[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GnuTLS in Debian

Andreas Metzler <ametzler@debian.org> wrote:
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.

> State of Play:
> ---------
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.

> GnuTLS and Nettle are available under LGPLv2.1+.  GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released September 2007).

> Therefore GnuTLS 3.x cannot be used by GPLv2 (without "or later"
> clause) software which is the main reason most of Debian is still
> using GnuTLS 2.x.
> ---------
> #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.

> #2 Fork GnuTLS 2 for Debian.

> #3 Hope that GMP is relicensed to GPL2+/LGPLv3+

> #4 Hope nettle switches to a different arbitrary precision arithmetic 
> library.

> #5 Declare GMP to be a system library.

> #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3
> for license reasons will need to drop TLS support or be relicensed or
> be ported to a different TLS library.

There seems to be some good news:
| Update library files license to use LGPL3+ and GPL2+.

cu Andreas

Reply to: