On 2013-10-26 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > On 10/26/2013 02:24 AM, Andreas Metzler wrote: > >> On Fri, Oct 25, 2013 at 09:56:58AM -0400, Daniel Kahn Gillmor wrote: > >>> btw, it's not clear to me why we --disable-libdane -- I see that it was > >>> set (along with --without-tpm) in 3.1.3-1, but i don't see the reason > >>> for it. could that be clarified someplace?
>> --without-tpm had some license rationale, --disable-libdane might have >> been related to licensing (I think it was one of the leftover LGPLv3 >> GnuTLS parts at this time and I have not completely given up on a >> LGPLv2+ GnuTLS stack.). If there is *strong* interest in libdane I can >> doublecheck and enable if feasible (or else document). > I am interested in libdane, and would like to know what the rationale > is. I'd also be curious to know more about "some license rationale" for > --without-tpm, though i consider TPM of much lower interest compared to > DANE. Hello, tpm used to be undistributable, see <https://gitorious.org/gnutls/gnutls/commit/0fcbd34c953304dd06ebd49389af4b78575bd55b> and <http://lists.gnutls.org/pipermail/gnutls-devel/2013-October/006539.html>. The dane situation is slightly better, but still sucks. libdane requires and links against libunbound. libunbound OTOH is linked against OpenSSL's libssl on Debian[1]. Therefore libdane and any program using it ends up being dynamically linked against both libssl (OpenSSL license) and GnuTLS (LGPLv3+ via gmp). The result is not undistributable but not very useful, since it is e.g. GPL-incompatible.[2] Apart from that it is more than a little bit ugly that libdane customers end up being linked against two different major TLS toolkits. cu Andreas [1] From a quick look at unbound's ./configure it looks like it could use NSS instead of OpenSSL. I guess the license situation might be better then, but the ugliness still remains. [2] GnuTLS' danetool commandline program is GPLv3 and would therefore be undistributable. -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
