On Jan 14, 5:07 pm, William Stein <[email protected]> wrote: > On Jan 14, 2012 9:00 AM, "Dr David Kirkby" <[email protected]> wrote: > > > > > > > > > > > > > On Jan 9, 4:39 pm, William Stein <[email protected]> wrote: > > > Hi Sage-Devel, > > > > PROPOSAL: I propose that we remove python_gnutls, gnutls, opencdk, > > > libgcrypt, and > > > libgpg_error from Sage-5.0. See below for details. > > > > VOTE: > > > > [ ] Yes, remove them! > > > [ ] No, we need them. > > > [ ] Woops -- you are confused and didn't realize that ________________. > > > How about adding: > > > [ ] I understand the issues. I don't want to make a quick decision. > > > > DETAILS: > > > > The Sage notebook supports a "secure=True" option, which encrypts > > > communication between the notebook server and clients. This currently > > > depends on hacked-in support in Twisted for GNUTLS instead of OpenSSL, > > > because GNUTLS is GPL and OpenSSL is GPL-incompatible. GNUTLS has a > > > long list of dependencies, all of which we build from source with some > > > pain. > > > Are those dependencies used elsewhere though? > > No, I don't think so. > > > If so, you might not be > > able to remove them anyway. > > > But the GPL issue is one you should not forget. > > > > Very few people actually use the notebook in secure=True mode. For > > > those that do, I think it is reasonable to require them to build > > > Python with openssl support. > > > Makes Sage non GPL > > No it doesn't. There is a linking-with-system-libraries ckause in the > GPL.
What part of the GPL? Can you be more specific. I know there is this clause "However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. " But OpenSSL can't be considered to fall into that. > > if that is commented out, or set to "no", then X forwarding wont > > work. > > I am *not* talking about X forwarding but port forwarding. They are > completely different. Yes, and are you sure port fowarding is permitted by the more "entreprise" level operating systems. I am not on a Unix box just now, but I suspect that might fall into the same category as X forwarding. It probably depends on how sshd_config is set up, and that will depend on the level of paranoia of the system admin. But to be honest, if I was bothered about security, I would not rely on the "Secure=True" mode of Sage, as I would not trust its been implemented as well as security has been on tools designed to be secure. Dave -- To post to this group, send an email to [email protected] To unsubscribe from this group, send an email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
