RFC: switching apt tls to openssl (>= 3) | GPL-3+ /usr/lib/apt/methods/http concerns

To: debian-devel@lists.debian.org
Subject: RFC: switching apt tls to openssl (>= 3) | GPL-3+ /usr/lib/apt/methods/http concerns
From: Julian Andres Klode <jak@debian.org>
Date: Sat, 15 Aug 2020 19:16:25 +0200
Message-id: <[🔎] 20200815191208.GA564053@debian.org>
Mail-followup-to: Julian Andres Klode <jak@debian.org>, debian-devel@lists.debian.org

Hi folks,

it is our plan to switch apt from GnuTLS to OpenSSL once OpenSSL
3.0 is out, making /usr/lib/apt/methods/http effectively a
GPL-3+ licensed binary. Or earlier, in case ftp masters decide
that the system library exception applies to OpenSSL.

I heard some concerns about such a change making Debian unsuitable
for some embedded users, and I'd like to weight the concerns. Unless
of course those people believe in a system library exception applying
to OpenSSL, in which case it can still be GPL-2 in their minds :D

As you might know, GnuTLS causes a few issues from time to time,
it's just not as "battle-tested" as OpenSSL (or NSS for that
matter).

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

Reply to:

Prev by Date: Bug#968447: ITP: softether-vpn -- open-source cross-platform multi-protocol VPN program
Next by Date: Bug#968464: ITP: autocut -- cut off silent parts of videos and concatenate them
Previous by thread: Bug#968447: ITP: softether-vpn -- open-source cross-platform multi-protocol VPN program
Next by thread: Bug#968464: ITP: autocut -- cut off silent parts of videos and concatenate them
Index(es):
- Date
- Thread