As the title requests, is there any reason to not change to GPLv3? As Gerald has commented on in the past (found on this site thanks to Google), and as discussed in various other places ( https://bugzilla.novell.com/show_bug.cgi?id=775737 ) the license for dependencies used for decrypting SSL traffic has moved to GPLv3 and as a result it is no longer permissible to link to those libraries from something using GPLv2, or something (I am not a lawyer). Are there any reasons to stick with GPLv2 at this point? My understanding of the newer license is that it is a bit more forceful in its rules around really, truly being free, but there are countless articles online talking about that and the FSF has some helpful guides worth reviewing for those interested. http://www.gnu.org/licenses/gpl-faq.html#AllCompatibility http://www.wireshark.org/lists/wireshark-dev/201205/msg00167.html https://wireshark.org/lists/wireshark-dev/201203/msg00171.html Thanks, AB asked 14 Feb '13, 09:00  dajoker edited 14 Feb '13, 09:42  grahamb ♦ |
One Answer:
GnuTLS is LGPLv3+ due to a dependency on GMP. There have been discussions about dual-licensing GMP as LGPLv3+ / GPLv2+ in the past but as far as I know no action has been taken. I don't know how the other Wireshark developers feel, but I think that:
Update: GnuTLS switched back to LGPLv2.1+ in version 3.1.10. answered 14 Feb '13, 09:26  Gerald Combs ♦♦ edited 07 Apr '13, 12:22 |
Gerald,
Thank-you for the quick response. I agree, needing to change a license because of something you do not even use (GMP in this case) would be frustrating. Perhaps I should have focused more on the end goal rather than one possible solution to the problem, and perhaps your second bullet point moves toward that goal: How do we get SSL decryption working for Linux in the long run?
I do not have any particularly strong ties to GnuTLS vs. OpenSSL. The Apache license works well for me in many cases and this "Apache-style" license used by OpenSSL would be just fine by me too (not that I count).