[cl-plus-ssl-devel] Fwd: Re: Bug#394161: ITP: cl-plus-ssl -- A simple Common Lisp interface to OpenSSL

[David Lichteblau]

Hi,

Quoting Peter Van Eynde (cl-debian at pvaneynd.mailworks.org):
> I've created a debian package of cl-plus-ssl and while filing the ITP I got 
> the attached comment. In short: the position held by the ftp maintainers of 
> debian is that a normal GPL'ed program cannot be linked with openssl. If you 
> want to do this you have to add a clause to the license permitting linking 
> with openssl.
> 
> As the whole intend of cl-plus-ssl is to link with openssl this is a little 
> pedantic, but could you add this clause, just to 'cross all the t's and dot 
> the i's'?

Eric Marsden and Jochen Schmidt probably do not read this list.  You
would have to wait what they say.  While you are at it, you might want
to ask them whether relicensing directly to a BSD-style license isn't
perhaps easier and clearer than "Lesser GPL plus Lisp preamble plus
OpenSSL preamble" (eeks).

Have you considered just patching CL+SSL in Debian to load GNU TLS
instead of OpenSSL for now?  Technically, that should not be difficult,
since CL+SSL uses only few SSL functions.  (Or does GNU TLS lack the
whole BIO structure thing?  Although I wrote the code interfacing with
that, I am aware that it isn't perfectly reliable yet anyway, so we
could disable it.) And as far as the license is concerned, although
upstream CL+SSL tries to be usable with commercial Lisp software through
use of the LLGPL preamble, use of GNU TLS would only downgrade that
license to plain LGPL, which shouldn't be a problem for the free
software included with Debian.  (right?)

> For more information see 
> http://www.gnome.org/~markmc/openssl-and-the-gpl.html, thanks in advance.

Yes, I know.  That is also why Debian folks say they cannot upgrade
their ancient libldap 2.1.  "Because OpenSSL is GPL incompatible."


d.

PS Hopefully Nathan Froyd's Ironclad will soon grow a native Lisp
implementation of SSL so that we can forget about all of this.... ;-)