Discussion:
Q to the candidates: GPLv2 system library exception
Florian Weimer
2017-03-29 18:38:29 UTC
Permalink
The GPLv2 contains a system library exception. This enables
proprietary operating systems (such as Solaris or Windows) to
distribute GNU software linked against proprietary libraries
(including the system libc and other compiler support libraries),
something the GPLv2 would not otherwise allow because full machine
readable source code for the executable cannot be provided.

Historically, Debian has assumed that unlike proprietary operating
systems, it cannot use the system library exception in the GPLv2 to
permit linking against libraries part of Debian which are licensed in
a way that is not compatible with the GPLv2. This position is
somewhat unique among free software distributions, and is not fully
enforced within Debian, either. We currently distribute GPLv2
software in such away that we apparently invoke the system library
exception to avoid a GPL violation.

In the past, the most prominent example was OpenSSL. (The OpenSSL
relicensing in progress will not substantially alter this situation
because the new license is still incompatible with the GPLv2.) Today,
the more pressing example is libgcc (the compiler support library part
of GCC), which was upgraded to the GPLv3 some time ago. libgcc is
mandatory on some architectures, but the GPLv3 is incompatible with
the GPLv2 (under which important software such as Git and OpenJDK are
released). It is unclear whether the GCC run-time library exception
restores GPLv2 compatibility.

For OpenSSL, we obtained permission to link against OpenSSL from many
upstream projects. But for libgcc, that seems rather excessive.

Do you think this situation needs addressing? What do you propose do
about it? Do you think the way the ZFS situation was resolved could
be an example?

(Question as suggested by Moritz Mühlenhoff in
<***@inutil.org> on debian-devel.)
Chris Lamb
2017-03-29 19:33:57 UTC
Permalink
Dear Florian,
Post by Florian Weimer
the more pressing example is libgcc (the compiler support library part
of GCC), which was upgraded to the GPLv3 some time ago. libgcc is
mandatory on some architectures, but the GPLv3 is incompatible with
the GPLv2 (under which important software such as Git and OpenJDK are
released). It is unclear whether the GCC run-time library exception
restores GPLv2 compatibility.
Thank you for bringing up this important issue; these complicated
issues of GPL compliance are not as widely known as they should be.

My response as DPL candidate is that whilst I would agree that the
situation needs addressing in some way, I don't believe any decision
should fall under the scope or influence of a Project Leader, modulo
ensuring that any discussion does not get "stuck" or to act as
liason with outside parties for their expertise, experience or opinion.

(Indeed, I would worry that expressing my "personal" opinion on this
particular issue in the context of -vote would be misleading at best
and possibly even counterproductive. I hope this doesn't come across
as evasive.)


Regards,
--
,''`.
: :' : Chris Lamb
`. `'` ***@debian.org / chris-lamb.co.uk
`-
Florian Weimer
2017-03-29 19:59:11 UTC
Permalink
Post by Chris Lamb
Dear Florian,
Post by Florian Weimer
the more pressing example is libgcc (the compiler support library part
of GCC), which was upgraded to the GPLv3 some time ago. libgcc is
mandatory on some architectures, but the GPLv3 is incompatible with
the GPLv2 (under which important software such as Git and OpenJDK are
released). It is unclear whether the GCC run-time library exception
restores GPLv2 compatibility.
Thank you for bringing up this important issue; these complicated
issues of GPL compliance are not as widely known as they should be.
My response as DPL candidate is that whilst I would agree that the
situation needs addressing in some way, I don't believe any decision
should fall under the scope or influence of a Project Leader, modulo
ensuring that any discussion does not get "stuck" or to act as
liason with outside parties for their expertise, experience or opinion.
The DPL could approve funds to obtain qualified external advice. I
think this is what happened with ZFS (scroll to the end):

<https://lists.debian.org/debian-devel-announce/2015/04/msg00006.html>

Would you consider the issue important enough to allocate the
necessary funds?
Chris Lamb
2017-03-29 21:17:01 UTC
Permalink
Hi Florian,
Post by Florian Weimer
modulo ensuring that any discussion does not get "stuck" or to act
as liason with outside parties
[…]
Post by Florian Weimer
Would you consider the issue important enough to allocate the
necessary funds?
Yes, given a) the case for requiring counsel is reasonably well-made
and b) the amounts are sensible.


