|X| Yes, we should fully support OpenSSL now, and clarify the licensing issue.
On Mon, Oct 16, 2017 at 8:22 AM Dima Pasechnik <dimp...@gmail.com> wrote: > > > On Monday, October 16, 2017 at 11:08:52 AM UTC+1, Emmanuel Charpentier > wrote: > >> [ The first post started too fast... Sorry for the interruption ! ] >> >> Following numerous discussions on this list and various Trac tickets*, >> the issue of maintaining Sage-specific patches to various components of >> Sage emerged again about the proposed upgrade >> <https://trac.sagemath.org/ticket/24026> of R to 3.4.2 (discussed here >> <https://groups.google.com/forum/#!topic/sage-devel/rhMrNK_2c24>). >> William again raises >> <https://groups.google.com/d/msg/sage-devel/rhMrNK_2c24/WQ5FPmsiAQAJ> >> the issue of security. >> >> Since Trac#22189 <https://trac.sagemath.org/ticket/22189>, installation >> of a systemwide opennssl is recommended (may be too strongly >> <https://trac.sagemath.org/ticket/22620>, in the taste of some >> respectable Sage developers...). The ongoing relicensing of OpenSSL should >> lift the last barriers to its inclusion in sage. A discussed here >> <https://groups.google.com/forum/#!topic/sage-devel/rhMrNK_2c24>,, the >> probability of a legal problem related to the incusion of this library in >> Sage seems infinitesimal. >> >> It has beeen furthermore suggested >> <https://groups.google.com/d/msg/sage-devel/rhMrNK_2c24/GYHzsSd6BAAJ> to >> add to our licensing (an adaptatin of) the following language, used in Gnu >> Wget License (GPL) : >> >> "Additional permission under GNU GPL version 3 section 7 >> >> If you modify this program, or any covered work, by linking or combining >> it with the OpenSSL project's OpenSSL library (or a modified version of >> that library), containing parts covered by the terms of the OpenSSL or >> SSLeay licenses, the Free Software Foundation grants you additional >> permission to convey the resulting work. Corresponding Source for a >> non-source form of such a combination shall include the source code for the >> parts of OpenSSL used as well as that of the covered work." >> >> >> The proposed inclusion would entail : >> >> - Deprecation of our OpenSSL-avidance patches >> - Standardization of SSL communications on OpenSSL >> - At compilation, research of a systemwide OpenSSL >> - If found : do nothing >> - In not found : installation of OpenSSL in the Sage tree from a >> Sage-specific repository (as for most of our standard and optional >> packages...). >> - Licensing clarification >> >> In short, we have two options : include OpenSSL now (using language >> clarification), or wait for the complete OpenSSL relicensing. The exact >> terms of the vote are therefore : >> >> |X| Yes, we should fully support OpenSSL now, and clarify the licensing >> issue. >> >> >> |_| No, we should wait until OpenSSL finishes fixing their license >> situation formally. >> >> The vote will take place as answers to this post, and will be open until >> Monday October 23, 14h UTC. >> >> Sincerely yours, >> >> >> Emmanuel Charpentier >> >> * Perusing the results of searching Trac and sage-devel Google group is >> enlightening... >> -- >> Emmanuel Charpentier >> >> -- > You received this message because you are subscribed to the Google Groups > "sage-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sage-devel+unsubscr...@googlegroups.com. > To post to this group, send email to sage-devel@googlegroups.com. > Visit this group at https://groups.google.com/group/sage-devel. > For more options, visit https://groups.google.com/d/optout. > -- -- William Stein -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.