[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] openssl license

From: Yavor Doganov
Subject: Re: [Savannah-hackers-public] openssl license
Date: Sun, 25 Jan 2009 14:06:31 +0200
User-agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Goj┼Ź) APEL/10.7 Emacs/22.3 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI)

Sylvain Beucler wrote:
> I do think that a vast majority of people don't compile their software
> and get it packaged.

I agree.

> Which means the availability of a package in a distro is critical.

Critical for what?  For its popularity and easy availability only, I

> In addition, given the size of the Debian packages repository (>
> 25000 free packages), stats are relevant,

Note that many of the GnuTLS vs. OpenSSL decisions are Debian's, not
upstream's.  IOW it is the Debian maintainers who decided to build
certain packages against GnuTLS, for licensing reasons.  This does not
mean that the world at large is adopting GnuTLS at a rapid pace.

And GnuTLS is still far from domination, even if you consider Debian
as a basis.  On a Lenny machine:

$ grep-dctrl -FDepends libssl0.9.8 -s Package \
  /var/lib/apt/lists/keel\:9999_*Packages | wc -l

$ grep-dctrl -FDepends libgnutls26 -s Package \
  /var/lib/apt/lists/keel\:9999_*Packages | wc -l

> Note that it's still preventing the project from using GPL'd
> libraries, hence enticing submitters to request LGPL'd or BSD'd
> replacements.  So I think GnuTLS needs to be recommended in all
> situations.

I agree completely.  But rejecting projects solely on that basis would
be too much, I think.

Nicodemo Alvaro wrote:
> Well, for the GiVMI project would python-gnutls suffice?

Probably, but since the API is different, they'd have to adopt their
package to use the GnuTLS Python bindings.  This can be trivial or too
much work, depending on the way they use this functionality.

> Well what about the claimed dependencies on Qemu and KVM?

Qemu is free software, I don't know about KVM.  Isn't it part of
modern Linux kernels?

> I have no idea where the pygtkvnc library is.

The Python bindings are built from the same package (uses GnuTLS).  So
not a problem.

> If the maintainer does go with the openssl, should there be a
> exception in the license notice?

Yes, definitely (even if the dependency is optional).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]