Bug#286672: Ping?
As I understand things, there is no longer anything preventing this from being distributed as the developer intended (ie, with TLS/SSL support). What's the hold-up? How can the community help? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#286672: Bug email working?
For some reason I'm not getting email for this bug. Perhaps removing the 'wontfix' tag will help... Oh, and sorry LIU Qi, I should have seen your name at the top of the bug page. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#286672:
Any headway here? Or does nobody use mail-notification anymore? If so, maybe we should get this proposed for removal from the next debian release? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#286672: Mail Notification: OpenSSL+GPL on Debian
On Wed, Jun 29, 2011 at 03:32:18PM +1200, Dan Wallis wrote: > 2011/6/24 Steve Langasek : > > However, in reading the bug log my understanding is the upstream author's > > position is that the GPL does not require dynamically-linked libraries to be > > distributed under the same license terms. I don't believe this is an > > accurate interpretation of the GPL as written, but if Jean-Yves is the sole > > copyright holder of the work, then this is a clarification of the intended > > license, which I believe is sufficient for Debian's purposes. If there are > > other copyright holders, we would need to get similar clarification of > > intent, or an OpenSSL linking exception, from each of them. > That's great news. Thanks. :) > Pascal, as the package maintainer, Pascal is no longer the maintainer, actually; the maintainer is now LIU Qi. But the @bugs.debian.org address reaches him, so I guess he's following along. :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#286672: Mail Notification: OpenSSL+GPL on Debian
2011/6/24 Steve Langasek : > However, in reading the bug log my understanding is the upstream author's > position is that the GPL does not require dynamically-linked libraries to be > distributed under the same license terms. I don't believe this is an > accurate interpretation of the GPL as written, but if Jean-Yves is the sole > copyright holder of the work, then this is a clarification of the intended > license, which I believe is sufficient for Debian's purposes. If there are > other copyright holders, we would need to get similar clarification of > intent, or an OpenSSL linking exception, from each of them. That's great news. Thanks. :) Pascal, as the package maintainer, would you be able to rebuild mail-notification with TLS enabled? Hopefully it can also be included in the next minor release of Squeeze. Cheers Dan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#286672: Mail Notification: OpenSSL+GPL on Debian
Thanks for raising this issue. On Fri, Jun 24, 2011 at 04:47:56PM +1200, Dan Wallis wrote: > First off, apologies if I'm out of place in sending you this, or if > it's already been discussed here before. I did search the archives > [0], but didn't see any mention of this particular suggestion. > As I understand things, there's currently a stalemate between the > Debian policy, and the package author. I can see in the Ubuntu bug > report [1] that there is what appears to be a well-written solution, > with which the package author agrees, in comment #86 [2]. I am not a > lawyer however, so would like to get the go-ahead from debian-legal. > Does this logic seem sound from a legal point-of-view? > Following on with that idea, would something as simple as the attached > patch be sufficient to resolve this stalemate? If not, could you > perhaps suggest suitable wording? No, it would not. Indicating in user-facing documentation that it is recommended to use OpenSSL is not equivalent to granting distributors permission to distribute binaries linked with OpenSSL as part of an OS. However, in reading the bug log my understanding is the upstream author's position is that the GPL does not require dynamically-linked libraries to be distributed under the same license terms. I don't believe this is an accurate interpretation of the GPL as written, but if Jean-Yves is the sole copyright holder of the work, then this is a clarification of the intended license, which I believe is sufficient for Debian's purposes. If there are other copyright holders, we would need to get similar clarification of intent, or an OpenSSL linking exception, from each of them. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Bug#286672: ... and with the actual contents of the patch!
