On Wed, Mar 26, 2014 at 18:32:42 -0400, Daniel Kahn Gillmor wrote: > The openconnect package in debian builds against both OpenSSL and > GnuTLS, and links in both of these libraries. This is two separate > TLS stacks that need to be audited for the package to work correctly. > It also introduces potential licensing concerns due to the mix of > OpenSSL and GPL'ed code (i don't know whether openconnect's LGPL > licensing itself conflicts with OpenSSL's licensing, and i don't know > what effect this has on GPL'ed downstream dependencies like > network-manager).
The portions that are built into the openconnect library are LGPL and link with GnuTLS while the openconnect program links with OpenSSL (or a new enough GnuTLS), which should allow GPL rdeps to link. But regardless... > Both of the above concerns can be avoided by building openconnect > solely against GnuTLS, which appears to support all the features > needed. Yes, definitely will do. I've been anxiously watching the discussion about migrating Debian to GnuTLS 3.x by default and waiting for the relicensed GMP release that just hit the archive. This was the most important blocker holding OpenConnect back on GnuTLS 2.x. > I'm attaching a patch that resolves this for 5.03 (in unstable). the > patch for 5.99 (in experimental) is basically identical. i can submit > it explicitly as well if that would be useful. No need, but thanks for the patch. I will probably incorporate this into 5.99-2 in experimental and the upcoming 6.00-1 once the upstream major release happens (imminently). Thanks! -- mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