Regards,
--
,''`.
: :' : Chris Lamb
`. `'` ***@debian.org / chris-lamb.co.uk
`-
Mehdi Dogguy
2017-03-30 00:59:41 UTC
Permalink
Post by Florian Weimer
Do you think this situation needs addressing? What do you propose do
about it? Do you think the way the ZFS situation was resolved could
be an example?
I am not an expert in licensing issues but it is quite easy to ask advice
from specialists on this matter and I'd approve spending necessary funds
to get qualified advice, of course. We already have an agreement with
Conservancy which allows us to ask them to work some limited amount of
time on a specific subject each month. We can start by doing that to
evaluate the complexity of the subject and discuss with them how we can
analyze this issue.

(I'll contact you off-list to initiate that and see how we can work on
this subject)
--
Mehdi
Ian Jackson
2017-03-30 14:14:37 UTC
Permalink
Post by Mehdi Dogguy
Post by Florian Weimer
Do you think this situation needs addressing? What do you propose do
about it? Do you think the way the ZFS situation was resolved could
be an example?
I am not an expert in licensing issues but it is quite easy to ask advice
Post by Florian Weimer
from specialists on this matter and I'd approve spending necessary funds
to get qualified advice, of course. We already have an agreement with
Conservancy which allows us to ask them to work some limited amount of
time on a specific subject each month. We can start by doing that to
evaluate the complexity of the subject and discuss with them how we can
analyze this issue.
(I'll contact you off-list to initiate that and see how we can work on
this subject)
This seems like an excellent example of a thing that could usefully be
delegated.

Why not delegate someone who is interested, give them a budget cap,
and ask them to:
- consult within the project on the wording of the question to
be asked
- consult with SFLC, as authorised delegate of the DPL, to put
and clarify the question and get the answer
- report back to the project as a whole

I did roughly this for the PHP licence problem, without a DPL
delegation, but simply with an explicit approval by the DPL for the
laywers to talk to me. This process worked well until the report
stage, where I felt I didn't have the authority to unilaterally
publish the advice we had received and as a result it got sat on for a
long time. A formal delegation with clear terms of reference would
have solved this.

Ian.
Mehdi Dogguy
2017-03-31 00:33:02 UTC
Permalink
Post by Ian Jackson
Post by Mehdi Dogguy
Post by Florian Weimer
Do you think this situation needs addressing? What do you propose do
about it? Do you think the way the ZFS situation was resolved could
be an example?
I am not an expert in licensing issues but it is quite easy to ask advice
Post by Florian Weimer
from specialists on this matter and I'd approve spending necessary funds
to get qualified advice, of course. We already have an agreement with
Conservancy which allows us to ask them to work some limited amount of
time on a specific subject each month. We can start by doing that to
evaluate the complexity of the subject and discuss with them how we can
analyze this issue.
(I'll contact you off-list to initiate that and see how we can work on
this subject)
This seems like an excellent example of a thing that could usefully be
delegated.
Why not delegate someone who is interested, give them a budget cap,
- consult within the project on the wording of the question to
be asked
- consult with SFLC, as authorised delegate of the DPL, to put
and clarify the question and get the answer
I'd not necessarily bind it with SFLC though.
Post by Ian Jackson
- report back to the project as a whole
I did roughly this for the PHP licence problem, without a DPL
delegation, but simply with an explicit approval by the DPL for the
laywers to talk to me. This process worked well until the report
stage, where I felt I didn't have the authority to unilaterally
publish the advice we had received and as a result it got sat on for a
long time. A formal delegation with clear terms of reference would
have solved this.
You are raising an excellent point. I think this is a great idea if
we have someone motivated to do this work. So far, we did not have
(m)?any requests for legal advices. Last one we have had was the one
for ZFS on Linux, which was in 2015. I have invited FTP team at the
beginning of my term to not hesitate to ask for legal advices when
questions arise. The process is actually quite simple: Last july, I
have asked DSA to create a private RT queue for such matters. We only
have to write down our request and have the DPL send a signed mail to
the queue. Then, Conservancy will receive a notification and can start
discussing with us the specific terms for the subject. Finally, if the
advice can be made public, it is obviously something we will share with
the community.

So, to get back to your initial questions:
- Yes, it is an excellent idea
- I did not push for this idea because of the low number of requests for
this type of "expense". So making up a budget (or a max sum) for this
activity can be done but it is not necessary right now.
- I'd very much encourage such initiatives if there are people motivated
to do the work
- To me, working on the fund-raising part and delegating the part that
takes care of approving budgets for sprints looks more useful (to me)
in the short term.

Regards,
--
Mehdi
Loading...