Bug#286672: Ping?

[Dan Wallis]

As I understand things, there is no longer anything preventing this
from being distributed as the developer intended (ie, with TLS/SSL
support). What's the hold-up? How can the community help?



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#286672: Bug email working?

[Dan Wallis]

For some reason I'm not getting email for this bug. Perhaps removing
the 'wontfix' tag will help...

Oh, and sorry LIU Qi, I should have seen your name at the top of the bug page.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#286672:

[Jeremy Nickurak]

Any headway here? Or does nobody use mail-notification anymore? If so,
maybe we should get this proposed for removal from the next debian
release?




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#286672: Mail Notification: OpenSSL+GPL on Debian

[Steve Langasek]

On Wed, Jun 29, 2011 at 03:32:18PM +1200, Dan Wallis wrote:
> 2011/6/24 Steve Langasek :
> > However, in reading the bug log my understanding is the upstream author's
> > position is that the GPL does not require dynamically-linked libraries to be
> > distributed under the same license terms.  I don't believe this is an
> > accurate interpretation of the GPL as written, but if Jean-Yves is the sole
> > copyright holder of the work, then this is a clarification of the intended
> > license, which I believe is sufficient for Debian's purposes.  If there are
> > other copyright holders, we would need to get similar clarification of
> > intent, or an OpenSSL linking exception, from each of them.

> That's great news. Thanks. :)

> Pascal, as the package maintainer,

Pascal is no longer the maintainer, actually; the maintainer is now LIU Qi. 
But the @bugs.debian.org address reaches him, so I guess he's following
along. :)

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#286672: Mail Notification: OpenSSL+GPL on Debian

[Dan Wallis]

2011/6/24 Steve Langasek :
> However, in reading the bug log my understanding is the upstream author's
> position is that the GPL does not require dynamically-linked libraries to be
> distributed under the same license terms.  I don't believe this is an
> accurate interpretation of the GPL as written, but if Jean-Yves is the sole
> copyright holder of the work, then this is a clarification of the intended
> license, which I believe is sufficient for Debian's purposes.  If there are
> other copyright holders, we would need to get similar clarification of
> intent, or an OpenSSL linking exception, from each of them.

That's great news. Thanks. :)

Pascal, as the package maintainer, would you be able to rebuild
mail-notification with TLS enabled? Hopefully it can also be included
in the next minor release of Squeeze.


Cheers
Dan



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#286672: Mail Notification: OpenSSL+GPL on Debian

[Steve Langasek]

Thanks for raising this issue.

On Fri, Jun 24, 2011 at 04:47:56PM +1200, Dan Wallis wrote:
> First off, apologies if I'm out of place in sending you this, or if
> it's already been discussed here before. I did search the archives
> [0], but didn't see any mention of this particular suggestion.

> As I understand things, there's currently a stalemate between the
> Debian policy, and the package author. I can see in the Ubuntu bug
> report [1] that there is what appears to be a well-written solution,
> with which the package author agrees, in comment #86 [2]. I am not a
> lawyer however, so would like to get the go-ahead from debian-legal.
> Does this logic seem sound from a legal point-of-view?

> Following on with that idea, would something as simple as the attached
> patch be sufficient to resolve this stalemate? If not, could you
> perhaps suggest suitable wording?

No, it would not.  Indicating in user-facing documentation that it is
recommended to use OpenSSL is not equivalent to granting distributors
permission to distribute binaries linked with OpenSSL as part of an OS.

However, in reading the bug log my understanding is the upstream author's
position is that the GPL does not require dynamically-linked libraries to be
distributed under the same license terms.  I don't believe this is an
accurate interpretation of the GPL as written, but if Jean-Yves is the sole
copyright holder of the work, then this is a clarification of the intended
license, which I believe is sufficient for Debian's purposes.  If there are
other copyright holders, we would need to get similar clarification of
intent, or an OpenSSL linking exception, from each of them.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Bug#286672: ... and with the actual contents of the patch!

[Rupert Swarbrick]

Sorry for spamming the bug report with a massive patch. Even sorrier for
sending the wrong one! This patch used the magic "-N" flag too and
actually contains the code that's required...

Rupert



add-gnutls-support.patch.gz
Description: Binary data


pgpXSu4ZvmZsJ.pgp
Description: PGP signature

Bug#286672: Patch to enable gnutls

[Rupert Swarbrick]

As M. Braun said in his previous message (in 2009), there is in fact a
patch to enable gnutls support (which he wrote!).

I've extracted the code from the massive zip file that's linked at the
Ubuntu bug report and have made the required changes to the debian
control file to use it.

I *think* this should work. Anyway, (Dear Maintainer!): could you try
building with the attached patch? It might need a bit of cleaning up,
but it seems that it would be good to put this long-standing bug to rest
at last.

The attached patch applies to the current debian source package
(5.4.dfsg.1-2.5).


