Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
Repacked version without exe-binary is in the git repository: https://salsa.debian.org/debian/bearssl Best regards, Jan > On 5 Oct 2021, at 19:44, Jan Mojzis wrote: > > Ok > I understand, > first i will contact ‘upstream’ to remove the binary from the package. > > Jan > >> On 5 Oct 2021, at 19:03, Bastian Germann wrote: >> >> Am 05.10.21 um 18:59 schrieb Jan Mojzis: >>> Hello, >>> I have removed the patch, it wasn’t good idea. >>> The exe binary doesn’t affect debian package. >>> So I just updates the d/source/include-binary file. >> >> Hi Jan, >> >> Actually, it does affect the source package legally. You cannot know without >> a long process of reverse engineering what is contained in the binary. Odds >> are that it violates the distribution permission of additional software that >> is included but not documented. >> >> So if you want the package sponsored by me, you would have to repack, >> removing that file from the source package. >> >> Thanks, >> Bastian >> >
Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
Ok I understand, first i will contact ‘upstream’ to remove the binary from the package. Jan > On 5 Oct 2021, at 19:03, Bastian Germann wrote: > > Am 05.10.21 um 18:59 schrieb Jan Mojzis: >> Hello, >> I have removed the patch, it wasn’t good idea. >> The exe binary doesn’t affect debian package. >> So I just updates the d/source/include-binary file. > > Hi Jan, > > Actually, it does affect the source package legally. You cannot know without > a long process of reverse engineering what is contained in the binary. Odds > are that it violates the distribution permission of additional software that > is included but not documented. > > So if you want the package sponsored by me, you would have to repack, > removing that file from the source package. > > Thanks, > Bastian >
Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
Am 05.10.21 um 18:59 schrieb Jan Mojzis: Hello, I have removed the patch, it wasn’t good idea. The exe binary doesn’t affect debian package. So I just updates the d/source/include-binary file. Hi Jan, Actually, it does affect the source package legally. You cannot know without a long process of reverse engineering what is contained in the binary. Odds are that it violates the distribution permission of additional software that is included but not documented. So if you want the package sponsored by me, you would have to repack, removing that file from the source package. Thanks, Bastian
Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
Hello, I have removed the patch, it wasn’t good idea. The exe binary doesn’t affect debian package. So I just updates the d/source/include-binary file. Thanks Jan > On 1 Oct 2021, at 12:02, Bastian Germann wrote: > > On Sat, 06 Feb 2021 19:18:43 +0100 Jan Mojzis wrote: >> Package: wnpp >> Severity: wishlist >> Owner: Jan Mojzis >> * Package name: bearssl >> Version : 0.6 >> Upstream Author : Thomas Pornin >> * URL : https://bearssl.org >> * License : MIT >> Programming Lang: C >> Description : BearSSL is an implementation of the SSL/TLS protocol (RFC >> 5246) written in C >> BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in >> C. It aims at offering the following features: >> - Be correct and secure. In particular, insecure protocol versions and >> choices of algorithms are not supported, by design; cryptographic algorithm >> implementations are constant-time by default. >> - Be small, both in RAM and code footprint. For instance, a minimal server >> implementation may fit in about 20 kilobytes of compiled code and 25 >> kilobytes of RAM. >> - Be highly portable. BearSSL targets not only “big” operating systems like >> Linux and Windows, but also small embedded systems and even special contexts >> like bootstrap code. >> - Be feature-rich and extensible. SSL/TLS has many defined cipher suites and >> extensions; BearSSL should implement most of them, and allow extra algorithm >> implementations to be added afterwards, possibly from third parties >> Library doesn't have compatible API with mainstream OpenSSL. >> And it's not intended as an OpenSSL 1-1 replacement. >> I'm using this software and I'm going to maintain using >> https://salsa.debian.org/. >> I need sponsor. > > Please replace the exe removing patch with a Files-Excluded rule in > d/copyright. This is a repack then, which has to be reflected in the version > string. > Else this looks good to me. > > The usual process to ask for sponsors is filing an RFS. It will get more > attention then.
Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
On Sat, 06 Feb 2021 19:18:43 +0100 Jan Mojzis wrote: Package: wnpp Severity: wishlist Owner: Jan Mojzis * Package name: bearssl Version : 0.6 Upstream Author : Thomas Pornin * URL : https://bearssl.org * License : MIT Programming Lang: C Description : BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the following features: - Be correct and secure. In particular, insecure protocol versions and choices of algorithms are not supported, by design; cryptographic algorithm implementations are constant-time by default. - Be small, both in RAM and code footprint. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM. - Be highly portable. BearSSL targets not only “big” operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code. - Be feature-rich and extensible. SSL/TLS has many defined cipher suites and extensions; BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties Library doesn't have compatible API with mainstream OpenSSL. And it's not intended as an OpenSSL 1-1 replacement. I'm using this software and I'm going to maintain using https://salsa.debian.org/. I need sponsor. Please replace the exe removing patch with a Files-Excluded rule in d/copyright. This is a repack then, which has to be reflected in the version string. Else this looks good to me. The usual process to ask for sponsors is filing an RFS. It will get more attention then.
Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
> I need sponsor. Have you got your sponsor? signature.asc Description: PGP signature
Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C
Package: wnpp Severity: wishlist Owner: Jan Mojzis * Package name: bearssl Version : 0.6 Upstream Author : Thomas Pornin * URL : https://bearssl.org * License : MIT Programming Lang: C Description : BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the following features: - Be correct and secure. In particular, insecure protocol versions and choices of algorithms are not supported, by design; cryptographic algorithm implementations are constant-time by default. - Be small, both in RAM and code footprint. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM. - Be highly portable. BearSSL targets not only “big” operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code. - Be feature-rich and extensible. SSL/TLS has many defined cipher suites and extensions; BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties Library doesn't have compatible API with mainstream OpenSSL. And it's not intended as an OpenSSL 1-1 replacement. I'm using this software and I'm going to maintain using https://salsa.debian.org/. I need sponsor.