On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: > How to continue from here/solve this: > --------- > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. This seems like the best idea, as it lets us use newer versions of GnuTLS that support elliptic curves with the minimum amount of pain. > #2 Fork GnuTLS 2 for Debian. > > #3 Hope that GMP is relicensed to GPL2+/LGPLv3+ > > #4 Hop nettle switches to a different arbitrary precision arithmetic > library. > > #5 Declare GMP to be a system library. I don't think this is actually feasible, due to the way the GPLv2 is actually written. Otherwise, we wouldn't be using GnuTLS at all, since OpenSSL would be satisfactory for everything. > #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3 > for license reasons will need to drop TLS support or be relicensed or > be ported to a different TLS library. I don't think this option is a good idea. It will leave git without HTTPS support, since libcurl3-nss doesn't actually work for HTTPS. libcurl3-nss requires an additional library not in Debian for the crypto support to work at all, and despite me filing bugs, neither the NSS nor the curl maintainers have stepped up to fix this. This also doesn't consider the fact that NSS provides poorer crypto support than either OpenSSL or GnuTLS, although it's getting better. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature