Re: GnuTLS in Debian
Andreas Metzler <firstname.lastname@example.org> wrote:
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.
> State of Play:
> In July 2011 with version 3.0  GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
> GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released September 2007).
> Therefore GnuTLS 3.x cannot be used by GPLv2 (without "or later"
> clause) software which is the main reason most of Debian is still
> using GnuTLS 2.x.
> #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
> #2 Fork GnuTLS 2 for Debian.
> #3 Hope that GMP is relicensed to GPL2+/LGPLv3+
> #4 Hope nettle switches to a different arbitrary precision arithmetic
> #5 Declare GMP to be a system library.
> #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3
> for license reasons will need to drop TLS support or be relicensed or
> be ported to a different TLS library.
There seems to be some good news:
| Update library files license to use LGPL3+ and GPL2+.