Re: [Chicken-hackers] Re: Backdoor GPL in message-digest

[Peter Bex]

On Mon, Aug 23, 2010 at 12:43:21PM -0700, Kon Lovett wrote:
> Assume a component of package A uses something that is GPL'ed, but no  
> other component in that package uses the GPL tainted component (it is  
> "just along for the ride"). Then all components of package A are  
> tainted?

If package A is one binary or a set of binaries that always get linked
to a package using it, then it does.  It's called a "derivative work".
Yes, this is insane.

The LGPL was specifically written to avoid requiring that code linked
to the library also becomes GPL.  That's how it's possible that you
can link non-GPLed programs against GNU libc.

> Doesn't this reasoning lead to the absurd conclusion that any software  
> installation with a GPL'ed component somewhere is tainted? Or is it  
> just the act of packaging?

The act of redistributing a program with GPL components ties you to
the GPL.

> Then the Chicken svn repo is tainted since it can be delivered as a package?

GPL programs can be redistributed along with other programs that are
not GPL.  This was a problem in the early days of Linux distributions
but this problem has since been resolved.  Distributing things as source
doesn't tie one to the GPL though.  It only becomes a problem when
someone links together GPL and non-GPL things and then distributes the
resulting binary file.

Of course, IANAL, insert standard disclaimer here.

Cheers,
Peter
-- 
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth