Hi Kevin and Tobi, On Thu, Apr 09, 2009 at 03:49:57AM -0500, kevin brintnall wrote: > I'm considering making a "soft" dependency on OpenSSL for the rrdcached > auth code.
Apart from the currently ongoing discussion about technical issues regarding authentication concepts (in which I mostly share Florian's point of view - quite frankly, I'm pretty disappointed about how security is handled, driven by PR related arguments and irresponsible users instead of real technical aspects of how to provide good and _real_ security), we'll run into license issues when using OpenSSL. The problem is that the OpenSSL / SSLeay license is incompatible to the GPL (see [1]). In order to make it possible for users to link RRDtool against libssl, a special exception has to be added to the license of _each_ source file that will later be linked against libssl (see [2]). Since this is a license change, it would require the permission of _every_ copyright holder of those pieces of the software, which is basically impossible in RRDtool. Using, e.g., GnuTLS would be a valid option though ... Cheers, Sebastian [1] http://www.gnu.org/philosophy/license-list.html#OpenSSL [2] http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs -- Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/ Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
signature.asc
Description: Digital signature
_______________________________________________ rrd-developers mailing list rrd-developers@lists.oetiker.ch https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers