Simon Josefsson <si...@josefsson.org>:
What does this mean? Is globus-openssl a fork of openssl, or some kind of meta-package that depends on openssl? I recall globus using a highly patched openssl in the past, have this been resolved?
This package is a GPT glue package, containing GPT metadata for the existing system version of openssl so that GPT dependencies on openssl can be fulfilled by the system version of the library.
Guus Sliepen <g...@debian.org> wrote:
Does it contain a copy of the complete OpenSSL library, or just some wrappers around it? In case of the former, the license is not Apache-2.0 but the OpenSSL license. It is also very undesirable to have a copy of the OpenSSL library in another package.
This package does NOT duplicate the existing openssl package. The globus toolkit source tarball does include a copy of the openssl sources. None of that code is present in the sources of this package. In the past, if you installed globus using the installer script in the source tarball it would compile a private version of openssl and use it to build the rest of the globus tollkit, which of course was one of the biggest reasons why globus never worked well together with system libraries. In our builds we have thrown out the private openssl library build since many years, and instead used the system version. In the latest release of the globus toolkit, this is also the default way used by the installer script in the source tarball.
However, since globus uses gpt to build its libraries it needs gpt metadata about the openssl library to fulfil its build dependencies. This package only provides this metadata about the system version of the openssl library.
If you look in the source tarball for this package you see a single XML file and nothing else.
Mattias Ellert
smime.p7s
Description: S/MIME cryptographic signature
