Mail Notification

Bug #44335
Comment #42

Comment 42 for bug 44335

Revision history for this message

Jean-Yves Lefort (jylefort) wrote on 2008-05-25: Re: [Bug 44335] Re: IMAP/POP3+SSL/TLS are disabled

#42

On Sun, 25 May 2008 02:44:03 -0000
Peter Clifton <email address hidden> wrote:

> On Sun, 2008-05-25 at 00:30 +0000, Jean-Yves Lefort wrote:
> > Distributors: please do not ship a MN package with this patch applied.
> > Its quality is rather questionable, and I do not want my reputation to
> > be damaged by it.
>
> Is there going to be upstream support for GnuTLS?

There is no point. The Debian interpretation [1] is simply wrong, as
clearly hinted by the fact that no other vendor seems to adhere to it,
and as I am going to demonstrate below.

Debian believes that these two OpenSSL licensing clauses conflict with
the GPL:

* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"

According to Debian, "these clauses impose restrictions on people
wishing to distribute your program". If this was the case, MN (or any
other GPL program linking against OpenSSL) would be infringing the
OpenSSL license, since it does not display the mandatory
acknowledgement:

"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

This acknowledgement makes it particularly clear that the two OpenSSL
clauses apply to work which includes OpenSSL source code, NOT to work
which merely links against the OpenSSL library. Does MN include
"software developed by the OpenSSL project"? No. Why should it display
an acknowledgement stating that it "includes software developed by the
OpenSSL project" when in fact it does not?

In other words, if the Debian interpretation was correct, Debian would
currently be deliberately violating the OpenSSL licensing terms by
shipping hundreds of packages which are linked against OpenSSL but do
not include the mandatory acknowledgement.

[1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html

--
Jean-Yves Lefort <email address hidden>

On Sun, 25 May 2008 02:44:03 -0000
Peter Clifton <pcjc2@cam.ac.uk> wrote:

> On Sun, 2008-05-25 at 00:30 +0000, Jean-Yves Lefort wrote:
> > Distributors: please do not ship a MN package with this patch applied.
> > Its quality is rather questionable, and I do not want my reputation to
> > be damaged by it.
> 
> Is there going to be upstream support for GnuTLS?

There is no point. The Debian interpretation [1] is simply wrong, as
clearly hinted by the fact that no other vendor seems to adhere to it,
and as I am going to demonstrate below.

Debian believes that these two OpenSSL licensing clauses conflict with
the GPL:

* 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

* 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

"This product includes software developed by the OpenSSL Project
   for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

[1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html

-- 
Jean-Yves Lefort <jylefort@brutele.be>