[exim-dev] [Bug 1536] GPL does not cover modifications that …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1536] GPL does not cover modifications that aren't "distributed"
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1536




--- Comment #6 from Phil Pennock <pdp@???> 2014-11-04 00:21:39 ---
Two clarifications following some discussion between the maintainers:

(1)

Exim provides an explicit interface to custom code via the "local_scan"
facility, through local_scan.c; it is the explicit intent that this provides a
boundary between "what is Exim" and "what is being integrated into Exim" and is
an explicit API boundary.

Any changes to Exim which work _solely_ through local_scan.c do not have to be
provided under the GPL. Binary images of Exim built with local_scan.c
modifications may be distributed without having to provide the source code for
local_scan.c. While publication of those changes would obviously incur good
will from the community and the maintainers, it is not explicitly required.

(2)

In comment #1 I wrote "A change to the Affero GPL would mean that an ISP or
university could not maintain custom patches which they support themselves,
while providing service to their customers/users."; this was a mis-statement.
I missed the word "private". I meant "[...] could not maintain private custom
patches which [...]".

Anyone is welcome to maintain custom patches outside of the Exim source tree;
anyone is free to distribute binaries of Exim built using custom _public_
patches. This is what Debian (and its derivatives) do, as one example. Most,
but at any given time perhaps not all, of those patches might be from Exim as
the upstream, back-ported for security reasons, but a classic example of
out-of-tree patches would be when vendors (RedHat?) were maintaining the
dynamically-loaded lookup module support, to simplify binary dependencies for
package management purposes.

The issue is entirely around custom patches to Exim where the source code for
the patches is kept private, where the patches are _not_ solely in implementing
a function for the local_scan API, and where binaries including those changes
are run on systems not owned by (in a common-sense interpretation of the term
"owned") the entity providing the binaries.


Running a service based on Exim is what every organisation installing Exim
does: they provide SMTP service connecting to/from the Internet. They might be
an ISP or a University providing access to their customers/faculty/students,
and they are under no obligation to provide source for changes as long as the
binaries only run on their own servers.

The moment that a service is providing binaries for others to invoke and run as
a process on the systems belonging to those others, or engaging in obfuscation
schemes to try to avoid that onus, then the GPL impacted changes need to be
provided in source code form too. As Exim is not LGPL but GPLv2 (with no
practical way to relicense), the GPL-impacted changes are "any modification to
the source code not covered by an exemption".

There are exemptions for linking purposes, to ensure that Exim can be linked
with OpenSSL or any lookup type where the client library is not GPL.

There is an implicit exemption for local_scan purposes, which we may need to
make explicit.

No other exemptions come to mind.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email