Clarifying the GnuPG License
Henry Hertz Hobbit
hhhobbit at securemecca.net
Wed Jun 12 20:53:35 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 06/12/2013 09:49 AM, Nils Faerber wrote:
> Am 12.06.2013 07:24, schrieb Navin:
>> Since GnuPG comes under the GPL, I would like to clarify if a
>> person's proprietary software makes use of GnuPG purely by
>> invocation of the command line commands, and the GnuPG exe's and
>> DLL's are bundled unmodified with the person's proprietary
>> software, can the person use GnuPG commercially in this manner
>> without having to publish his/her source code?
> IANAL but from my understanding: 1. by invocation of the
> commandline commands: Yes 2. invocation of GnuPG exe: Yes 3.
> Linking, dynamically or statically, against a GnuPG DLL, presumed
> that it is licensed under GPL: No
> The DLL usage would require the DLL to be licensed under LGPL,
> which is the very reason why LGPL was invented.
> Im am not sure which parts of the GnuPG suit are licensed under
> which license though, e.g. if the GnuPG DLL (if such exists at all)
> is licensed GPL or LGPL.
I am in agreement on the constraints Nils Faerber gives.
You were not specific as to the OS but since most distros of
Linux have GhuPG bundled I am assuming a Windows OS target.
Merging any of the GnuPG / PGP4WIN files into your install folder
may get you into trouble. It is because it makes it seem like
you own the binaries. You don't so they should not be in your
There are 76 DLL files in the main folder for 2.0.17 (GPG4WIN).
Licensing for things like GPGOL DLL is LGPL. Most other DLLs do
not give me the licensing information (looking at actual strings
in the binary files). All the 46 EXE files I looked at were GPLv3
but I didn't look at all of them so some may be GPLv2. Bascially,
consider the GPG4WIN bundle to be a GPLv3 product.
The last time I looked at it, I had to install GPG4Win or
one of the GPG 1.x installs before I put Enigmail in THunderbird
on Windows. EnigMail is licensed under MPLv2/GPLv2 to avoid
licensing issues. If Enigmail doesn't bundle when they have
compatible licensing then neither should you bundle.
I would have people download and install GPG4WIN themselves.
Under no circumstances link in any of the DLL files to avoid
licensing issues. gpg.exe and some other EXE files and
iconv.dll are in the %ProgramFiles%\GNU\GnuPG\pub folder which
is added to the %PATH% in the install for command line use.
Ergo, there is no need to bundle if you use gpg.exe on the
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Gnupg-users