[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LGPL library using only LGPL-parts of partially GPL shared library (gnutls, nettle)


GnuTLS upstream has added support for different crypto backends in
2.11.x and has chosen nettle as prefered backend (2.10.x is using

The main GnuTLS library itself and its dependency chain (libgcrypt11
libtasn1-3) are LGPLv2.1+.

nettle OTOH is LGPLv2.1+ except for two parts: The implementations of
serpent and blowfish are GPLv2+. GnuTLS does not use these two pieces.
Nettle upstream says [1]:

| [...] This means that if you don't use the parts of nettle that are
| GPL-only, you have the option to use the Nettle library just as if it
| were licensed under the LGPL. To find the current status of particular
| files, you have to read the copyright notices at the top of the files.

Is this an acceptable interpretaton of the (L)GPL for Debian? Can I
switch crypto backends without doublechecking GnuTLS rdeps for
GPL-incompatible (but LGPL compatible) code?

thanks, cu andreas
[1] http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply to: