On Sat, Mar 25, 2017 at 10:11 PM, Theodore Ts'o <tytso@xxxxxxx> wrote: > On Sat, Mar 25, 2017 at 06:51:21PM +0100, Ęvar Arnfjörš Bjarmason wrote: >> In GPLv3 projects only, not GPLv2 projects. The paragraphs you're >> quoting all explicitly mention v3 only, so statements like >> "incompatible in one direction" only apply to Apache 2 && GPLv3, but >> don't at all apply to GPLv2, which is what we're using. > > It's complicated. > > It's fair enough to say that the FSF adopts a copyright maximalist > position, and by their interpretation, the two licenses are > incompatible, and it doesn't matter whether the two pieces of code are > linked staticaly, dynamically, or one calls the other over an RPC > call. > > Not everyone agrees with their legal analysis. May I suggest that we > not play amateur lawyer on the mailing list, and try to settle this > here? Each distribution can make its own decision, which may be based > on its legal advice, the local laws and legal precedents in which they > operate, etc. And indeed, different distributions have already come > to different conclusions with respect to various license compatibility > issues. (Examples: dynamically linking GPL programs with OpenSSL > libraries under the old license, distributing ZFS modules for Linux, > etc.) > > We don't expect lawyers to debug edge cases in a compiler's code > generation. Programmers shouldn't try to parse edge cases in the law, > or try to use a soldering iron, unless they have explicit training and > expertise to do so. :-) Yeah fully agree with the internet lawyering. I'm not looking for that, just seeing if someone knows if this might be an issue for at least some distros, then it's something for us to keep an eye on if OpenSSL's license changes, and a sane default for us to adopt might be to e.g. require that some flag be passed to the Makefile declaring "yes I'm OK with combining AL2 + GPLv2" if the OpenSSL version is newer than so-and-so.