Bug#409154: What is the status on libapache2-mod-auth-openid, for debian?

[Daniel Kahn Gillmor <dkg@fifthhorseman.net>]

Posting this exchange with Brian's permission:

On Wed 2007-08-01 15:07:48 -0400, "bmuller@butterfat.net wrote:

> Hello - I'm the lead developer for mod_auth_openid.
>
> Would it be sufficient for me to distribute mod_auth_openid with an
> OpenSSL exemption to the GPL (as described at
> http://lists.debian.org/debian-legal/2004/05/msg00595.html )?

I'm not enough of a debian-legal person to say conclusively that it'd
be acceptable for debian, but since mod_auth_openid is the only piece
of code here under the GPL and you control the entire copyright
(afaict) i think this would be a legitimate course of action.

> I've contacted the libopkele (the dependency that actually uses
> OpenSSL) developer about possibly using GNUTLS instead of OpenSSL, but
> I'm fairly certain that he's not going to be willing to change.

sigh.  yeah, that could well be an uphill battle.  Thanks for pinging
further upstream about it.  I'll drop them a note myself to see if
it'll help any.  debian's libopkele is already building cleanly
against libcurl-gnutls, so there's only the direct use of openssl that
they'd need to worry about.  What a chain of dependencies!

> If necessary, I can revert to a less restrictive license, but would
> prefer to go with the GPL.

I don't know that you'd need to do anything less restrictive than the
OpenSSL exemption you describe.  Thank you very much for both taking
the license wrangling seriously and for being reasonable about it.

Regards,

        --dkg