cryptlib has entered rawhide and is licensed under the Sleepycat license (among other things).
Historically, the Sleepycat license was deemed compatible with the GPL, version 2, because it was another (soft) copyleft license.
However, I'm not so sure if this is true for GPL, version 3. The Sleepycat license implements copyleft like this:
“ 3. Redistributions in any form must be accompanied by information on how to obtain complete source code for the cryptlib software and any accompanying software that uses the cryptlib software. The source code must either be included in the distribution or be available for no more than the cost of distribution, and must be freely redistributable under reasonable conditions. For an executable file, complete source code means the source code for all modules it contains or uses. […] ”
The above appears to be a further restriction on top of the GPL, version 3, which gives this permission:
“ You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. ”
I think it is impossible to grant a downstream user these additional permissions if the combined work also needs to comply with the Sleepycat license.
Should https://fedoraproject.org/wiki/Licensing:Main be updated to state that the Sleepycat license is only compatible with the GPL, version 2?
Thanks, Florian
On Mon, Jul 04, 2016 at 08:27:55AM +0200, Florian Weimer wrote:
Historically, the Sleepycat license was deemed compatible with the GPL, version 2, because it was another (soft) copyleft license.
However, I'm not so sure if this is true for GPL, version 3. The Sleepycat license implements copyleft like this:
“ 3. Redistributions in any form must be accompanied by information on how to obtain complete source code for the cryptlib software and any accompanying software that uses the cryptlib software. The source code must either be included in the distribution or be available for no more than the cost of distribution, and must be freely redistributable under reasonable conditions. For an executable file, complete source code means the source code for all modules it contains or uses. […] ”
The above appears to be a further restriction on top of the GPL, version 3, which gives this permission:
“ You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. ”
I think it is impossible to grant a downstream user these additional permissions if the combined work also needs to comply with the Sleepycat license.
I think the question comes down to whether source code that is subject to the kind of contract contemplated in the quoted language of GPLv3 section 2 is "freely redistributable under reasonable conditions". In particular are the contemplated restrictions on distribution of trade secret modifications by a contractor "reasonable conditions" on the free redistribution of the source code actually given to the contractor?
I don't recall addressing Sleepycat/GPLv3 compatibility before but I'm inclined to say "by default, no". Here, though, you have a developer who has evidently continued to put cryptlib under a Sleepycat-like license continuously even after the introduction of GPLv3, with a continued insistence on that license being GPL-compatible in an obvious attempt to benefit from such a characterization. As such I think for purposes of cryptlib the license should be interpreted in such a way that it does not give rise to a conflict with GPLv3.
Richard