Re: GnuTLS in Debian

To: debian-devel@lists.debian.org
Subject: Re: GnuTLS in Debian
From: Andreas Metzler <ametzler@bebt.de>
Date: Tue, 28 Jan 2014 16:53:54 +0100
Message-id: <[🔎] gd0lra-e83.ln1@argenau.downhill.at.eu.org>
References: <20131222191240.GA3241@downhill.g.la>

Andreas Metzler <ametzler@debian.org> wrote:
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.

> State of Play:
> ---------
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.

> GnuTLS and Nettle are available under LGPLv2.1+.  GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released September 2007).

> Therefore GnuTLS 3.x cannot be used by GPLv2 (without "or later"
> clause) software which is the main reason most of Debian is still
> using GnuTLS 2.x.
[...]
> ---------
> #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.

> #2 Fork GnuTLS 2 for Debian.

> #3 Hope that GMP is relicensed to GPL2+/LGPLv3+

> #4 Hope nettle switches to a different arbitrary precision arithmetic 
> library.

> #5 Declare GMP to be a system library.

> #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3
> for license reasons will need to drop TLS support or be relicensed or
> be ported to a different TLS library.
[...]

There seems to be some good news:
https://gmplib.org/repo/gmp/rev/02634effbd4e
| Update library files license to use LGPL3+ and GPL2+.

cu Andreas

Reply to:

Follow-Ups:
- Re: GnuTLS in Debian
  - From: Carlos Alberto Lopez Perez <clopez@igalia.com>

Prev by Date: Re: Bug#736826: ITP: tea4cups -- The Swiss Army's knife of advanced CUPS administrators
Next by Date: Bug#736939: ITP: vim-fugitive -- A Git wrapper so awesome, it should be illegal
Previous by thread: Re: GnuTLS in Debian
Next by thread: Re: GnuTLS in Debian
Index(es):
- Date
- Thread