Rupert


diff -ur mail-notification-5.4.dfsg.1/debian//control mail-notification-5.4.dfsg.1.new/debian//control
--- mail-notification-5.4.dfsg.1/debian//control	2011-02-27 23:50:20.0 +
+++ mail-notification-5.4.dfsg.1.new/debian//control	2011-03-28 10:09:13.0 +0100
@@ -2,7 +2,7 @@
 Section: gnome
 Priority: optional
 Maintainer: LIU Qi 
-Build-Depends: debhelper (>= 7), scrollkeeper, gnome-pkg-tools, libxml-parser-perl, libglade2-dev (>= 2.6.0), libsasl2-dev (>= 2.0.0), libgmime-2.4-dev, evolution-dev (>= 2.11.0), evolution-plugins (>= 2.6.0), evolution-data-server-dev (>= 1.6.0), libgnomeprintui2.2-dev, libnotify-dev (>= 0.4.3), intltool (>= 0.35), gob2 (>= 2.0.16), libx11-dev
+Build-Depends: debhelper (>= 7), scrollkeeper, gnome-pkg-tools, libxml-parser-perl, libglade2-dev (>= 2.6.0), libsasl2-dev (>= 2.0.0), libgmime-2.4-dev, evolution-dev (>= 2.11.0), evolution-plugins (>= 2.6.0), evolution-data-server-dev (>= 1.6.0), libgnomeprintui2.2-dev, libnotify-dev (>= 0.4.3), intltool (>= 0.35), gob2 (>= 2.0.16), libx11-dev, libgnutls-dev (>= 2.0.4)
 Standards-Version: 3.9.1
 
 Package: mail-notification
@@ -21,7 +21,7 @@
* Mozilla products (Mozilla, SeaMonkey, Thunderbird, ...) mailbox support
* SASL authentication support
* APOP authentication support
-   * SSL/TLS support (disabled, see README.Debian)
+   * SSL/TLS support (using gnutls, see README.Debian)
* automatic detection of mailbox format
* immediate notification (depends on your settings)
* HIG 2.0 compliance
diff -ur mail-notification-5.4.dfsg.1/debian//patches/series mail-notification-5.4.dfsg.1.new/debian//patches/series
--- mail-notification-5.4.dfsg.1/debian//patches/series	2011-03-13 22:14:01.0 +
+++ mail-notification-5.4.dfsg.1.new/debian//patches/series	2011-03-28 10:15:17.0 +0100
@@ -9,3 +9,4 @@
 strict-libs.patch
 evolution-2.32.patch
 ignore-junk.patch
+add-gnutls.patch
diff -ur mail-notification-5.4.dfsg.1/debian//README.Debian mail-notification-5.4.dfsg.1.new/debian//README.Debian
--- mail-notification-5.4.dfsg.1/debian//README.Debian	2010-05-26 05:55:55.0 +0100
+++ mail-notification-5.4.dfsg.1.new/debian//README.Debian	2011-03-28 10:08:06.0 +0100
@@ -9,8 +9,9 @@
 
 1. SSL
 --
-I had to disable SSL because of a license issue.
-It doesn't look like the issue is going to be solved soon.
+
+SSL support is available using gnutls, thanks to a patch by Michael
+Braun .
 
 See the Debian BTS thread:
 http://bugs.debian.org/286672
diff -ur mail-notification-5.4.dfsg.1/debian//rules mail-notification-5.4.dfsg.1.new/debian//rules
--- mail-notification-5.4.dfsg.1/debian//rules	2010-05-26 05:55:55.0 +0100
+++ mail-notification-5.4.dfsg.1.new/debian//rules	2011-03-28 09:48:18.0 +0100
@@ -14,7 +14,7 @@
 configure: configure-stamp
 configure-stamp:
 	dh_testdir
-	./jb configure ssl=no sysconfdir=/etc destdir=$(DEBIAN_DIR)/tmp/ cppflags="-I/usr/include/libgtkhtml-3.14 -I/usr/include/libgtkhtml-3.14/editor"
+	./jb configure gnutls=yes sysconfdir=/etc destdir=$(DEBIAN_DIR)/tmp/ cppflags="-I/usr/include/libgtkhtml-3.14 -I/usr/include/libgtkhtml-3.14/editor"
 	touch $@
 
 


pgp2Us0yfinbs.pgp
Description: PGP signature

Bug#286672: Patches for gnutls

[M. Braun]

Dear package maintainer,

please find patches to make mail notification work with gnutls
attached to the ubuntu bug report. They apply to the vanilla
mail notification 5.4 and introduce only gnutls as a new build
and runtime dependeny (no diff for control file included).

