License conflict makes binary undistributable

Automatically imported from Debian bug report #313615 http://bugs.debian.org/313615

Message-Id: <email address hidden>
Date: Tue, 14 Jun 2005 12:19:25 -0400
From: "Grzegorz B. Prokopski" <email address hidden>
To: <email address hidden>
Subject: License conflict makes binary undistributable

Package: libapache-mod-security
Severity: grave
Justification: GPL conflicts with APL and makes binary undistributable
Version: 1.8.7-1

According to http://packages.debian.org/stable/web/libapache2-mod-security
the copyright file contains BSD style license. However the LICENSE file
clearly contains the GNU GPL license. This is not only an issue of
consistency. GNU GPL is known to be incompatible with previous and current
versions of Apache license.

Therefore if this module is a derived work of Apache-licensed code, then the
license conflict prevents it from being distributed (as a binary, at least).
I am afriad that it IS a derived work, given, for example, that its source
files include numerous APL-licensed headers.

Cheers,

  Grzegorz B. Prokopski
--
Grzegorz B. Prokopski <email address hidden>
Debian GNU/Linux http://www.debian.org
SableVM - LGPL'ed JVM http://www.sablevm.org
Why SableVM ?!? http://devel.sablevm.org/wiki/WhySableVM

Message-ID: <email address hidden>
Date: Wed, 15 Jun 2005 02:11:03 +0200
From: <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: could an apache module be gpl ?

This bug report raised the issue :
http://bugs.debian.org/313615

of an apache module (libapache-mod-security) being gpl while
using apache licenced headers .

I have checked the module source and it does not ship with its
own version of the apache headers.

It seems to me this is not an issue as modules resolves their
symbols at runtime so the "library" can be bsd or apache licenced
and the module gpl .

Though this bug report also describe such modules as being
derived works which makes some sense ...

Thank you for any clue on this issue.
Regards
Alban

Message-Id: <email address hidden>
Date: Wed, 15 Jun 2005 10:46:06 +0100
From: MJ Ray <email address hidden>
To: <email address hidden>
Subject: Further information on the GPL for an Apache module

I think the section in the GPL FAQ at
http://www.gnu.org/licenses/gpl-faq.html#GPLPluginsInNF
applies, even though Apache is not non-free.

libapache-mod-chroot, libapache-mod-witch, libapache2-mod-fcgid,
libapache2-mod-ldap-userdir, libapache2-mod-xslt are also GPL.
If this is a bug, it looks like those may have similar bugs.

A common solution seems to be to get permission to link to
an APL'd work as an exception. Upstream looks alive. If
they're willing, it may be the simplest fix.

libapache2-mod-ldap-userdir has an exception for OpenSSL already.

Good luck!

--
MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/

Message-ID: <email address hidden>
Date: Wed, 15 Jun 2005 17:53:47 +0200
From: Alberto Gonzalez Iniesta <email address hidden>
To: MJ Ray <email address hidden>, <email address hidden>
Subject: Re: Bug#313615: Further information on the GPL for an Apache module

On Wed, Jun 15, 2005 at 10:46:06AM +0100, MJ Ray wrote:
> I think the section in the GPL FAQ at
> http://www.gnu.org/licenses/gpl-faq.html#GPLPluginsInNF
> applies, even though Apache is not non-free.
>=20
> libapache-mod-chroot, libapache-mod-witch, libapache2-mod-fcgid,
> libapache2-mod-ldap-userdir, libapache2-mod-xslt are also GPL.
> If this is a bug, it looks like those may have similar bugs.
>=20
> A common solution seems to be to get permission to link to
> an APL'd work as an exception. Upstream looks alive. If
> they're willing, it may be the simplest fix.
>=20
> libapache2-mod-ldap-userdir has an exception for OpenSSL already.
>=20

Thanks a lot for the tip! I'll talk with upstream about this. I'm sure
he'll add the permission to the license.

Regards,

Alberto

--=20
Alberto Gonzalez Iniesta | Formaci=F3n, consultor=EDa y soporte t=E9cn=
ico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com

Key fingerprint =3D 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3

Message-ID: <4338CC4C.4040304@0c3.net>
Date: Tue, 27 Sep 2005 14:36:28 +1000
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: License conflict makes binary undistributable

Hi, just a reminder on this bug. Did you ever get around to talking to
upstream about this license conflict? Note that, because apache almost
always links to libssl, they'll need a license exception for both Apache
and OpenSSL, as most people read things. (I don't necessarily read it
that way, but better safe than sorry, I guess).

... Adam

This package has been removed from Debian.

We can do better than this. Where the Debian maintainers failed to contact upstream, we can attempt to do so. We should probably also add an "upstream" to this if we can get a ticket raised with the apache maintainers.

Is Alberto Gonzalez Iniesta currently active?

Since this is an issue that could cause licensing conflicts, or the loss of quite major functionality, I am of the opinion that maybe it should have its priority bumped to High.

Actually - that should be Adam Conrad as he actually has this assigned to him..

Actually, Alberto González did contact upstream, who stated he isn't willing to change the licence, and the conflict between them is on purpose (business decision).

Setting status to 'Fix Released' as this apparently is no longer a problem in Feisty.

Licensing problem might have been solved: http://groups.google.com/group/linux.debian.legal/browse_thread/thread/d4b4a74c82042abd

Upstream has added a licensing exception.