FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 07-19-2008, 07:01 PM
"Teran McKinney"
 
Default Linking to OpenSSL

Hi,

I have been working on an Arch fork for the past several months, and
thus have been following Arch developments closely. I noticed this
commit ( http://projects.archlinux.org/gitweb.cgi?p=pacman.git;a=commit;h=b8a66d68593d1f2 67c3bb8cd8943724711626903
), where OpenSSL replaces the usage of md5sum and sha1sum utilities
for Pacman. While I like the idea of using libraries instead of
external binaries, I feel that linking to OpenSSL complicates a few
things. For one, it is big, and must be included with any non-static
binaries of Pacman (in the installer, this would not be so ideal,
unless OpenSSL is included anyways). Another, is that it is simply not
legal under the GPL. OpenSSL includes an advertising clause that makes
it incompatible with the GPL. Wget and climm had to modify their GPL
licenses to link to it (
http://en.wikipedia.org/wiki/Openssl#Licensing ).

I purpose using GNUTLS instead. It is released under the LGPLv2.1,
should be fully capable, and is compatible with the GPL. Many projects
that use OpenSSL can also optionally link to GNUTLS instead, so I
would suggest doing so with all possible packages (lftp, elinks,
wget). What are your thoughts about this?

Pacman is an excellent package manager; thank you for all of the work
that you put into it.

Cheers,
Teran (sega01)

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 07-19-2008, 07:12 PM
Xavier
 
Default Linking to OpenSSL

Teran McKinney wrote:
> Hi,
>
> I have been working on an Arch fork for the past several months, and
> thus have been following Arch developments closely. I noticed this
> commit ( http://projects.archlinux.org/gitweb.cgi?p=pacman.git;a=commit;h=b8a66d68593d1f2 67c3bb8cd8943724711626903
> ), where OpenSSL replaces the usage of md5sum and sha1sum utilities
> for Pacman. While I like the idea of using libraries instead of
> external binaries, I feel that linking to OpenSSL complicates a few
> things.

I am confused, the patch you showed is for makepkg, which is a bash script.
The usage of md5sum and sha1sum binaries was replaced by the usage of
openssl binary. We don't use openssl lib.

For pacman, we also need md5 hashing functionality. For that we imported
a md5.c file from the xyssl project.

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 07-19-2008, 07:12 PM
"Dan McGee"
 
Default Linking to OpenSSL

On Sat, Jul 19, 2008 at 2:01 PM, Teran McKinney <sega01@gmail.com> wrote:
> Hi,
>
> I have been working on an Arch fork for the past several months, and
> thus have been following Arch developments closely. I noticed this
> commit ( http://projects.archlinux.org/gitweb.cgi?p=pacman.git;a=commit;h=b8a66d68593d1f2 67c3bb8cd8943724711626903
> ), where OpenSSL replaces the usage of md5sum and sha1sum utilities
> for Pacman.
Hold up right here. You read it wrong. This is for *makepkg* only, we
have *never* linked in anything external for pacman proper. We are
currently using code from XySSL as our md5sum routine, which is dual
licensed under BSD and GPL.

I do not believe calling a binary has ever been construed as linking-
correct me if I am wrong.

With that said, the rest of your email is pretty much off base.

> While I like the idea of using libraries instead of
> external binaries, I feel that linking to OpenSSL complicates a few
> things. For one, it is big, and must be included with any non-static
> binaries of Pacman (in the installer, this would not be so ideal,
> unless OpenSSL is included anyways). Another, is that it is simply not
> legal under the GPL. OpenSSL includes an advertising clause that makes
> it incompatible with the GPL. Wget and climm had to modify their GPL
> licenses to link to it (
> http://en.wikipedia.org/wiki/Openssl#Licensing ).
>
> I purpose using GNUTLS instead. It is released under the LGPLv2.1,
> should be fully capable, and is compatible with the GPL. Many projects
> that use OpenSSL can also optionally link to GNUTLS instead, so I
> would suggest doing so with all possible packages (lftp, elinks,
> wget). What are your thoughts about this?
Wrong ML is what I think about this. We don't decide Arch policy here,
only discuss pacman development.

> Pacman is an excellent package manager; thank you for all of the work
> that you put into it.

Thanks! And if you have any more questions about this, shoot us another email.

-Dan

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 
Old 07-19-2008, 07:24 PM
"Teran McKinney"
 
Default Linking to OpenSSL

Ah, ok. I must have read it incorrectly, but in the case of makepkg I
personally prefer the *sum utilities. It is a simply revert anyways,
and I will eventually get around to doing some major changes to
makepkg (I have a few ideas, but nothing set in stone).

Thanks,
Teran

On Sat, Jul 19, 2008 at 7:12 PM, Xavier <shiningxc@gmail.com> wrote:
> Teran McKinney wrote:
>> Hi,
>>
>> I have been working on an Arch fork for the past several months, and
>> thus have been following Arch developments closely. I noticed this
>> commit ( http://projects.archlinux.org/gitweb.cgi?p=pacman.git;a=commit;h=b8a66d68593d1f2 67c3bb8cd8943724711626903
>> ), where OpenSSL replaces the usage of md5sum and sha1sum utilities
>> for Pacman. While I like the idea of using libraries instead of
>> external binaries, I feel that linking to OpenSSL complicates a few
>> things.
>
> I am confused, the patch you showed is for makepkg, which is a bash script.
> The usage of md5sum and sha1sum binaries was replaced by the usage of
> openssl binary. We don't use openssl lib.
>
> For pacman, we also need md5 hashing functionality. For that we imported
> a md5.c file from the xyssl project.
>
> _______________________________________________
> pacman-dev mailing list
> pacman-dev@archlinux.org
> http://archlinux.org/mailman/listinfo/pacman-dev
>

_______________________________________________
pacman-dev mailing list
pacman-dev@archlinux.org
http://archlinux.org/mailman/listinfo/pacman-dev
 

Thread Tools




All times are GMT. The time now is 03:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org