Sincerely
 AZ



signature.asc
Description: OpenPGP digital signature

Bug#286672: mail-notification: Please find a consistent solution for all debian packages

[Christian Engwer]

Package: mail-notification
Version: 5.4.dfsg.1-1
Followup-For: Bug #286672


It seems that different maintainers interpret this issue differently.
The FAQ of the openssl package follows the official interpretation of
upstream openssl. Several other packages link against libssl although
they are licensed under gpl (e.g. kcontrol, inkscape, balsa, ...).
I would like to have this issue clearified and to have a consistent
interpretation for all debian packages.

I think many packages are rather useless without ssl support (like
mail-notification). If there exists consens in debian, that gpl
programs can not be distributed with libssl linked, I think it must be
a high priority for debian to make openssl-compat a full drop-in
replacement for libssl.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (600, 'testing'), (500, 'testing-proposed-updates'), (500, 
'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mail-notification depends on:
ii  gconf2 2.22.0-1  GNOME configuration database syste
ii  gnome-icon-theme   2.22.0-1  GNOME Desktop icon theme
ii  libart-2.0-2   2.3.20-2  Library of functions for 2D graphi
ii  libatk1.0-01.22.0-1  The ATK accessibility toolkit
ii  libbonobo2-0   2.22.0-1  Bonobo CORBA interfaces library
ii  libbonoboui2-0 2.22.0-1  The Bonobo UI library
ii  libc6  2.7-13GNU C Library: Shared libraries
ii  libcairo2  1.6.4-6   The Cairo 2D vector graphics libra
ii  libdbus-1-31.2.1-3   simple interprocess messaging syst
ii  libdbus-glib-1-2   0.76-1simple interprocess messaging syst
ii  libgconf2-42.22.0-1  GNOME configuration database syste
ii  libglade2-01:2.6.2-1 library to load .glade files at ru
ii  libglib2.0-0   2.16.5-1  The GLib library of C routines
ii  libgmime-2.0-2a2.2.21-1  MIME library
ii  libgnome-keyring0  2.22.3-1  GNOME keyring services library
ii  libgnome2-02.20.1.1-1The GNOME 2 library - runtime file
ii  libgnomecanvas2-0  2.20.1.1-1A powerful object-oriented display
ii  libgnomeui-0   2.20.1.1-1The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0 1:2.22.0-5GNOME Virtual File System (runtime
ii  libgnomevfs2-extra 1:2.22.0-5GNOME Virtual File System (extra m
ii  libgtk2.0-02.12.11-3 The GTK+ graphical user interface 
ii  libice62:1.0.4-1 X11 Inter-Client Exchange library
ii  libnotify1 [libnotify1 0.4.4-3   sends desktop notifications to a n
ii  liborbit2  1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0  1.20.5-2  Layout and rendering of internatio
ii  libpopt0   1.14-4lib for parsing cmdline parameters
ii  libsasl2-2 2.1.22.dfsg1-23   Cyrus SASL - authentication abstra
ii  libsm6 2:1.0.3-2 X11 Session Management library
ii  libssl0.9.80.9.8g-13 SSL shared libraries
ii  libx11-6   2:1.1.5-1 X11 client-side library
ii  libxml22.6.32.dfsg-4 GNOME XML library
ii  notification-daemon0.3.7-1+b1a daemon that displays passive pop
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

mail-notification recommends no packages.

Versions of packages mail-notification suggests:
pn  fetchyahoo (no description available)
pn  getlive(no description available)
pn  mail-notification-evolution(no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#286672: Status

[Pascal]

As a follow up on this, i'm currently looking into patching
mail-notification to use GnuTLS instead of OpenSSL.
Now, please don't read this as a promise that SSL/TLS support will be
back in mail-notification soon.

If you're willing to help on this front, you're very much welcome.
You can help by:
- writing a patch;
- giving tips on doing the port;
- providing anything else relevant to this task;
- trying to convince the upstream author that it would be a good idea[?].

It might also be of interest to mention that Ubuntu users would also
like to see SSL/TLS support. See bug report:
https://launchpad.net/distros/ubuntu/+source/mail-notification/+bug/44335

-Pascal
--
Homepage (http://organact.mine.nu)
Debian GNU/Linux (http://www.debian.org)


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#286672: Please reconsider SSL support

[Sam Morris]

Charles, you have to take it up with upstream. Debian simply does not
have permission to distribute binaries of mail-notification compiled
with OpenSSL support.

Another alternative would be to port mail-notification to use the Gnu
TLS library... :)

-- 
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078


signature.asc
Description: This is a digitally signed message part

Bug#286672: Please reconsider SSL support

[Charles Griffin]

If there is any way to provide SSL support for this package, I would be very grateful.  I understand there may be some licensing issues but I think upstream should reconsider.  Not having SSL support renders this application useless for me.
Thank you.

Bug#286672: mail-notification: Can't use SSL/TLS

[Chun-Chung Chen]

Since the author explicitly expressed that the program can be
distributed with dynamically linked OpenSSL.  Why not just use the email
from the author as a permission statement and include it in the
documentation?

-- 
Chun-Chung Chen


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]