[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful



Howard Chu <hyc@symas.com> writes:

> Since they're committed to using GnuTLS, yes. Unfortunately for the
> Debian community, just because software is released under the GPL
> doesn't say anything about its quality.

GnuTLS is used in Debian for libldap because the project believes that
it's the only thing that it can do legally under the project's copyright
law interpretation (without kicking out all the GPL software that directly
or indirectly links with libldap), not because we have a preference for
GPL software.  Many people in Debian do not (myself included).
Personally, I release all my stuff under the MIT license.

Other distributions disagree with the copyright law interpretation.  Some
lawyers apparently agree and others don't.  Given that I'm neither a
lawyer nor willing to pay the money to hire one for the project, and given
that no one really cares about my opinion of Debian's copyright analysis
anyway, it is what it is.  Convincing me that Debian's position is wrong
is essentially pointless.  I can't change it.  Convincing Eben Moglen that
it's wrong might accomplish something.

It's frustrating for me too.  The fault here lies with the combination of
the obnoxious GPL refusal to cooperate with other licenses and the
obnoxious OpenSSL advertising clause, or arguably with Debian's extremely
conservative position on licensing with dynamic linking, but that's a
fight that I have no desire to take on yet again.

There are enough other reasons to use already-packaged software and enough
reasons to use Debian in preference to other distributions (for what we're
doing at Stanford; I'm not interested in discussing that position with
anyone on this list) that it was worth helping fund the development of the
GnuTLS support.  That support basically works, recommended or not, which
is a better place than we were in before.  I can only hope that it will
get better in the future, or that some miracle will happen with either
OpenSSL licensing or Debian's legal interpretation of copyright, none of
which I have any real control over.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>