[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnubg] Serious bug: Random.org - Important Request for Comments

From: Dan Fandrich
Subject: Re: [Bug-gnubg] Serious bug: Random.org - Important Request for Comments
Date: Tue, 13 Jan 2015 21:11:14 +0100
User-agent: Mutt/1.5.23 (2014-03-12)

On Tue, Jan 13, 2015 at 11:17:20AM -0700, Michael Petch wrote:
> The downside is that we add some more dependencies to GNUbg. We'll

If you want https support without rolling your own crypto, there's no way
around another dependency.  Even if that dependency is normally supplied with
the OS.  And as long as this support is optional, there's really no issue.

> require libcurl(and anything it depends on) if a user wants Random.org
> support . We'd have to check for libcurl (and that it support SSL)
> during the ./configure process.
> There are some potential licensing issues with libcurl. It primarily has
> to do with releasing binaries that use OpenSSL for TLS on the back end
> when linked with GPL code. There is one possible solution. Use GNUtls as
> a back end. Unfortunately it may be (and I have to look into it) the
> Windows (MingW builds) and/or OS/X may be using OpenSSL. Whether they
> can be easily changed I can't say. Projects like 'wget' have been using
> a special exemption to deal with this in their license:

It's really only OpenSSL that has this issue IIRC. libcurl supports many SSL
libraries, including quite a few under GPL/BSD licenses. This gives you several
options to remain GPL-compliant using libcurl on multiple platforms.  An end
user compiling his own gnubg doesn't even need to concern himself with the
license of the SSL library (as long as he doesn't redistribute the code) while
packagers can choose one of a number of SSL back-ends compatible with

There's more on this topic at http://curl.haxx.se/legal/licmix.html

>>> Dan

reply via email to

[Prev in Thread] Current Thread [Next in Thread]