Re: GnuTLS in Debian

To: debian-devel@lists.debian.org
Subject: Re: GnuTLS in Debian
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 29 Dec 2013 22:07:17 +0100
Message-id: <87sitbxt6i.fsf@mid.deneb.enyo.de>
In-reply-to: <20131222191240.GA3241@downhill.g.la> (Andreas Metzler's message of "Sun, 22 Dec 2013 20:12:40 +0100")
References: <20131222191240.GA3241@downhill.g.la>

* Andreas Metzler:

> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
>
> GnuTLS and Nettle are available under LGPLv2.1+.  GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released September 2007).
>
> Therefore GnuTLS 3.x cannot be used by GPLv2 (without "or later"
> clause) software which is the main reason most of Debian is still
> using GnuTLS 2.x.

libgcc also has this problem.  These days, it's GPLv3 or later plus
exceptions.  Theoretically, we could try to use compiler-rt from LLVM
instead to cover it, but I'm sure something else will pop up next.

It seems to me that declaring GNUTLS, GMP, libgcc, OpenSSL etc. system
libraries is the only reasonable way forward.

(FWIW, Microsoft distributes a propriatary BSD-derived libc and GCC in
the same download, so it's not just Red Hat that has a wide
interpretation of the system library exception.)

Reply to:

References:
- GnuTLS in Debian
  - From: Andreas Metzler <ametzler@debian.org>

Prev by Date: Re: GPLv2-only considered harmful
Next by Date: Bug#733544: ITP: pd-aubio -- aubio external for PureData
Previous by thread: Re: GnuTLS in Debian
Next by thread: init multiple instances of a daemon
Index(es):
- Date
- Thread