Antoine Pitrou <pit...@free.fr> added the comment: > Since libtomcrypt is public domain, you could incorporate the source > into the tree without making it a binary dependency.
And then we have to maintain our copy ourselves. I'm not sure why you think this is better than depending on a system-wide install, because it's certainly worse. (we do have private copies of a couple of libraries: zlib, expat, libffi. The first two are probably for historical reasons (the system-wide versions are used by default), while the third is because it's patched) > I certainly wouldn't mind having 1 dependency on NSS, but having 2 > modules depend on OpenSSL is a step in the wrong direction. Perhaps you wouldn't mind, but others would (especially packagers; including ourselves since we build binary packages for Windows and Mac OS X). > It took several years until someone like Marc-Andre Lemburg to find > that the Python website might be violating that license. Perhaps the > reason is because no one bothers to read licenses carefully. People > are probably violating the license without knowing it. The solution to stop violating it is trivial, though: just add the required mention(s). Compare that to rewriting a lot of code and making sure it doesn't change behaviour compared to previous Python versions. > One is that if you mention something like "base64" in whatever could > be deemed "advertising", you will be subject to this clause because > base64 is a feature of OpenSSL, even if you don't use their > implementation. Unless "base64" is an OpenSSL trademark, this is FUD. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue8998> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com