To revive a very old thread, OpenSSL is now in the process of switching to a GPL-compatible license, finally!
https://www.openssl.org/blog/blog/2015/08/01/cla/ On Tue, Dec 13, 2011 at 11:45 AM, William Stein <wst...@gmail.com> wrote: > On Tue, Dec 13, 2011 at 11:14 AM, Volker Braun <vbraun.n...@gmail.com> wrote: >> Since libSystem.B.dylib is a os library we shouldn't have to care. Also, I >> don't think apple ships openssl since its not featured in apple ads ;-) >> >> Question for notebook developers: Do we actually use python's ssl module? >> The notebook code seems to have gnutls support, see >> e.g. sagenb/notebook/gnutls_socket_ssl.py > > Quick remark: this was something we hacked together to make Twisted > work with GNUtls, since Twisted does not support that officially. > Using openssl instead would have been much easier. > > As far as I know, the ways crypto libs are used in Sage are: > > (1) to make it so the notebook can be served securely. > > (2) Mercurial requires (at least) libcrypt, or it won't do anything. > > (3) It is likely (?) that the pycrypto Python library that Sage > includes depends on having "import crypt" work, but I'm not sure. > > Personally, I would love to dump the following spkg's from Sage: > > gnutls > python_gnutls > gcrypt > libgpg_error > opencdk > > and either (a) require a system-wide ssl, or (b) include openssl in Sage. > > Sage used to be (b) -- i.e., it did not include any of the above > packages, and did include openssl. Then a student in my class pointed > out that openssl is not GPL-compatible [1], so I suffered greatly > swapping it out for the above libraries. However, we never binary > link any GPL code with openssl -- any linking is done via Python at > runtime -- so maybe shipping openssl would be OK. > > More to the point, (a) would be a great solution, if we're already > requiring *some* systemwide libcrypt* to build Sage anyways. Why not > make that explicit, get rid of five annoying packages (which take a > while to build, etc.), and be done with it? According to [1] again, > "The GPL also contains a 'special exception' which allows your GPL-ed > program to link against GPL incompatible libraries which are shipped > as part of the operating system that the executable runs on.", so (a) > is legal. However, it seems possible that (b) is not legal since the > GPL says "the source code distributed need not include anything that > is normally distributed (in either source or binary form) with the > major components (compiler, kernel, and so on) of the operating > system on which the executable runs, unless that component itself > accompanies the executable." > > [1] http://people.gnome.org/~markmc/openssl-and-the-gpl.html > > -- William > >> >> >> >> -- >> To post to this group, send an email to sage-devel@googlegroups.com >> To unsubscribe from this group, send an email to >> sage-devel+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/sage-devel >> URL: http://www.sagemath.org > > > > -- > William Stein > Professor of Mathematics > University of Washington > http://wstein.org -- William (http://wstein.org) -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at http://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
