FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-01-2011, 08:46 AM
Jussi Lehtola
 
Default PokerTH orphaned

Hi,


I've just orphaned PokerTH, since I'm trying to free myself some time
and I don't use it myself.

PokerTH does not currently build on rawhide, since OpenSSL support has
been dropped from GnuTLS a week ago (BZ #726697). Getting it to build
again would then require building against OpenSSL (and asking upstream
for a GPL license exception), or shipping a private copy of GnuTLS.
--
Jussi Lehtola
Fedora Project Contributor
jussilehtola@fedoraproject.org
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-01-2011, 05:29 PM
Ryan Rix
 
Default PokerTH orphaned

On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
> Hi,
>
>
> I've just orphaned PokerTH, since I'm trying to free myself some time
> and I don't use it myself.
>
> PokerTH does not currently build on rawhide, since OpenSSL support has
> been dropped from GnuTLS a week ago (BZ #726697). Getting it to build
> again would then require building against OpenSSL (and asking upstream
> for a GPL license exception), or shipping a private copy of GnuTLS.

I picked up rawhide through F-14. If I cant get this building, I'll orphan it
again in a week's time.

r
--
Ryan Rix -- http://rix.si
== OpenSource.com: Where Open Source Happens! ==
_
/"/_ All Hail the Beefy Miracle!
/_/

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-01-2011, 05:43 PM
Tomas Mraz
 
Default PokerTH orphaned

On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote:
> On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
> > Hi,
> >
> >
> > I've just orphaned PokerTH, since I'm trying to free myself some time
> > and I don't use it myself.
> >
> > PokerTH does not currently build on rawhide, since OpenSSL support has
> > been dropped from GnuTLS a week ago (BZ #726697). Getting it to build
> > again would then require building against OpenSSL (and asking upstream
> > for a GPL license exception), or shipping a private copy of GnuTLS.
>
> I picked up rawhide through F-14. If I cant get this building, I'll orphan it
> again in a week's time.

Shipping a private copy of GnuTLS would have to get an exception I do
not think such exception should/would be granted. I can only recommend
you to look at the NSS OpenSSL compatibility support library and
patching PokerTH to use it instead of the GnuTLS.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-01-2011, 07:44 PM
Ryan Rix
 
Default PokerTH orphaned

On Mon 1 August 2011 19:43:37 Tomas Mraz wrote:
> On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote:
> > On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
> > > Hi,
> > >
> > >
> > > I've just orphaned PokerTH, since I'm trying to free myself some
> > > time
> > > and I don't use it myself.
> > >
> > > PokerTH does not currently build on rawhide, since OpenSSL support
> > > has
> > > been dropped from GnuTLS a week ago (BZ #726697). Getting it to
> > > build
> > > again would then require building against OpenSSL (and asking
> > > upstream
> > > for a GPL license exception), or shipping a private copy of GnuTLS.
> >
> > I picked up rawhide through F-14. If I cant get this building, I'll
> > orphan it again in a week's time.
>
> Shipping a private copy of GnuTLS would have to get an exception I do
> not think such exception should/would be granted. I can only recommend
> you to look at the NSS OpenSSL compatibility support library and
> patching PokerTH to use it instead of the GnuTLS.

I've talked to a few people about this now, including some folks at PokerTH
about it, and they're confused as to why this change is happening in GnuTLS at
all, and your comment in the bug report did not seem to explain it to them;
could you (or anyone) explain better why OpenSSL support in gnutls is a Bad
Thing?

r

--
Ryan Rix -- http://rix.si
== OpenSource.com: Where Open Source Happens! ==
_
/"/_ All Hail the Beefy Miracle!
/_/


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-02-2011, 09:36 AM
Hans de Goede
 
Default PokerTH orphaned

Hi,

On 08/01/2011 09:44 PM, Ryan Rix wrote:
> On Mon 1 August 2011 19:43:37 Tomas Mraz wrote:
>> On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote:
>>> On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
>>>> Hi,
>>>>
>>>>
>>>> I've just orphaned PokerTH, since I'm trying to free myself some
>>>> time
>>>> and I don't use it myself.
>>>>
>>>> PokerTH does not currently build on rawhide, since OpenSSL support
>>>> has
>>>> been dropped from GnuTLS a week ago (BZ #726697). Getting it to
>>>> build
>>>> again would then require building against OpenSSL (and asking
>>>> upstream
>>>> for a GPL license exception), or shipping a private copy of GnuTLS.
>>>
>>> I picked up rawhide through F-14. If I cant get this building, I'll
>>> orphan it again in a week's time.
>>
>> Shipping a private copy of GnuTLS would have to get an exception I do
>> not think such exception should/would be granted. I can only recommend
>> you to look at the NSS OpenSSL compatibility support library and
>> patching PokerTH to use it instead of the GnuTLS.
>
> I've talked to a few people about this now, including some folks at PokerTH
> about it, and they're confused as to why this change is happening in GnuTLS at
> all, and your comment in the bug report did not seem to explain it to them;
> could you (or anyone) explain better why OpenSSL support in gnutls is a Bad
> Thing?

