[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating the fis-gtm package to V6.2-000

On 09/29/2014 02:08 PM, Thorsten Alteholz wrote:
>
>
> On Mon, 29 Sep 2014, Andreas Tille wrote:
>>> [amul:4] V6.2-000 is ready for upload!
>>
>> And so I did.  Thanks for your work on this
>
> Hmm, AGPL code without exception linked with openssl doesn't look well ..

[KSB] Thorsten, I manage FIS GT.M, the upstream project, and can speak
for it.

GT.M does not require OpenSSL, does not statically link to it, and does
not in a strict sense, depend on OpenSSL.  But there is a looser
relationship / dependency.

Use of GT.M does not require use of encryption, but GT.M does support the
use of encryption for some functions.  Since there are many encryption
requirements around the world, and since our expertise is not in writing
cryptographic software,  GT.M does not include any cryptographic
functionality, but instead uses a plug-in architecture.  Any plug-in that
provides GT.M with an implementation of GT.M's abstract encryption API
that it can call will work.  GT.M includes a reference implementation of
an encryption plug-in, and the GT.M binary distribution includes source
code for that reference implementation that users are free to use if it
meets their needs, to modify to suit their needs, or simply to not use
and provide their own.  In our development environment, we test the
reference implementation with a couple of popular packages, including
OpenSSL, to be sure that the reference implementation works as it is
supposed to.

We do not intend adapting the reference implementation to meet a user or
site's specific needs to be interpreted as creating a derivative work. 
In my view, the closest analogy is a package that ships with shell
scripts, configuration files, etc.  Using them as shipped, editing them,
or replacing them, is part of deploying / using the package, and does not
create a derivative work.

Please do let me know what clarification you think is appropriate under
the circumstances.  Does this explanation suffice?  If you would like us
to make the clarification in any other way (such as a statement in the
README), we would be happy to.  Thank you.

Regards
-- Bhaskar

>
>   Thorsten
>
>

-- 
GT.M - Rock solid. Lightning fast. Secure. No compromises.

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
Reply to: