OK. Let's try again : I have two questions : 1. What are the parts (standard, optional or experimental, except, of course, the openssl package itself) of Sage that need (directly or indirectly) a secure transport layer but would accept either openSSL or reasonable substitutes such as Gnu TLS or Mozilla's NSS ? 2. What are the parts (standard, optional or experimental, except, of course, the openssl package itself) of Sage that (directly or indirectly) need openSSL, no substitute accepted ?
My favorite itch to be scratched (namely R), seems to fall in the first category, but I have trouble proving it : I would need a reasonable test machine with no openSSL library to check whether R installs or not using only Gnu TLS. All the Linux *desktop* installation I tried install openSSL, one way or another (even Debian, which is notably prudish about licensing). I would have to install an ultra-basic virtual machine. This setup could be used to prove or disprove the dependencies of various parts of Sage. There are only two possible results, and two sets of action : 1. If no part of Sage depends on openSSL exclusively : fine. package and ship Gnu TLS as a standard package, and be done with the damn thing 2. If some part of Sage need openSSL exclusively : since we *can* use a systemwise installation but cannot (pseudo-legally) *ship* it, we just *have to* depend on this systemwide installation. Add it to the prerequisites, and be done with it. So this inventory is crucial. What do you know about these dependencies ? -- Emmanuel Charpentier Le lundi 21 novembre 2016 12:21:31 UTC+1, Emmanuel Charpentier a écrit : > > Dear list, > > The fact that we can't ship openSSL (see uncountable theads in sage-devel > and others) seems to pose more and more difficulties. See for example this > thread <https://groups.google.com/forum/#!topic/sage-support/rDV9uGT2ViM> > on sage-support, and especially Dima's answer > <https://groups.google.com/d/msg/sage-support/rDV9uGT2ViM/GuKDbhSKAwAJ>, > as well as this annoying ticket <https://trac.sagemath.org/ticket/21767>, > discussed in this saga > <https://groups.google.com/forum/#!topic/sage-devel/QaBdHSNJuKg> . > > Could'nt we add OpenSSL as a prerequisite to Sage, and it"s development > files as a prerequisite to building Sage ? This would require of the user > to install OpenSSL systemwide, thus making it "system software" and > satisfying the strange licensing requirements that bother us. > > One could even do that indirectly, by requiring a systemwide libcurl > supporting https : this would de facto enforce the systemwide installation > of OpenSSL (or a reasonable facsimile). That's what I was trying to do in > this > proposal <https://trac.sagemath.org/ticket/21767#comment:41>... (IIRC, > the problem with libcurl is also bound to OpenSSL : libcurl itself is not a > problem. But I'll have to check : if this is true, we can require OpenSSL > and ship libcurl which will then compile cleanly). > > Comments ? Especially wrt Macs, which seem to be further encumbered by > Apple's dirty tricks... > > Should we have a vote ? > > -- > Emmanuel Charpentier > > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
