Re: GnuTLS in Debian
Andreas Metzler <ametzler@debian.org> wrote:
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.
> State of Play:
> ---------
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
> GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released September 2007).
> Therefore GnuTLS 3.x cannot be used by GPLv2 (without "or later"
> clause) software which is the main reason most of Debian is still
> using GnuTLS 2.x.
[...]
> ---------
> #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
> #2 Fork GnuTLS 2 for Debian.
> #3 Hope that GMP is relicensed to GPL2+/LGPLv3+
> #4 Hope nettle switches to a different arbitrary precision arithmetic
> library.
> #5 Declare GMP to be a system library.
> #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3
> for license reasons will need to drop TLS support or be relicensed or
> be ported to a different TLS library.
[...]
There seems to be some good news:
https://gmplib.org/repo/gmp/rev/02634effbd4e
| Update library files license to use LGPL3+ and GPL2+.
cu Andreas
Reply to: