Ubuntu
mongodb package

Mongodb links GPL code with SSL

Bug #1175028 reported by Scott Kitterman
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
libmongodb-perl (Ubuntu)
Confirmed
Undecided
Unassigned
Raring
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
mongodb (Ubuntu)
Fix Released
Critical
Ubuntu Technical Board
Ubuntu ubuntu-13.06
Raring
Won't Fix
Critical
Ubuntu Technical Board
Ubuntu raring-updates
Saucy
Fix Released
Critical
Ubuntu Technical Board
Ubuntu ubuntu-13.06

Bug Description

As it is, the package is either undistributable or a non-free work per the Ubuntu Licensing Policy in raring and saucy:

http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-archive.html#s-ulp

The lack a clarity is based on report on the Ubuntu Server mailing list that there is an Ubuntu specific SSL exception granted by the copyright holders:

https://lists.ubuntu.com/archives/ubuntu-server/2013-April/006566.html

This is not documented in the package anywhere. If there is an exception, then the package is distributable, but non-free due to failing the 'Must not be distributed under a license specific to Ubuntu' test.

I'm filing a bug rather than taking direct action because (as discussed in the email thread), Daviey believes that OPENSSL is covered by the GPL system libreary exemption and so there is no issue (I'm left to wonder why anyone bothered to ask for an Ubuntu specific exception to link with OPENSSL if it wasn't needed, but I digress ...).

https://lists.ubuntu.com/archives/ubuntu-server/2013-April/006570.html

So rather than take direct action, I think it prudent to make a bug and assign it to ~ubuntu-archive to sort out.

Scott Kitterman (kitterman)
Changed in mongodb (Ubuntu):
importance: Undecided → Critical
milestone: none → ubuntu-13.04-month-5
milestone: ubuntu-13.04-month-5 → ubuntu-13.05
Changed in mongodb (Ubuntu Raring):
milestone: none → raring-updates
importance: Undecided → Critical
assignee: nobody → Ubuntu Package Archive Administrators (ubuntu-archive)
Changed in mongodb (Ubuntu Saucy):
assignee: nobody → Ubuntu Package Archive Administrators (ubuntu-archive)
Revision history for this message
Scott Kitterman (kitterman) wrote :

Reassigning since this has been raised to the TB now:

https://lists.ubuntu.com/archives/technical-board/2013-May/001601.html

Changed in mongodb (Ubuntu Raring):
assignee: Ubuntu Package Archive Administrators (ubuntu-archive) → Ubuntu Technical Board (techboard)
Changed in mongodb (Ubuntu Saucy):
assignee: Ubuntu Package Archive Administrators (ubuntu-archive) → Ubuntu Technical Board (techboard)
Revision history for this message
James Page (james-page) wrote :

I'm working with 10gen upstream to get the OpenSSL linking exception written into the License for MongoDB. They want to get this sorted out so all distributions can enable SSL support without the license ambiguity that we currently have.

Revision history for this message
James Page (james-page) wrote :

I'd like to clarify the process under which I enabled the SSL support in the MongoDB package; this feels like a suitable place todo that.

SSL support was requested by a number of people in the MongoDB package; specifically to support certain security related features for juju-core.

My initial stance was that this was not possible due to the know incompatibility between OpenSSL and GPL licenses - I discussed this with the Debian maintainer and we agreed; so I approached the copyright holder (10gen) for clarification on their position as to linking OpenSSL with MongoDB; their initial response was the they thought this was OK as OpenSSL is shipped with the distro so this fell under the 'system libraries' clause in GPL licensing.

I was uncomfortable as this is a grey area for the distro, so I requested a license exception be documented as part of MongoDB.

10gen clarified their position to me again in a formal letter rather than a documented License exception; I discussed with an archive admin and internal Canonical legal counsel and the opinion was that this was sufficient to enable this feature in Ubuntu. I agree this should have been documented in the package; this was my oversight.

At no point did I request a Ubuntu specific license exception.

