Can distros ship #git that ends up using #OpenSSL (via libcurl)? This bug was filed against Debian:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094969

@bagder IANAL. Could they not use a libcurl-gnutls?

@icing I thought so as well

@bagder @icing They seem to be using libcurl-gnutls. The OpenSSL dependency comes transitively via OpenLDAP AFAIU.

@bagder just replied to it with my findings, I couldn't find a single distro that's not linking git with OpenSSL, either directly or indirectly (through libcurl-openssl).

Even GuixOS which doesn't build libcurl with LDAP support ends up linking to libssl on git-imap-send.

now there's a proposal to remove libcurl from the git build as a remedy, which of course would be quite a significant blow to everyone who clones https repositories...

@jwildeboer @bagder getting very much “cut my nose off to spite my face vibes from these kinds of conflicts”

@carbontwelve @jwildeboer @bagder As a Debian contributor (but not involved in any part of the curl/git packaging), I don't read this as a conflict at all.

It's rather about respecting the wishes and licenses from the upstream authors.

The upstream authors give us the right to use their code for free, with a few rules that we should follow in order to make them happy. The least thing that we can do in return for this gift is to respect their wishes.

@alexanderkjall @carbontwelve @bagder But proposing to effectively disable https git operations based on the objections of one contributor to git with an opinion on license combinations that has been considered solved since many years feels a bit weird to me.

@jwildeboer How exactly is it weird? License incompatibilities are legal grey areas that distributors reasonably won't want to get into.

@bagder although it was sent there, it's not being seriously considered, I've asked about it and the person who sent it said "please don't upload that"

@janet @carbontwelve @jwildeboer @bagder Everyone have the right to have an opinion about licensing, that doesn't mean that anyone can dictate how the license text should be interpreted.

That is also why people in the bug are calling for the ftp-masters to be involved, as they are experts on these kind of problems.

@jwildeboer @alexanderkjall @janet @carbontwelve @bagder the git project is not managed by LF. It's a Software Freedom Conservancy project.

@jwildeboer @monsieuricon @janet @bagder @carbontwelve I agree, that is something to look out for.

@jwildeboer @bagder I think it's right and proper for Debian to want to be sure it's respecting the licence terms of the software it distributes.

And Debian being what Debian is, that sometimes entails lengthy discussions by email :)