View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001404 | libmicrohttpd | other | public | 2008-08-10 07:25 | 2008-09-10 22:49 |
| Reporter | epienbro | Assigned To | lv-426__ | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Summary | 0001404: License inconsistencies and incompatibilities | ||||
| Description | Hi, I'm about to maintain libmicrohttpd in Fedora, but during review it has come to our attention that several pieces of the project are licensed under the GPLv2+ and GPLv3+ license while other pieces are licensed under the LGPLv2+ license. In http://crisp.cs.du.edu/pipermail/libmicrohttpd/2007/000001.html you've mentioned the whole project will be licensed under the LGPLv2+ license. After grabbing the latest SVN snapshot I've found out there are still some files left which are licensed under a different license : configure.ac (GPLv2+) doc/texinfo.tex (GPLv3+) src/daemon/https/opencdk/new-packet.c (GPLv2+) src/daemon/https/opencdk/keydb.c (GPLv2+) src/daemon/https/opencdk/pubkey.c (GPLv2+) src/daemon/https/opencdk/write-packet.c (GPLv2+) src/daemon/https/opencdk/stream.h (GPLv2+) src/daemon/https/opencdk/kbnode.c (GPLv2+) src/daemon/https/opencdk/seskey.c (GPLv2+) src/daemon/https/opencdk/verify.c (GPLv2+) src/daemon/https/opencdk/types.h (GPLv2+) src/daemon/https/opencdk/cipher.c (GPLv2+) src/daemon/https/opencdk/packet.h (GPLv2+) src/daemon/https/opencdk/filters.h (GPLv2+) src/daemon/https/opencdk/armor.c (GPLv2+) src/daemon/https/opencdk/read-packet.c (GPLv2+) src/daemon/https/opencdk/main.c (GPLv2+) src/daemon/https/opencdk/opencdk.h (GPLv2+) src/daemon/https/opencdk/main.h (GPLv2+) src/daemon/https/opencdk/context.h (GPLv2+) src/daemon/https/opencdk/misc.c (GPLv2+) src/daemon/https/opencdk/compress.c (GPLv2+) src/daemon/https/opencdk/stream.c (GPLv2+) src/daemon/https/opencdk/literal.c (GPLv2+) src/daemon/https/opencdk/sig-check.c (GPLv2+) src/daemon/https/openpgp/gnutls_extra.c (GPLv3+) src/daemon/https/openpgp/pgp_privkey.c (GPLv3+) src/daemon/https/openpgp/compat.c (GPLv3+) src/daemon/https/openpgp/gnutls_extra.h (GPLv3+) src/daemon/https/openpgp/gnutls_openpgp.c (GPLv3+) src/daemon/https/openpgp/gnutls_ia.c (GPLv3+) src/daemon/https/openpgp/extras.c (GPLv3+) src/daemon/https/openpgp/pgp.c (GPLv3+) src/daemon/https/openpgp/pgp_verify.c (GPLv3+) src/daemon/https/list.h (GPLv3+) src/daemon/https/tls_test.c (GPLv3+) src/daemon/https/tests.c (GPLv3+) src/daemon/https/extra.h (GPLv3+) src/daemon/postprocessor_large_test.c (GPLv2+) src/daemon/daemon_test.c (GPLv2+) src/daemon/postprocessor_test.c (GPLv2+) src/testcurl/https/tls_daemon_options_test.c (GPLv2+) src/testcurl/https/tls_authentication_test.c (GPLv2+) src/testcurl/https/tls_cipher_change_test.c (GPLv2+) src/testcurl/https/mhds_multi_daemon_test.c (GPLv2+) src/testcurl/https/mhds_session_info_test.c (GPLv2+) src/testcurl/https/tls_alert_test.c (GPLv2+) src/testcurl/https/tls_session_time_out_test.c (GPLv2+) src/testcurl/daemontest_post_loop.c (GPLv2+) src/testcurl/daemontest_get.c (GPLv2+) src/testcurl/daemontest_get_chunked.c (GPLv2+) src/testcurl/daemontest_large_put.c (GPLv2+) src/testcurl/curl_version_check.c (GPLv2+) src/testcurl/daemontest_post.c (GPLv2+) src/testcurl/daemontest_long_header.c (GPLv2+) src/testcurl/daemontest_put.c (GPLv2+) src/testcurl/daemontest_postform.c (GPLv2+) src/testcurl/daemontest_put_chunked.c (GPLv2+) src/testzzuf/daemontest_get.c (GPLv2+) src/testzzuf/daemontest_get_chunked.c (GPLv2+) src/testzzuf/daemontest_large_put.c (GPLv2+) src/testzzuf/daemontest_post.c (GPLv2+) src/testzzuf/socat.c (GPLv2+) src/testzzuf/daemontest_long_header.c (GPLv2+) src/testzzuf/daemontest_put.c (GPLv2+) src/testzzuf/daemontest_postform.c (GPLv2+) src/testzzuf/daemontest_put_chunked.c (GPLv2+) It looks like you've used code from the opencdk and openpgp projects. These projects are licensed under the GPLv2+ (opencdk) and GPLv3+ (openpgp) licenses. According to the GPL, all derived works (thus libmicrohttpd) must be under the same (or compatible) license. This means libmicrohttpd can't be licensed under the LGPL license while using these components! All the files used for tests can stay at GPLv2+ (from a legal point of view), but the https part of libmicrohttpd (which uses opencdk and openpgp) really needs to be fixed. | ||||
| Tags | No tags attached. | ||||
|
|
configure.ac is an oversight. I suspect the same applies to the texinfo file. I was under the impression that GNUtls was LGPL (and the GPLv2 components are all from GNUtls AFAIK. Still, you are right, this needs to be investigated. |
|
|
openpgp support should be dropped until an LGPL implementation is added keep under revision control, exclude from upcoming release : src/daemon/https/extra.h src/daemon/https/openpgp/* src/daemon/https/opencdk/* removed : src/daemon/https/list.h (GPLv3+) src/daemon/https/tls_test.c (GPLv3+) src/daemon/https/tests.c (GPLv3+) the following should be switched to use LGPL : src/testzzuf/* src/testcurl/* src/daemon/postprocessor_large_test.c src/daemon/daemon_test.c src/daemon/postprocessor_test.c |
|
|
I don't really care about the testcases being GPL or LGPL. If you feel like they should be LGPL, feel free to change the license. Why do you want to keep the gnuTls extras under revision control if we don't have them in the release? |
|
|
I've now removed all of the GPL'ed files that were not testcases. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-08-10 07:25 | epienbro | New Issue | |
| 2008-08-10 16:16 | Christian Grothoff | Note Added: 0003622 | |
| 2008-08-10 16:20 | Christian Grothoff | Status | new => assigned |
| 2008-08-10 16:20 | Christian Grothoff | Assigned To | => lv-426__ |
| 2008-08-13 17:04 | lv-426__ | Note Added: 0003640 | |
| 2008-08-15 04:33 | Christian Grothoff | Note Added: 0003642 | |
| 2008-08-24 15:21 | Christian Grothoff | Status | assigned => resolved |
| 2008-08-24 15:21 | Christian Grothoff | Resolution | open => fixed |
| 2008-08-24 15:21 | Christian Grothoff | Note Added: 0003662 | |
| 2008-09-10 22:49 | Christian Grothoff | Status | resolved => closed |
