Olaf Buddenhagen <olafbuddenha...@gmx.net> wrote: > Sorry for being late to this discussion, but I feel the need to remind > everyone of the infamous OpenSSL licensing problem, i.e. the fact that > the SSLeay license it is (partially) covered by is considered > GPL-incompatible by many -- including (among others) the Debian project. > This affects not only OpenSSL itself, but also all forks, including > *ring* AIUI. >
Insofar as *ring* is concerned, I believe this is both mostly a non-issue and also fixable. Insofar as Debian is concerned, they figured out a way to ship OpenSSL. AFAICT they could package *ring* the same way, without *ring* needing to make any changes. That might be a slightly suboptimal configuration, but you could always use something besides Debian if so. AFAIU, there is very little SSLeay-licensed code in *ring*. None of it seems irreplaceable and actually it seems desirable to replace most or all of it with Rust code under the ISC license anyway. > In view of this, I believe anything directly or indirectly based on > OpenSSL and its derivates cannot be considered a viable option. > Rather than disqualifying things based on non-technical criteria, let's focus on technical criteria and then see what we can do to fix the non-technical stuff. The nature of software is that it is malleable; generally a problem today isn't a problem tomorrow if we're willing to do work to solve it. Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
