lftp: linked against libssl

Am Montag, den 18.04.2005, 12:42 +0200 schrieb Bartosz Fenski aka fEnIo:

Hello Bartosz,

> lftp seems to be linked with OpenSSL library being at the same time GPLed.
>
> These are not compatible licenses and you should either use some GPLed
> crypto library or ask authors to add exception about OpenSSL.

Yes you are right. I will talk with the author about the exception which
I forgot.

--
Noèl Köthe <noel debian.org>

tags 305160 + upstream confirmed
forwarded 305160 http://www.mail-archive.com/lftp%40uniyar.ac.ru/msg02012.html
thanks

Am Montag, den 18.04.2005, 12:42 +0200 schrieb Bartosz Fenski aka fEnIo:
> Package: lftp
> Version: 3.1.2-1
> Severity: serious
> Justification: unknown
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello.
>
> lftp seems to be linked with OpenSSL library being at the same time GPLed.

--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

Source: lftp
Source-Version: 3.1.3-1

We believe that the bug you reported is fixed in the latest version of
lftp, which is due to be installed in the Debian FTP archive:

lftp_3.1.3-1.diff.gz
  to pool/main/l/lftp/lftp_3.1.3-1.diff.gz
lftp_3.1.3-1.dsc
  to pool/main/l/lftp/lftp_3.1.3-1.dsc
lftp_3.1.3-1_i386.deb
  to pool/main/l/lftp/lftp_3.1.3-1_i386.deb
lftp_3.1.3.orig.tar.gz
  to pool/main/l/lftp/lftp_3.1.3.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Noèl Köthe <email address hidden> (supplier of updated lftp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 28 Apr 2005 18:11:59 +0200
Source: lftp
Binary: lftp
Architecture: source i386
Version: 3.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Noèl Köthe <email address hidden>
Changed-By: Noèl Köthe <email address hidden>
Description:
 lftp - Sophisticated command-line FTP/HTTP client programs
Closes: 305160
Changes:
 lftp (3.1.3-1) unstable; urgency=medium
 .
   * new upstream from 2005-04-15
   * disabled ssl support because of license problem. See:
     http://bugs.debian.org/305160
     http://www.mail-archive.com/lftp%40uniyar.ac.ru/msg02012.html
     http://www.openssl.org/support/faq.html#LEGAL2
     http://www.gnome.org/~markmc/openssl-and-the-gpl.html
     If the author add the needed exception to allow to link
     against openssl it will be enabled again.
     Better a lftp without ssl than no lftp in sarge.
     (closes: Bug#305160)
Files:
 8312cfef4e1b21ea083ee658d395dd95 598 net optional lftp_3.1.3-1.dsc
 ad35c121c456be9f0796f84075dda9f2 1675312 net optional lftp_3.1.3.orig.tar.gz
 375d01328a87cea02031b74af05db49c 9837 net optional lftp_3.1.3-1.diff.gz
 236c5045f57c985874754e718c0472ca 532044 net optional lftp_3.1.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCcNPd9/DnDzB9Vu0RAv9lAJwJgcaaeR5GtKk7hxG6nm2zWZ0oQwCfXlaH
ae5fNZo4mQ/YT8avI8TqfCc=
=P1ny
-----END PGP SIGNATURE-----

SSL support was removed in the previous lftp version, because of a
license problem with openssl.

But at the end of the README of lftp the author says explicitly :

"In addition, as a special exception, permission is given to link the
code of this release of lftp with the OpenSSL project's "OpenSSL"
library (or with modified versions of it that use the same license as
the "OpenSSL" library), and distribute the linked executables. You
must obey the GNU General Public License in all respects for all of
the code used other than "OpenSSL". If you modify this file, you may
extend this exception to your version of the file, but you are not
obligated to do so. If you do not wish to do so, delete this exception
statement from your version."

The maintainer of msmtp keeps the ssl support (Bug #305159), he just
includes proper information in /usr/share/doc/<package>/copyright.

Could you please re-enable ssl support in lftp ?

Is this bug the reason why lftp was removed from sarge ?

Regards,

Guillaume Morin

Am Samstag, den 14.05.2005, 10:39 +0000 schrieb Guillaume Morin:
> SSL support was removed in the previous lftp version, because of a
> license problem with openssl.

Yes. This is right.

> But at the end of the README of lftp the author says explicitly :
>
> "In addition, as a special exception, permission is given to link the
> code of this release of lftp with the OpenSSL project's "OpenSSL"
> library (or with modified versions of it that use the same license as
> the "OpenSSL" library), and distribute the linked executables. You
> must obey the GNU General Public License in all respects for all of
> the code used other than "OpenSSL". If you modify this file, you may
> extend this exception to your version of the file, but you are not
> obligated to do so. If you do not wish to do so, delete this exception
> statement from your version."

Hmm, I'm confused. Its not included in the COPYING file and upstream
answered me he could not include it:

http://www.mail-archive.com/lftp%40uniyar.ac.ru/msg02022.html

> The maintainer of msmtp keeps the ssl support (Bug #305159), he just
> includes proper information in /usr/share/doc/<package>/copyright.
>
> Could you please re-enable ssl support in lftp ?

I cann and will reenable it if the license question is clear.

> Is this bug the reason why lftp was removed from sarge ?

Yes.

--
Noèl Köthe <noel debian.org>