Ryan, have you read the initial description of:
https://bugzilla.redhat.com/show_bug.cgi?id=460310

?

The problem is that gnutls's openssl compatibility uses the same symbol names
as openssl itself thus polluting the dynamic linker symbol namespace. So if
an application uses a library which is linked against openssl (for example
ldap libs through pam) and uses gnutls-openssl then the ldap libraries will
end up calling functions inside gnutls-openssl rather then inside openssl,
since the gnutls-openssl symbols are already present in the dynamic linkers
symbol namespace. This then goes boom big time, since the 2 are not ABI compatible.

Since gnutls-openssl is not ABI compatible it should not be using the same
function / variable names.

Tomas has chosen to fix this problem by simply disabling the openssl compat
part of gnutls (which as the above bug shows is broken by design) given that
only 3 apps use this, this seems like a sane choice to me.

The best way forward is probably to ask PokerTH upstream to add the
standard openssl license exception boilerplate to their license, I did
so successfully with gkrellm and switched to simply using the real openssl.

Regards,

Hans




--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-02-2011, 12:51 PM
"Jason L Tibbitts III"
 
Default PokerTH orphaned

>>>>> "HdG" == Hans de Goede <hdegoede@redhat.com> writes:

HdG> Hi,HHdG> Tomas has chosen to fix this problem by simply disabling the
HdG> openssl compat part of gnutls (which as the above bug shows is
HdG> broken by design) given that only 3 apps use this, this seems like
HdG> a sane choice to me.

Except, of course, it appears that someone completely forgot to contact
the people who maintain those applications. That's not how it's
supposed to work. Given that it's only three applications, that should
have been pretty easy. The point is that it's not OK to think "we're
only screwing three maintainers; it's OK to do this without actually
talking to them."

My upstream (zoneminder) explicitly removed openssl support because of
the licensing issues. It can still be made to work, but of course that
violates their license and I can't imagine that at this point they're
going to just change their license to allow us to ship the software. Of
course I'll try, but in the meantime I certainly can't actually build
the software in Fedora.

- J<
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-02-2011, 12:51 PM
"Jason L Tibbitts III"
 
Default PokerTH orphaned

>>>>> "HdG" == Hans de Goede <hdegoede@redhat.com> writes:

HdG> Hi,HHdG> Tomas has chosen to fix this problem by simply disabling the
HdG> openssl compat part of gnutls (which as the above bug shows is
HdG> broken by design) given that only 3 apps use this, this seems like
HdG> a sane choice to me.

Except, of course, it appears that someone completely forgot to contact
the people who maintain those applications. That's not how it's
supposed to work. Given that it's only three applications, that should
have been pretty easy. The point is that it's not OK to think "we're
only screwing three maintainers; it's OK to do this without actually
talking to them."

My upstream (zoneminder) explicitly removed openssl support because of
the licensing issues. It can still be made to work, but of course that
violates their license and I can't imagine that at this point they're
going to just change their license to allow us to ship the software. Of
course I'll try, but in the meantime I certainly can't actually build
the software in Fedora.

- J<
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-02-2011, 01:18 PM
Tomas Mraz
 
Default PokerTH orphaned

On Tue, 2011-08-02 at 07:51 -0500, Jason L Tibbitts III wrote:
> >>>>> "HdG" == Hans de Goede <hdegoede@redhat.com> writes:
>
> HdG> Hi,HHdG> Tomas has chosen to fix this problem by simply disabling the
> HdG> openssl compat part of gnutls (which as the above bug shows is
> HdG> broken by design) given that only 3 apps use this, this seems like
> HdG> a sane choice to me.
>
> Except, of course, it appears that someone completely forgot to contact
> the people who maintain those applications. That's not how it's
> supposed to work. Given that it's only three applications, that should
> have been pretty easy. The point is that it's not OK to think "we're
> only screwing three maintainers; it's OK to do this without actually
> talking to them."
>
> My upstream (zoneminder) explicitly removed openssl support because of
> the licensing issues. It can still be made to work, but of course that
> violates their license and I can't imagine that at this point they're
> going to just change their license to allow us to ship the software. Of
> course I'll try, but in the meantime I certainly can't actually build
> the software in Fedora.

The problem is I tried repoquery against the rawhide repository before
the disabling and either the repository was somehow broken or I made
some mistake because the repoquery returned empty results. That's why I
thought that there is no package depending on the libgnutls-openssl
anymore and so I dropped it. But I really do not plan to add it back
because upstream does not care about it and it seems to be left in the
experimental state forever. I do not think any other software should
depend on it for the SSL support. Either rewrite the SSL support to use
the native GNUTLS API, or use the NSS OpenSSL compatibility layer which
is written in such way that it does not conflict with the native OpenSSL
libraries.

