On 07/07, Philipp Wolfer wrote:
2015-07-05 19:39 GMT+02:00 Hugo Osvaldo Barrera <hugo@barrera.io>:
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form).
IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I believe it is not in some jurisdictions), but anyone running it is receiving illegal content, so I don't think we should keep it around.
Can somebody explain to me, why this binary should be illegal at all? I looked at the site and the code provided, and from what I can see the entire product is covered by the GPLv3. And the license does *not* forbid distributing binaries, it just makes it a requirement to also provide access to the source code. Now we can discuss whether the PKGBUILD in its current form satisfies that requirement (it provides a link to upstream, but not directly to a source download location).
Their code is GPLv3. OpenSSL is not and has a GPL-incompatible license, and thus software using the GPLv3 needs a special version of the GPL with an explicit OpenSSL linking exception, otherwise you cannot distribute the software while it links to OpenSSL.
Also this implies that upstream is doing something illegal by providing binaries of their own software, which is nonsense. They are free to do whatever they want with their own software.
It's not nonsense. They can do what they want with their software, yes, but not when it breaks the license of other software they use. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/