Greg Troxel wrote:
Jan Harkes <[EMAIL PROTECTED]> writes:
On Sat, May 19, 2007 at 04:51:07PM +0200, Enrico Weigelt wrote:
So should we drop the openssl dependency completely ?
I think so, the openssl implementation may or may not be faster. The
md5 and sha1 code is conditionally compiled in coda/lib-src/base. Every
Coda binary links against the resulting libbase.a.
In general I would favor requiring a crypto library rather than having
included crypto code. But openssl may be problematic - is the license
GPL-compatible?
A few relevant links:
[1] http://www.openssl.org/support/faq.html#LEGAL2
[2] http://www.gnome.org/~markmc/openssl-and-the-gpl.html
I've looked at this recently for a different project I've been working
on and it is not completely clear. OpenSSL is licensed under an
Apache-style or BSD-style open source license which are generally closer
to being public domain than the GPL, and can often be included in more
restricted code bases by falling under the more restrictive license.
However, the OpenSSL license does contain a few clauses about
advertising and acknowledgments which impose additional restrictions
that directly conflict with the GPL. The debate moves into a gray area
when you consider that OpenSSL may be shipped as a GPL-incompatible
library with an operating system, which the GPL specifically allows
exemptions for linking against.
The most common way to get around this is to distribute your code under
the GPL with an OpenSSL exemption clause. From what I can tell,
OpenSSL's FAQ [1] seems to suggest Coda's current licensing is fine for
most of the operating systems on which it is linked, Windows beta aside.
Adam