Sorry for spamming the bug report with a massive patch. Even sorrier for sending the wrong one! This patch used the magic "-N" flag too and actually contains the code that's required... Rupert add-gnutls-support.patch.gz Description: Binary data pgpXSu4ZvmZsJ.pgp Description: PGP signature
Bug#286672: Patch to enable gnutls
As M. Braun said in his previous message (in 2009), there is in fact a patch to enable gnutls support (which he wrote!). I've extracted the code from the massive zip file that's linked at the Ubuntu bug report and have made the required changes to the debian control file to use it. I *think* this should work. Anyway, (Dear Maintainer!): could you try building with the attached patch? It might need a bit of cleaning up, but it seems that it would be good to put this long-standing bug to rest at last. The attached patch applies to the current debian source package (5.4.dfsg.1-2.5). Rupert diff -ur mail-notification-5.4.dfsg.1/debian//control mail-notification-5.4.dfsg.1.new/debian//control --- mail-notification-5.4.dfsg.1/debian//control 2011-02-27 23:50:20.0 + +++ mail-notification-5.4.dfsg.1.new/debian//control 2011-03-28 10:09:13.0 +0100 @@ -2,7 +2,7 @@ Section: gnome Priority: optional Maintainer: LIU Qi -Build-Depends: debhelper (>= 7), scrollkeeper, gnome-pkg-tools, libxml-parser-perl, libglade2-dev (>= 2.6.0), libsasl2-dev (>= 2.0.0), libgmime-2.4-dev, evolution-dev (>= 2.11.0), evolution-plugins (>= 2.6.0), evolution-data-server-dev (>= 1.6.0), libgnomeprintui2.2-dev, libnotify-dev (>= 0.4.3), intltool (>= 0.35), gob2 (>= 2.0.16), libx11-dev +Build-Depends: debhelper (>= 7), scrollkeeper, gnome-pkg-tools, libxml-parser-perl, libglade2-dev (>= 2.6.0), libsasl2-dev (>= 2.0.0), libgmime-2.4-dev, evolution-dev (>= 2.11.0), evolution-plugins (>= 2.6.0), evolution-data-server-dev (>= 1.6.0), libgnomeprintui2.2-dev, libnotify-dev (>= 0.4.3), intltool (>= 0.35), gob2 (>= 2.0.16), libx11-dev, libgnutls-dev (>= 2.0.4) Standards-Version: 3.9.1 Package: mail-notification @@ -21,7 +21,7 @@ * Mozilla products (Mozilla, SeaMonkey, Thunderbird, ...) mailbox support * SASL authentication support * APOP authentication support - * SSL/TLS support (disabled, see README.Debian) + * SSL/TLS support (using gnutls, see README.Debian) * automatic detection of mailbox format * immediate notification (depends on your settings) * HIG 2.0 compliance diff -ur mail-notification-5.4.dfsg.1/debian//patches/series mail-notification-5.4.dfsg.1.new/debian//patches/series --- mail-notification-5.4.dfsg.1/debian//patches/series 2011-03-13 22:14:01.0 + +++ mail-notification-5.4.dfsg.1.new/debian//patches/series 2011-03-28 10:15:17.0 +0100 @@ -9,3 +9,4 @@ strict-libs.patch evolution-2.32.patch ignore-junk.patch +add-gnutls.patch diff -ur mail-notification-5.4.dfsg.1/debian//README.Debian mail-notification-5.4.dfsg.1.new/debian//README.Debian --- mail-notification-5.4.dfsg.1/debian//README.Debian 2010-05-26 05:55:55.0 +0100 +++ mail-notification-5.4.dfsg.1.new/debian//README.Debian 2011-03-28 10:08:06.0 +0100 @@ -9,8 +9,9 @@ 1. SSL -- -I had to disable SSL because of a license issue. -It doesn't look like the issue is going to be solved soon. + +SSL support is available using gnutls, thanks to a patch by Michael +Braun . See the Debian BTS thread: http://bugs.debian.org/286672 diff -ur mail-notification-5.4.dfsg.1/debian//rules mail-notification-5.4.dfsg.1.new/debian//rules --- mail-notification-5.4.dfsg.1/debian//rules 2010-05-26 05:55:55.0 +0100 +++ mail-notification-5.4.dfsg.1.new/debian//rules 2011-03-28 09:48:18.0 +0100 @@ -14,7 +14,7 @@ configure: configure-stamp configure-stamp: dh_testdir - ./jb configure ssl=no sysconfdir=/etc destdir=$(DEBIAN_DIR)/tmp/ cppflags="-I/usr/include/libgtkhtml-3.14 -I/usr/include/libgtkhtml-3.14/editor" + ./jb configure gnutls=yes sysconfdir=/etc destdir=$(DEBIAN_DIR)/tmp/ cppflags="-I/usr/include/libgtkhtml-3.14 -I/usr/include/libgtkhtml-3.14/editor" touch $@ pgp2Us0yfinbs.pgp Description: PGP signature
Bug#286672: Patches for gnutls
Dear package maintainer, please find patches to make mail notification work with gnutls attached to the ubuntu bug report. They apply to the vanilla mail notification 5.4 and introduce only gnutls as a new build and runtime dependeny (no diff for control file included). Sincerely AZ signature.asc Description: OpenPGP digital signature
Bug#286672: mail-notification: Please find a consistent solution for all debian packages
