Sun, 20 Feb 2011 13:14:34 +0000

license incompatibilities

GnuTLS has recently made Nettle its prefered crypto backend. I think Debian will need to continue to use libgcrypt for license reasons. While GnuTLS+libgcrypt and its dependencies are LGPL-2.1+ nettle itself is LGPL-2.1+, except for small GPL-2+ parts (serpent and blowfish). But these are being replaced by LGPL-2.1+ implementations currently. However nettle's public key library (libhogweed) uses and links against the GNU Multiple Precision Arithmetic Library which is LGPL-3+.

Afaiui this is a deal-breaker, GPL-2 (without the "any later version" clause) and (L)GPL-3 are incompatible. A nontrivial number of GnuTLS using applications and libraries are licensed (L)GPL-2. I started checking but stopped at "j" after finding cherokee-1.0.20, cluster-glue-1.0.7, cups-1.4.6, drizzle-2010.09.180, echoping-6.0.2, elinks-0.12~pre5, gtk-vnc-0.4.2, inspircd-1.1.22+dfsg and jd-2.8.1~beta110214.

Posted by Andreas Metzler | Permanent link | File under: debian