[pjsip] tls licence question, possible violation

Vittorio Giovara vittorio.giovara at savoirfairelinux.com
Wed May 7 12:05:02 EDT 2014


Hello,

according to my understanding PJSIP is released under GPL and 
proprietary licence. Since a few version there is a TLS implementation 
that relies on OpenSSL, which features a 4-clause BSD and a Apache 1.1 
GPL-incompatible licence. [1]

Right now this constitutes also a violation of the Debian DFSG. [2] It's 
point #1 in "Serious violations (direct rejects even if we only find one 
point)".

The usual workaround is to add a linking exception for OpenSSL to the 
"offending" file but I believe that a more long term solution would be 
to port the TLS code to GNUTLS, which is a LGPL-licensed project. [3] 
This is preferred as it would allow statically linking the pjproject 
libraries too (something that should be done even with the linking 
exception). Alternatively there could be a second implementation relying 
on GNUTLS that is enabled by default, letting OpenSSL active only upon 
request (or for the proprietary distribution).

Do you think you could look into this?
Best,
Vittorio

[1] https://people.gnome.org/~markmc/openssl-and-the-gpl.html
[2] https://ftp-master.debian.org/REJECT-FAQ.html
[3] http://www.gnutls.org/





More information about the pjsip mailing list