4-clause BSD) if this linking happens rather indirectly?
> We currently link psql against both libreadline and libcrypto/libssl
> (OpenSSL), so if that is okay, more indirect linking should be
> acceptable as well.
> However, I'm not sure I'd appreciate that if I were a GPL-only library
> author who chose that license deliberately (perhaps even with a desire
> to sell alternative licensing), and some intermediate libraries makes my
> work available under a more permissive license, only wrapped in a
> different programming interface.
For OpenSSL, we consider that a system library, so the point is somewhat
irrelevant in that case.
That's a refreshingly different approach which certainly simplifies
However, to your larger point, we are not concerned with indirect
linking like you describe. We are primarily focused with the direct
linking case, though, if there was an egregious case of a shim intended
to circumvent that, we'd revisit that on a case-by-case basis.
What's the procedure for resolving such potential issues? Post it here
and ask for advice?
With Fedora's system library exception, that should never be an issue
for Fedora itself, but downstream users might be led to assume that the
license of a particular library is more permissive than it actually is.
Florian Weimer / Red Hat Product Security Team