Andreas Metzler <ametz...@debian.org> wrote: > Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think > this is sustainable for much longer.
> State of Play: > --------- > In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only > supported crypto backend. Nettle requires GMP. > GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be > licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2 > (released September 2007). > Therefore GnuTLS 3.x cannot be used by GPLv2 (without "or later" > clause) software which is the main reason most of Debian is still > using GnuTLS 2.x. [...] > --------- > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. > #2 Fork GnuTLS 2 for Debian. > #3 Hope that GMP is relicensed to GPL2+/LGPLv3+ > #4 Hope nettle switches to a different arbitrary precision arithmetic > library. > #5 Declare GMP to be a system library. > #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3 > for license reasons will need to drop TLS support or be relicensed or > be ported to a different TLS library. [...] There seems to be some good news: https://gmplib.org/repo/gmp/rev/02634effbd4e | Update library files license to use LGPL3+ and GPL2+. cu Andreas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/gd0lra-e83....@argenau.downhill.at.eu.org
