Russ Allbery <[EMAIL PROTECTED]> writes: > Simon Josefsson <[EMAIL PROTECTED]> writes: >> Steve Langasek <[EMAIL PROTECTED]> writes: > >>> I notice from >>> <http://josefsson.org/cgi-bin/viewcvs.cgi/shishi/README?rev=1.30&view=markup> >>> that this lib is distributed under the terms of the GPL only, so I have >>> my doubts that it's particularly useful for Debian to adopt it. Is >>> there any particular reason that GNU shishi is not made available under >>> the LGPL? > >> Some reasons are given in [1]. I don't quite follow. Is there a >> problem with GPL'd software in Debian? > > The problem is that you're drastically limiting what other software can > use the library. For example, there would be no way that Debian could > link Cyrus SASL with shishi, because Cyrus SASL is used by a wide variety > of other packages including some that are not GPL-compatible. No package > that uses shishi could also use OpenSSL. No package that uses shishi > could, as I understand it, use it as part of an Apache module. There are > lots of other, similar cases.
I see, right. I note that a similar problem already exist, because Heimdal links with OpenSSL. So it appears that code licensed under GPL could not link with Heimdal. (A rdepend suggest e.g. lsh-server contain GPL code that link with OpenSSL through Heimdal) > As a result, shishi is going to basically be a curiosity, not a serious > Kerberos alternative for Debian. Given the difficulty involved in > building multiple versions of packages to allow a choice of Kerberos > implementations (if you look through Debian, you'll find that the ability > to use Heimdal or MIT Kerberos exclusively is already rather spotty and > some significant packages are only really maintained with one or the > other), the addition of licensing problems means that there's basically no > motivation for anyone to try to use shishi. One motivation would be to get the unique features that Shishi has that the other Kerberos implementation has. E.g., non-ASCII support, X.509/OpenPGP authentication through GnuTLS. > Most of the motivations for making a library GPL rather than LGPL do not > apply to shishi, since no one is going to free their software just to be > able to use shishi. They're going to shrug and just use MIT Kerberos or > some other implementation with a permissive license instead. You have a point, and I'll consider switching to LGPL for the core library. Perhaps a model like the one for GnuTLS is appropriate, where the unique features has been separated into a GPL'd library. Thanks, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