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-02-2011, 01:18 PM
Tomas Mraz
 
Default PokerTH orphaned

On Tue, 2011-08-02 at 07:51 -0500, Jason L Tibbitts III wrote:
> >>>>> "HdG" == Hans de Goede <hdegoede@redhat.com> writes:
>
> HdG> Hi,HHdG> Tomas has chosen to fix this problem by simply disabling the
> HdG> openssl compat part of gnutls (which as the above bug shows is
> HdG> broken by design) given that only 3 apps use this, this seems like
> HdG> a sane choice to me.
>
> Except, of course, it appears that someone completely forgot to contact
> the people who maintain those applications. That's not how it's
> supposed to work. Given that it's only three applications, that should
> have been pretty easy. The point is that it's not OK to think "we're
> only screwing three maintainers; it's OK to do this without actually
> talking to them."
>
> My upstream (zoneminder) explicitly removed openssl support because of
> the licensing issues. It can still be made to work, but of course that
> violates their license and I can't imagine that at this point they're
> going to just change their license to allow us to ship the software. Of
> course I'll try, but in the meantime I certainly can't actually build
> the software in Fedora.

The problem is I tried repoquery against the rawhide repository before
the disabling and either the repository was somehow broken or I made
some mistake because the repoquery returned empty results. That's why I
thought that there is no package depending on the libgnutls-openssl
anymore and so I dropped it. But I really do not plan to add it back
because upstream does not care about it and it seems to be left in the
experimental state forever. I do not think any other software should
depend on it for the SSL support. Either rewrite the SSL support to use
the native GNUTLS API, or use the NSS OpenSSL compatibility layer which
is written in such way that it does not conflict with the native OpenSSL
libraries.

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-02-2011, 04:32 PM
Ryan Rix
 
Default PokerTH orphaned

On Tue 2 August 2011 11:36:20 Hans de Goede wrote:
> Hi,
>
> On 08/01/2011 09:44 PM, Ryan Rix wrote:
> > On Mon 1 August 2011 19:43:37 Tomas Mraz wrote:
> >> On Mon, 2011-08-01 at 10:29 -0700, Ryan Rix wrote:
> >>> On Mon 1 August 2011 11:46:00 Jussi Lehtola wrote:
> >>>> Hi,
> >>>>
> >>>>
> >>>> I've just orphaned PokerTH, since I'm trying to free myself some
> >>>> time
> >>>> and I don't use it myself.
> >>>>
> >>>> PokerTH does not currently build on rawhide, since OpenSSL support
> >>>> has
> >>>> been dropped from GnuTLS a week ago (BZ #726697). Getting it to
> >>>> build
> >>>> again would then require building against OpenSSL (and asking
> >>>> upstream
> >>>> for a GPL license exception), or shipping a private copy of
> >>>> GnuTLS.
> >>>
> >>> I picked up rawhide through F-14. If I cant get this building, I'll
> >>> orphan it again in a week's time.
> >>
> >> Shipping a private copy of GnuTLS would have to get an exception I do
> >> not think such exception should/would be granted. I can only recommend
> >> you to look at the NSS OpenSSL compatibility support library and
> >> patching PokerTH to use it instead of the GnuTLS.
> >
> > I've talked to a few people about this now, including some folks at
> > PokerTH about it, and they're confused as to why this change is
> > happening in GnuTLS at all, and your comment in the bug report did not
> > seem to explain it to them; could you (or anyone) explain better why
> > OpenSSL support in gnutls is a Bad Thing?
>
> Ryan, have you read the initial description of:
> https://bugzilla.redhat.com/show_bug.cgi?id=460310
>
> ?
>
> The problem is that gnutls's openssl compatibility uses the same symbol
> names as openssl itself thus polluting the dynamic linker symbol namespace.
> So if an application uses a library which is linked against openssl (for
> example ldap libs through pam) and uses gnutls-openssl then the ldap
> libraries will end up calling functions inside gnutls-openssl rather then
> inside openssl, since the gnutls-openssl symbols are already present in the
> dynamic linkers symbol namespace. This then goes boom big time, since the 2
> are not ABI compatible.
>
> Since gnutls-openssl is not ABI compatible it should not be using the same
> function / variable names.
>
> Tomas has chosen to fix this problem by simply disabling the openssl compat
> part of gnutls (which as the above bug shows is broken by design) given that
> only 3 apps use this, this seems like a sane choice to me.
>
> The best way forward is probably to ask PokerTH upstream to add the
> standard openssl license exception boilerplate to their license, I did
> so successfully with gkrellm and switched to simply using the real openssl.

Makes sense, thanks Hans.

I actually talked to them, and they say that openssl is pulled in only for
linking libcurl, and that PokerTH itself is using gcrypt for the Big Stuff, so
it should be fairly easy to fix/work around.

r

--
Ryan Rix -- http://rix.si
== OpenSource.com: Where Open Source Happens! ==
_
/"/_ All Hail the Beefy Miracle!
/_/

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 05:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org