On Thu, Dec 2, 2010 at 8:57 AM, Laszlo Boszormenyi <gcs@xxxxxxxxx> wrote: > Hi Clint, > > On Wed, 2010-12-01 at 23:19 -0800, Clint Byrum wrote: >> On Thu, 2010-12-02 at 01:30 +0100, Laszlo Boszormenyi wrote: >> Essentially, as long as the files don't have a license that conflicts >> with COPYING, then there's no need for a license header. > Got a confirmation from an FTP Assistant, Mike O'Connor; he says > exactly the same. "Its not required, for instance, that every > single .h .c file etc have a license information, as long as it can be > reasonably assumed that we know the copyright holders' intention. When > the upstream author says "i'm the copyright holder for everything in the > src directory, and its distributable under the LGPL, we'll assume this > to be correct unless there is something that indicates otherwise." > I just have a memory that recently a package was rejected due to this, > but I assume it neither had the license information in > debian/copyright . > >> Laszlo, I did a thorough review of the licensing before working to get >> ceph uploaded to Ubuntu, but I wasn't aware of the incompatibility >> between the GPL/LGPL and OpenSSL. This page details it pretty well: >> >> http://people.gnome.org/~markmc/openssl-and-the-gpl.html > Please note two things. First is the bottom line of the page which > says: "Usual disclaimers apply, I've no legal background whatsoever, > don't trust a word I say ... I'm quite probably completely wrong." and > it was written in 2004. More recently, three months ago a bug was > filed[1] in Debian that states there's indeed a need for that license > exception for a GPL programs. > On the other hand, yes, I do realize that ceph is mostly LGPL which may > or may not need this exception. Just found a conversation on > debian-legal, where the second message[2] states: "There is no need for > an OpenSSL exception for a LGPL-licensed work."; thus I'm ready to > upload ceph as soon as the two missing manpages are written. > >> Also Sage, if the other authors (or you) are not comfortable with the >> OpenSSL advertising clause, there's always GNUTLS which exists in large >> part to address this sort of thing. > Rewrite the SSL part may not be that easy, but see above that it seems > it's not needed for LGPL sources. I removed all the openssl references in the ceph code and replaced it with crypto++, so hopefully all this discussion is now moot. It's all pushed to the ceph rc branch. I tried using gnutls, but it didn't quite fit ceph's needs (only requires a few lower level crypto functions and it seems that gnutls hasn't exported those up until recently or at least I haven't found an easy way to do this). IANAL but for my untrained eyes the crypto++ seems ok in terms of GPL compatibility. Although most of ceph's code is LGPL, we do have a couple of utilities that are licensed as GPL and might pose a license conflict, so removing openssl seems the best road to choose. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
