On Wed, Feb 19, 2020 at 06:49:07PM -0500, Jes Sorensen wrote:
> > We'd also need to follow shared library best practices like compiling with
> > -fvisibility=hidden and marking the API functions explicitly with
> > __attribute__((visibility("default"))), and setting the 'soname' like
> > -Wl,-soname=libfsverity.so.0.
> >
> > Also, is the GPLv2+ license okay for the use case?
>
> Personally I only care about linking it into rpm, which is GPL v2, so
> from my perspective, that is sufficient. I am also fine making it LGPL,
> but given it's your code I am stealing, I cannot make that call.
>
Hi Jes, I'd like to revisit this, as I'm concerned about future use cases where
software under other licenses (e.g. LGPL, MIT, or Apache 2.0) might want to use
libfsverity -- especially if libfsverity grows more functionality.
Also, fsverity-utils links to OpenSSL, which some people (e.g. Debian) consider
to be incompatible with GPLv2.
We think the MIT license (https://opensource.org/licenses/MIT) would offer the
most flexibility. Are you okay with changing the license of fsverity-utils to
MIT? If so, I'll send a patch and you can give an Acked-by on it.
Thanks!
- Eric
|