As commented in #2 I'm working with 10gen to get this documented as a license exception in the MongoDB package itself as this appears to be the clearest path to resolving this issue.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mongodb (Ubuntu Raring):
status: New → Confirmed
Changed in mongodb (Ubuntu):
status: New → Confirmed
Kate Stewart (kate.stewart)
Changed in mongodb (Ubuntu Saucy):
milestone: ubuntu-13.05 → ubuntu-13.06
Revision history for this message
Scott Kitterman (kitterman) wrote : Re: [Bug 1175028] Re: Mongodb links GPL code with SSL

For posterity, today the Ubuntu TB reviewed the question of if openssl counted
as a system library per the GPL or if a specific GPL exception for openssl
linking was required. They concluded that it is required for both GPL v2 and
GPL v3:

http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-07-08-19.58.moin.txt

DJ (davidrjamison)
Changed in mongodb (Ubuntu Saucy):
status: Confirmed → Fix Released
Changed in mongodb (Ubuntu Raring):
status: Confirmed → Fix Committed
Revision history for this message
Scott Kitterman (kitterman) wrote :

On what basis do you mark this fix released?

Revision history for this message
Scott Kitterman (kitterman) wrote :

I'm going to assume that was accidental.

Changed in mongodb (Ubuntu Saucy):
status: Fix Released → Fix Committed
evi brosda (evibrosda)
Changed in mongodb (Ubuntu Saucy):
status: Fix Committed → Fix Released
Scott Kitterman (kitterman)
Changed in mongodb (Ubuntu Saucy):
status: Fix Released → Fix Committed
Revision history for this message
James Page (james-page) wrote :

I've chased upstream on this issue again; the appropriate exceptions should be in the right headers for the next release of the 2.5.x series which is scheduled for the 5th September.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Fix committed in upstream repository:
https://github.com/mongodb/mongo/commit/ab0a0a92a1cc056e841dbcdac94c2f181ce29d2b

+ *
+ * As a special exception, the copyright holders give permission to link the
+ * code of portions of this program with the OpenSSL library under certain
+ * conditions as described in each individual source file and distribute
+ * linked combinations including the program with the OpenSSL library. You
+ * must comply with the GNU Affero General Public License in all respects
+ * for all of the code used other than as permitted herein. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version. If you
+ * delete this exception statement from all source files in the program,
+ * then also delete it here.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mongodb - 1:2.4.6-0ubuntu4

---------------
mongodb (1:2.4.6-0ubuntu4) saucy; urgency=low

  * d/copyright: Add details of MongoDB AGPL+OpenSSL license exception
    to support continued use of MongoDB with SSL support enabled
    (LP: #1175028).
 -- James Page <email address hidden> Thu, 29 Aug 2013 12:33:32 +0100

Changed in mongodb (Ubuntu Saucy):
status: Fix Committed → Fix Released
chisagocity9@hotmail.com (chisagocity9)
Changed in mongodb (Ubuntu Raring):
status: Fix Committed → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mongodb (Ubuntu Raring):
status: New → Confirmed
chisagocity9@hotmail.com (chisagocity9)
Changed in mongodb (Ubuntu Raring):
status: Confirmed → Incomplete
status: Incomplete → Confirmed
Launchpad Janitor (janitor)
Changed in libmongodb-perl (Ubuntu Raring):
status: New → Confirmed
Changed in libmongodb-perl (Ubuntu Saucy):
status: New → Confirmed
Changed in libmongodb-perl (Ubuntu):
status: New → Confirmed
Revision history for this message
Rolf Leggewie (r0lf) wrote :

raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix".

Changed in mongodb (Ubuntu Raring):
status: Confirmed → Won't Fix
Rolf Leggewie (r0lf)
Changed in libmongodb-perl (Ubuntu Raring):
status: Confirmed → Won't Fix
Revision history for this message
Rolf Leggewie (r0lf) wrote :

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

Changed in libmongodb-perl (Ubuntu Saucy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.