Hello, GnuTLS upstream has added support for different crypto backends in 2.11.x and has chosen nettle as prefered backend (2.10.x is using libgcrypt).
The main GnuTLS library itself and its dependency chain (libgcrypt11 libtasn1-3) are LGPLv2.1+. nettle OTOH is LGPLv2.1+ except for two parts: The implementations of serpent and blowfish are GPLv2+. GnuTLS does not use these two pieces. Nettle upstream says [1]: | [...] This means that if you don't use the parts of nettle that are | GPL-only, you have the option to use the Nettle library just as if it | were licensed under the LGPL. To find the current status of particular | files, you have to read the copyright notices at the top of the files. Is this an acceptable interpretaton of the (L)GPL for Debian? Can I switch crypto backends without doublechecking GnuTLS rdeps for GPL-incompatible (but LGPL compatible) code? thanks, cu andreas [1] http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/bujt28-8f9....@argenau.downhill.at.eu.org
