After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 693272 - License issue with optional TLS component
License issue with optional TLS component
Status: VERIFIED FIXED
Product: Pan
Classification: Other
Component: general
unspecified
Other All
: Normal major
: ---
Assigned To: pan-maint
pan-maint
Depends on:
Blocks:
 
 
Reported: 2013-02-06 17:51 UTC by Dominique Dumont
Modified: 2014-05-01 13:52 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Dominique Dumont 2013-02-06 17:51:22 UTC
Hello

I'm the maintainer of Pan on Debian. The package I've provided features optional TLS by linking pan with libgnutls28. 

As mentioned in a Debian bug report against pan package [1], libgnutls28
is LGPLv3. This license is not compatible with a "strict" GPLv2 license [2].

I can see only 3 solutions to this problem:
1. license Pan under "GPLv2 or any later version" :-)
2. remove TLS support from Debian package :-/
3. remove pan from Debian :-(

Is the first solution possible ?

If yes, just mention it in this bug report. There's no need to release a new version of Pan just to change the license term.

All the best 

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699892
[2] http://www.gnu.org/licenses/quick-guide-gplv3.html
Comment 1 Dominique Dumont 2013-02-06 18:12:33 UTC
Here are more explanations from FSF (with a table clearly illustrating the
compatibility vs usage scenarion):

http://gplv3.fsf.org/dd3-faq
Comment 2 Charles Kerr 2013-02-18 22:51:19 UTC
Petr Kovar asked me to comment on this ticket because I wrote Pan's older code.

The way I'd like to see this resolved is to change Pan's license from "strict GPLv2" to a dual license of "strict GPLv2" or "strict GPLv3."

Even though I'm a fan of the FSF (and a paid member of it), I'd prefer to leave out the standard "or later" clause for the simple reason that nobody knows what the future might bring.

I haven't kept up with newer development and don't know if the current dev/devs have strong opinions on licensing. I'm open to other points of view and am happy to discuss the issue. On the other hand if there's agreement with my suggestion, then feel free to relicense my parts of the code to "dual strict". :)
Comment 3 Dominique Dumont 2013-03-23 14:40:55 UTC
Gnutls 3.1.10 now has LGPLv2.1+ again.
http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006202.html

Looks like Pan no longer needs to be modified.

This new release comes too late to be included in Debian Wheezy. I'll re-package Pan with Gnutls once Wheezy is out.

Thanks to Kalle Olavi Niemitalo for the heads up.

All the best
Comment 4 Dominique Dumont 2013-11-28 18:15:56 UTC
Unfortunately, gnutls depends on GNU GMP library [1] which
is LGPL-3 [2]. So pan still cannot be linked with gnutls [3] 

[1] http://gmplib.org/
[2] http://gmplib.org/manual/Copying.html#Copying
[3] http://ftp-master.metadata.debian.org/changelogs/main/g/gnutls28/unstable_copyright
Comment 5 Heinrich Müller 2013-11-29 18:16:11 UTC
This is really breaking my balls. Perhaps I'll consider moving to PolarSSL.
Comment 6 Petr Kovar 2014-04-29 14:50:03 UTC
(In reply to comment #5)
> This is really breaking my balls. Perhaps I'll consider moving to PolarSSL.

Heinrich, GMP seems to have been relicensed recently:

"Since version 6, GMP is distributed under the dual licenses, GNU LGPL v3 and GNU GPL v2.0."

So that's good news, we can enable it again for distribution.
Comment 7 Dominique Dumont 2014-05-01 13:52:45 UTC
Petr, thanks for the heads up.

I've released a new version of Pan on Debian with TLS support (0.139-3)

All the best