Re: TODO: GNU TLS - Mailing list pgsql-hackers
| From | Stephen Frost |
|---|---|
| Subject | Re: TODO: GNU TLS |
| Date | |
| Msg-id | 20061228231051.GX24675@kenobi.snowman.net Whole thread Raw |
| In response to | Re: TODO: GNU TLS (Andrew Dunstan <andrew@dunslane.net>) |
| List | pgsql-hackers |
* Andrew Dunstan (andrew@dunslane.net) wrote: > Stephen Frost wrote: > >I do know that this has been an issue for > >Debian for quite some time and it seems rather unlikely that Debian's > >position on it will change. SPI does have a pro-bono lawyer but I > >don't know that this question has been posed to him, probably because > >the general consensus among the Debian Powers that Be is that it is an > >issue and we try to not bother our pro-bono lawyer too much (being, uh, > >pro-bono and all). > > > > I have a sneaking suspicion that there are some hidden agendas in all this. I'm certainly not aware of any personally. I doubt Debian in general does either since this isn't exactly a fun thing for us to have to deal with. > I agree with this comment from Steve Langasek at > http://lists.debian.org/debian-legal/2003/01/msg00022.html : Unfortunately, the glue hasn't been made available under the LGPL. While I agree with Steve generally (and in fact have been discussing this whole bit with him on IRC), in this case he's right but the point is moot- it *could* be done, but it *hasn't* been done. The options are to go ask the original author about relicensing it (which I think has actually been done already) or rewriting it (which apparently hasn't been done). > >Sure, code can be rewritten to use gnutls natively. But I don't > >understand why anyone would consider this a useful expenditure of > >developer resources when the necessary OpenSSL compat glue could simply > >be made available under the LGPL. > > If this is such an issue, why hasn't somebody done that? Based on what I've seen happen to date it appears that projects would rather just include GNUTLS support directly than write a wrapper to support the OpenSSL API using GNUTLS. Indeed, that's exactly the approach Martijn took as well. My guess as to why this would be is that it's simply not *that* difficult to do and maintain, and in the end perhaps some prefer the GNUTLS API over the OpenSSL API, or feel that more things are moving in that direction. I don't know, I can't speak for them so I'm really just speculating, but the empirical evidence is that projects support GNUTLS and there doesn't exist a non-GPL OpenSSL API for GNUTLS yet. I understand that at least some GPL projects do use the GPL OpenSSL API for GNUTLS but it's not common. (fe: I know exim4, elinks, mutt, samba, curl/libcurl, and others support GNUTLS directly while the only project I've heard of using the wrapper is slrn, cupsys used the compat layer at one point but then changed to using GNUTLS directly). Maybe people feel that using a compat layer is uglier than using GNUTLS directly? Thanks, Stephen
pgsql-hackers by date: