Can distros ship #git that ends up using #OpenSSL (via libcurl)? This bug was filed against Debian:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094969

@bagder IANAL. Could they not use a libcurl-gnutls?

@icing I thought so as well

@bagder @icing They seem to be using libcurl-gnutls. The OpenSSL dependency comes transitively via OpenLDAP AFAIU.

@bagder just replied to it with my findings, I couldn't find a single distro that's not linking git with OpenSSL, either directly or indirectly (through libcurl-openssl).

Even GuixOS which doesn't build libcurl with LDAP support ends up linking to libssl on git-imap-send.

now there's a proposal to remove libcurl from the git build as a remedy, which of course would be quite a significant blow to everyone who clones https repositories...

@bagder Debian gotta debian. What a weird discussion. IMHO.

@jwildeboer @bagder getting very much “cut my nose off to spite my face vibes from these kinds of conflicts”

@carbontwelve @jwildeboer @bagder As a Debian contributor (but not involved in any part of the curl/git packaging), I don't read this as a conflict at all.

It's rather about respecting the wishes and licenses from the upstream authors.

The upstream authors give us the right to use their code for free, with a few rules that we should follow in order to make them happy. The least thing that we can do in return for this gift is to respect their wishes.

@alexanderkjall @carbontwelve @bagder But proposing to effectively disable https git operations based on the objections of one contributor to git with an opinion on license combinations that has been considered solved since many years feels a bit weird to me.

@jwildeboer How exactly is it weird? License incompatibilities are legal grey areas that distributors reasonably won't want to get into.

@RunxiYu See https://social.wildeboer.net/@jwildeboer/114337071775246111

@bagder although it was sent there, it's not being seriously considered, I've asked about it and the person who sent it said "please don't upload that"

@alexanderkjall @carbontwelve @jwildeboer @bagder adding additional restrictions or rules to downstream users is against FOSS. Clarifications of license incompatibility should only come from lawyers, not contributors, generally

@janet @carbontwelve @jwildeboer @bagder Everyone have the right to have an opinion about licensing, that doesn't mean that anyone can dictate how the license text should be interpreted.

That is also why people in the bug are calling for the ftp-masters to be involved, as they are experts on these kind of problems.

@alexanderkjall @janet @carbontwelve @bagder AFAICS the git project is managed by the Linux Foundation CORRECTION Software Freedom Conservancy, not by Brian Carlson. So I wonder why this topic is raised this way and not between Debian and SFC. It reminds me a bit of the BusyBox story. And I hope it can be avoided to go down that road. I may be a bit biased here, I happily admit.

@jwildeboer @alexanderkjall @janet @carbontwelve @bagder the git project is not managed by LF. It's a Software Freedom Conservancy project.

@monsieuricon @janet @alexanderkjall @bagder @carbontwelve Thanks. I corrected my toot. Doesn’t change my opinion that Brian Carlson isn’t the representative responsible for raising this question.

@monsieuricon @janet @alexanderkjall @bagder @carbontwelve And my fear that this turns into another BusyBox story is growing even more …

@jwildeboer @monsieuricon @janet @bagder @carbontwelve I agree, that is something to look out for.

@jwildeboer @bagder I think it's right and proper for Debian to want to be sure it's respecting the licence terms of the software it distributes.

And Debian being what Debian is, that sometimes entails lengthy discussions by email :)

@demoographics I think this is the best reply in the thread:

"I think that computer programmers have a tendency to treat licenses as if they are self-executing (and precise like software). From what I can tell, the legal system does not operate that way [...]"

Developers trying to interpret the legal consequences of licenses typically ends up in everyone being wrong. You really need an expert lawyer for this and you MUST be willing to accept their interpretation.

@bagder