Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CUPS license upgrade to GPLv2+ ? #4337

Closed
michaelrsweet opened this issue Jan 13, 2014 · 2 comments

Comments

Projects
None yet
1 participant
@michaelrsweet
Copy link
Collaborator

commented Jan 13, 2014

Version: 1.7.1
CUPS.org User: odyx

Hi Michael,

I know this is quite a sensitive topic but I thought asking in public wouldn't hurt�

While we were discussing how Debian would handle the license-wise impossibility to build CUPS against 3.x GnuTLS versions on the thread starting on https://lists.debian.org/debian-devel/2014/01/msg00205.html , Daniel Kahn Gillmor suggested to ask CUPS' upstream to relicense it under GPLv2+, so here I am.

Licensing CUPS under GPLv2+ would allow linking it against 3.x GnuTLS versions which are incompatible with GPL-2-only softwares because libgmp is licensed in LGPLv3+. On the other hand, while CUPS does have an OpenSSL exception to its GPLv2 license, many software out there is licensed without this exception, forbidding the linking of these against libcups2 if it links with OpenSSL.

See https://lists.debian.org/debian-devel/2013/12/msg00329.html for the start of thread discussing the status of GnuTLS in Debian.

Without a licensing of CUPS compatible with GnuTLS 3.x (in fact, with GNU MP), the situation essentially boils down to either:
a) keep linking CUPS with the deprecated GnuTLS 2.x and hope it stays around;
b) link CUPS with OpenSSL and ask all software upstreams linking against libcups2 (and the software that link against them) to change their licenses to accept an (indirect) linking against OpenSSL;
c) disable CUPS's TLS support entirely.

None of these are really acceptable (or event doable in the case of b) in my opinion; so here I am asking Apple for a license upgrade of CUPS to GPLv2+. We will likely also ask GNU MP to revert their license upgrade, which would also solve this problem.

As mentionned in introduction, I very much understand the sensitivity of this topic and would perfectly understand an expeditive answer.

With my best regards,

Didier Raboud

@michaelrsweet

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 13, 2014

CUPS.org User: mike

Didier,

We cannot, for a number of legal and (Apple) liability reasons, relicense CUPS as [L]GPL2+. It will never happen.

OpenSSL support has been removed from the CUPS 2.0 source code and is not an option.

That leaves you with using GnuTLS ([L]GPL2/3) or porting Apple's CDSA/Security code (Apache license), although the Apache license may not be GPL3 compatible according to the FSF. Given that GnuTLS is included with basically every Linux distribution as a standard OS component, it SHOULD automatically fall under the [L]GPL2/3 exception for system libraries (just as OpenSSL should have fallen under the same exception...) If not, then I humbly suggest you talk to the FSF.

@michaelrsweet

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 14, 2014

CUPS.org User: odyx

Many thanks for the clear public answer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.