Re: Interest in packaging GNU Shishi and GNU Generic Security Service?
Russ Allbery <rra@stanford.edu> writes:
> Simon Josefsson <jas@extundo.com> writes:
>> Steve Langasek <vorlon@debian.org> writes:
>
>>> I notice from
>>> <http://josefsson.org/cgi-bin/viewcvs.cgi/shishi/README?rev=1.30&view=markup>
>>> that this lib is distributed under the terms of the GPL only, so I have
>>> my doubts that it's particularly useful for Debian to adopt it. Is
>>> there any particular reason that GNU shishi is not made available under
>>> the LGPL?
>
>> Some reasons are given in [1]. I don't quite follow. Is there a
>> problem with GPL'd software in Debian?
>
> The problem is that you're drastically limiting what other software can
> use the library. For example, there would be no way that Debian could
> link Cyrus SASL with shishi, because Cyrus SASL is used by a wide variety
> of other packages including some that are not GPL-compatible. No package
> that uses shishi could also use OpenSSL. No package that uses shishi
> could, as I understand it, use it as part of an Apache module. There are
> lots of other, similar cases.
I see, right. I note that a similar problem already exist, because
Heimdal links with OpenSSL. So it appears that code licensed under
GPL could not link with Heimdal. (A rdepend suggest e.g. lsh-server
contain GPL code that link with OpenSSL through Heimdal)
> As a result, shishi is going to basically be a curiosity, not a serious
> Kerberos alternative for Debian. Given the difficulty involved in
> building multiple versions of packages to allow a choice of Kerberos
> implementations (if you look through Debian, you'll find that the ability
> to use Heimdal or MIT Kerberos exclusively is already rather spotty and
> some significant packages are only really maintained with one or the
> other), the addition of licensing problems means that there's basically no
> motivation for anyone to try to use shishi.
One motivation would be to get the unique features that Shishi has
that the other Kerberos implementation has. E.g., non-ASCII support,
X.509/OpenPGP authentication through GnuTLS.
> Most of the motivations for making a library GPL rather than LGPL do not
> apply to shishi, since no one is going to free their software just to be
> able to use shishi. They're going to shrug and just use MIT Kerberos or
> some other implementation with a permissive license instead.
You have a point, and I'll consider switching to LGPL for the core
library. Perhaps a model like the one for GnuTLS is appropriate,
where the unique features has been separated into a GPL'd library.
Thanks,
Simon
Reply to: