https://bugs.debian.org/725153 suggests moving openldap's TLS backend in debian from gnutls to nss.
The reasons given appear to be the older gnutls/gcrypt suid problem (which is quite a serious concern, particularly for libpam_ldap), and that newer gnutls/nettle introduces some licensing issues. The licensing issues have been resolved by nettle relicensing to LGPL 3+ or GPL 2+, effective in nettle 3.0: http://mid.gmane.org/[email protected] If the work to switch openldap to NSS is strictly because of licensing concerns that have been resolved since the bug was opened, please reconsider the switch. Regards, --dkg
signature.asc
Description: PGP signature
