[Webkit-unassigned] [Bug 216201] [GTK]: RFE: remove using libgcrypt

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 17 15:42:25 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=216201

Carlos Alberto Lopez Perez <clopez at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |clopez at igalia.com

--- Comment #9 from Carlos Alberto Lopez Perez <clopez at igalia.com> ---
https://en.wikipedia.org/wiki/Apache_License#Compatibility(In reply to Tomasz Kłoczko from comment #5)
> > This looks like an issue with the packages in your GNU/Linux distribution.
> 
> Nope. This is not only Fedora issue. In All Debian based distros people are
> completly not aware possibility to minimise dynamically linked libraries by
> proper decysions on source code configuration stage in case of thsoe
> projects which have such options.
> 
> Only handfull packages have options to choose for example crypto backend
> library on configure source code stage.
> 

AFAIK Debian based distributions choose to use libgcrypt over OpenSSL whenever possible to avoid the license issues with the OpenSSL license and the GPL (read at bottom of this comment about the new license of OpenSSL).

There is even a lintian tag that warns when you try to link a GPL package with OpenSSL: https://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html

In the case of Fedora based distros this is not a problem because Fedora decided to declare OpenSSL part of the core operating system, therefore the linking exception of the GPL license applies <https://www.gnu.org/licenses/gpl-faq.en.html#SystemLibraryException>
But Debian distros decided against this.


(In reply to Michael Catanzaro from comment #8)
> (BTW, I still think libgcrypt was a good choice to use for WebCrypto at the
> time the feature was developed. We had to avoid LGPLv3, GPL, and OpenSSL
> licenses. With those restrictions, the choice made sense. We couldn't have
> predicted back then that it would eventually become possible to consider
> OpenSSL.)

OpenSSL new license is Apache v2, which to the best of my knowledge is also not compatible with the GPLv2 license (GPLv2-only).

See:
https://www.apache.org/licenses/GPL-compatibility.html
https://en.wikipedia.org/wiki/Apache_License#Compatibility

So my understanding is that if we switch WebKit to use OpenSSL then WebKit itself will be incompatible (license-wise) with GPLv2-only applications (or libraries).

I'm missing something here?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201117/eacdeca0/attachment.htm>

More information about the webkit-unassigned mailing list