Using LGPLv3+ license for libgnutls?

Alvaro Lopez Ortega alvaro at
Wed Sep 10 11:48:49 CEST 2008

Simon Josefsson wrote:

> I understand, although RMS asked if there were any _concrete_ reasons to
> not go with LGPLv3+ now, as opposed to just preferences.  The only
> concrete reason I've seen so far is a list of GPLv2 only projects.  If
> you think GnuTLS should remain licensed under LGPLv2.1+, finding more
> GPLv2-only projects that use GnuTLS is useful.  Reviewing these projects
> and finding out how difficult it would be to make them GPLv2+ instead
> would also provide more facts.

The Cherokee Web Server could be one for the project impacted by the 
change. It's licensed under GPLv2, so in case GnuTLS was relicensed 
under LGPLv3 it could not legally use GnuTLS any longer.

GnuTLS is an essential dependency for many Free Software projects, so it 
is specially important to make the right decision here.

Right now, everybody can use GnuTLS; that a good thing. However, 
changing the license would force even some Free Software projects to 
stop using it. That's worrying because it would leave those GPL projects 
without any choice: neither GnuTLS nor OpenSSL would be a legal option.

As I said, there are developers (and companies) who, for a number of 
reasons, are not ready to follow the GPLv3 path quite yet; and I don't 
personally think that ignoring them would be the right thing to do.

My two cents: IMHO, speaking of such a high impact piece of software, 
delaying the relicense for some time could be one of the most reasonable 

> Alvaro Lopez Ortega <alvaro at> writes:
>> Hello Simon,
>> Relicensing GnuTLS under LGPLv3 could be a problem for some other Free
>> Software projects, actually. As you have pointed, it would not be
>> legal for GPLv2 software to link against a LGPLv3 library, and that
>> would turn to be a major problem for those projects and, at the end of
>> the day, a handicap for GnuTLS.
>> If I looked after GnuTLS' wellbeing, I'd personally stick with the
>> current license.  It is a perfectly fine Free Software license that
>> wouldn't decrease GnuTLS' potential target audience.
>> Besides, it would be definitely much more friendly with the Free
>> Software developers who either don't follow the GPLv3 way or they are
>> not ready yet to do so.
>> Simon Josefsson wrote:
>>> The license compatibility matrix is useful, see:
>>> The problem is for GPLv2-only projects that wants to use a LGPLv3
>>> library.
>>> Using LGPLv3+ also has consequences for projects that wants to copy code
>>> from GnuTLS (they need to be GPLv3+ or LGPLv3+), but that is not
>>> something that happens widely enough to care about as far as I am aware.
>>> If anyone knows of significant code re-use from gnutls, let me know.
>>> /Simon
>>> "David Marín Carreño" <davefx at> writes:
>>>> But I don't catch what is the problem: a proprietary licensed product
>>>> can be dinamically linked to a LGPL3 library. And, as far as I know
>>>> (and, please, correct me if I am wrong, as I am not a lawyer), a GPL2
>>>> product can still be dinamically (or even statically) linked with a
>>>> LGPL3 library.
>>>> We are not talking about GPLv3. It's LGPLv3.
>>>> Perhaps, the problem would be the GPL'd parts of gnutls...
>>>> -- 
>>>> David Marín Carreño
>>>> 2008/9/9 Joe Orton <joe at>:
>>>>> On Tue, Sep 09, 2008 at 01:46:17PM -0400, Daniel Kahn Gillmor wrote:
>>>>>> On Tue 2008-09-09 12:01:23 -0400, Simon Josefsson wrote:
>>>>>>> I tried to do some systematic searches, but the debian copyright
>>>>>>> information tends to be incorrect (not mentioning versions) or difficult
>>>>>>> to parse.
>>>>>> This is sadly true.  Automatic resolution of this sort of question
>>>>>> would be much easier if the machine-readable debian/copyright proposal
>>>>>> was more widely-adopted:
>>>>> We have such a standard agreed at Fedora but the hard work is really in
>>>>> auditing N thousand packages to meet it.
>>>>>>> I recognize cups, snort and ekg, and they are fairly well known.
>>>>>> fwiw, gobby seems to be GPL-2+, not GPL-2, at least according to the
>>>>>> debian copyright info, so it's possilbe that the fedora tags are wrong
>>>>>> on that package:
>>>>> I agree, good catch, thanks; I've filed a bug to get this fixed in
>>>>> Fedora.
>>>>>> And cups appears to be ambiguous as far as the GPL'ed bits (though the
>>>>>> LGPL'ed bits are pretty clearly V2-only):
>>>>>> [0 dkg at squeak ~]$ grep -A6 ^INTRODUCTION /usr/share/doc/cups-common/copyright
>>>>>> The Common UNIX Printing System(tm), ("CUPS(tm)"), is provided
>>>>>> under the GNU General Public License ("GPL") and GNU Library
>>>>>> General Public License ("LGPL"), Version 2, with exceptions for
>>>>>> Apple operating systems and the OpenSSL toolkit. A copy of the
>>>>>> exceptions and licenses follow this introduction.
>>>>> Following the guidance at I
>>>>> would say that since the code is explicit about being licensed per the
>>>>> terms in LICENSE.txt, "GPLv2 only" is a reasonable interpretation.
>>>>> If anybody thinks this is important to clarify I can chase it with the
>>>>> Fedora licensing guys.

Greetings, alo

More information about the Gnutls-devel mailing list