Package: mail-notification Version: 5.4.dfsg.1-1 Followup-For: Bug #286672 It seems that different maintainers interpret this issue differently. The FAQ of the openssl package follows the official interpretation of upstream openssl. Several other packages link against libssl although they are licensed under gpl (e.g. kcontrol, inkscape, balsa, ...). I would like to have this issue clearified and to have a consistent interpretation for all debian packages. I think many packages are rather useless without ssl support (like mail-notification). If there exists consens in debian, that gpl programs can not be distributed with libssl linked, I think it must be a high priority for debian to make openssl-compat a full drop-in replacement for libssl. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (600, 'testing'), (500, 'testing-proposed-updates'), (500, 'stable'), (1, 'experimental'), (1, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mail-notification depends on: ii gconf2 2.22.0-1 GNOME configuration database syste ii gnome-icon-theme 2.22.0-1 GNOME Desktop icon theme ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi ii libatk1.0-01.22.0-1 The ATK accessibility toolkit ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library ii libbonoboui2-0 2.22.0-1 The Bonobo UI library ii libc6 2.7-13GNU C Library: Shared libraries ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra ii libdbus-1-31.2.1-3 simple interprocess messaging syst ii libdbus-glib-1-2 0.76-1simple interprocess messaging syst ii libgconf2-42.22.0-1 GNOME configuration database syste ii libglade2-01:2.6.2-1 library to load .glade files at ru ii libglib2.0-0 2.16.5-1 The GLib library of C routines ii libgmime-2.0-2a2.2.21-1 MIME library ii libgnome-keyring0 2.22.3-1 GNOME keyring services library ii libgnome2-02.20.1.1-1The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.20.1.1-1A powerful object-oriented display ii libgnomeui-0 2.20.1.1-1The GNOME 2 libraries (User Interf ii libgnomevfs2-0 1:2.22.0-5GNOME Virtual File System (runtime ii libgnomevfs2-extra 1:2.22.0-5GNOME Virtual File System (extra m ii libgtk2.0-02.12.11-3 The GTK+ graphical user interface ii libice62:1.0.4-1 X11 Inter-Client Exchange library ii libnotify1 [libnotify1 0.4.4-3 sends desktop notifications to a n ii liborbit2 1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.20.5-2 Layout and rendering of internatio ii libpopt0 1.14-4lib for parsing cmdline parameters ii libsasl2-2 2.1.22.dfsg1-23 Cyrus SASL - authentication abstra ii libsm6 2:1.0.3-2 X11 Session Management library ii libssl0.9.80.9.8g-13 SSL shared libraries ii libx11-6 2:1.1.5-1 X11 client-side library ii libxml22.6.32.dfsg-4 GNOME XML library ii notification-daemon0.3.7-1+b1a daemon that displays passive pop ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime mail-notification recommends no packages. Versions of packages mail-notification suggests: pn fetchyahoo (no description available) pn getlive(no description available) pn mail-notification-evolution(no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#286672: Status
As a follow up on this, i'm currently looking into patching mail-notification to use GnuTLS instead of OpenSSL. Now, please don't read this as a promise that SSL/TLS support will be back in mail-notification soon. If you're willing to help on this front, you're very much welcome. You can help by: - writing a patch; - giving tips on doing the port; - providing anything else relevant to this task; - trying to convince the upstream author that it would be a good idea[?]. It might also be of interest to mention that Ubuntu users would also like to see SSL/TLS support. See bug report: https://launchpad.net/distros/ubuntu/+source/mail-notification/+bug/44335 -Pascal -- Homepage (http://organact.mine.nu) Debian GNU/Linux (http://www.debian.org) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#286672: Please reconsider SSL support
Charles, you have to take it up with upstream. Debian simply does not have permission to distribute binaries of mail-notification compiled with OpenSSL support. Another alternative would be to port mail-notification to use the Gnu TLS library... :) -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 signature.asc Description: This is a digitally signed message part
Bug#286672: Please reconsider SSL support
If there is any way to provide SSL support for this package, I would be very grateful. I understand there may be some licensing issues but I think upstream should reconsider. Not having SSL support renders this application useless for me. Thank you.
Bug#286672: mail-notification: Can't use SSL/TLS
Since the author explicitly expressed that the program can be distributed with dynamically linked OpenSSL. Why not just use the email from the author as a permission statement and include it in the documentation? -- Chun-Chung Chen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]