I'd seen this licensing issue mentioned briefly before, but now I
actually understand what's going on. Thanks for explaining it in detail.
Good to know there's 2 paths moving along to solve the distro problem. I
feel more confident in moving forward with my little project now that I
know it's only going to be a temporary annoyance to recompile.
Thanks everyone who answered.
TB
On 16/05/2016 7:25 PM, Amos Jeffries wrote:
What is being attempted above is not a GPL violation AFAIK. So long as
the Squid ./configure && make system is used to construct the binary and
Squid source is not altered in any way by the builder.
* GPL permits linking against OpenSSL because both softwares sources are
available publicly.
* It is GPL violation to distribute the OpenSSL and Squid sources
together as parts of someting else. In source form.
Thus distributors like Diladele can provide binary-only formats with no
source changes to Squid or OpenSSL.
Each component of the offering is publicly available (GPL compliant)
and the pieces of OpenSSL, Squid and the packaging source code are
distributed via separate channels (OpenSSL compliant).
Debian and Ubuntu distribute sources of all binaries as part of their OS
repository. The very act of adding package install scripts causes the
issue here. The repository would contain all of Squid + OpenSSL +
packaging scripts source code.
But, but, but....
* It is OpenSSL violation to distribute any binary that does not
advertise OpenSSL usage. In the binary outputs, even those not using
OpenSSL logic (Ouch!). Unless the OS provides the library as part of its
core system.
Debian and Ubuntu use GnuTLS as the system preferrd library. OpenSSL
license not being GPL compliant also makes it not DFSG compliant and so
not part of the core OS repository. It and anything using it are in the
non-free optional extras repository instead.
There are some suggestions to build and put a version of Squid in
there. But that still collides with the previous GPL issue about sources
being together in the repo.
Adding advertising clauses in the way required by OpenSSL would make
Squid binaries no longer be GPL compliant unless we got explicit written
permission from everyone who contributed patches. A lot of contributors
have long-dead emails, requested anonimity or some in fact are now
physically deceased. So we are stuck at our end as well even with that.
I am working on GnuTLS support as a side project, and the OpenSSL people
are apparently working on fixing their license to be GPL compliant. It
is a lot of work and going quite slow on both fronts. You can see some
of my work reflected in the squid.conf changes of Squid-4, and the
latest Debian/Ubuntu squidclient packages :-)
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users