On Tue, Dec 13, 2011 at 11:14 AM, Volker Braun <vbraun.n...@gmail.com> wrote: > Since libSystem.B.dylib is a os library we shouldn't have to care. Also, I > don't think apple ships openssl since its not featured in apple ads ;-) > > Question for notebook developers: Do we actually use python's ssl module? > The notebook code seems to have gnutls support, see > e.g. sagenb/notebook/gnutls_socket_ssl.py
Quick remark: this was something we hacked together to make Twisted work with GNUtls, since Twisted does not support that officially. Using openssl instead would have been much easier. As far as I know, the ways crypto libs are used in Sage are: (1) to make it so the notebook can be served securely. (2) Mercurial requires (at least) libcrypt, or it won't do anything. (3) It is likely (?) that the pycrypto Python library that Sage includes depends on having "import crypt" work, but I'm not sure. Personally, I would love to dump the following spkg's from Sage: gnutls python_gnutls gcrypt libgpg_error opencdk and either (a) require a system-wide ssl, or (b) include openssl in Sage. Sage used to be (b) -- i.e., it did not include any of the above packages, and did include openssl. Then a student in my class pointed out that openssl is not GPL-compatible [1], so I suffered greatly swapping it out for the above libraries. However, we never binary link any GPL code with openssl -- any linking is done via Python at runtime -- so maybe shipping openssl would be OK. More to the point, (a) would be a great solution, if we're already requiring *some* systemwide libcrypt* to build Sage anyways. Why not make that explicit, get rid of five annoying packages (which take a while to build, etc.), and be done with it? According to [1] again, "The GPL also contains a 'special exception' which allows your GPL-ed program to link against GPL incompatible libraries which are shipped as part of the operating system that the executable runs on.", so (a) is legal. However, it seems possible that (b) is not legal since the GPL says "the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable." [1] http://people.gnome.org/~markmc/openssl-and-the-gpl.html -- William > > > > -- > To post to this group, send an email to sage-devel@googlegroups.com > To unsubscribe from this group, send an email to > sage-devel+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/sage-devel > URL: http://www.sagemath.org -- William Stein Professor of Mathematics University of Washington http://wstein.org -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
