[ The first post started too fast... Sorry for the interruption ! ] Following numerous discussions on this list and various Trac tickets*, the issue of maintaining Sage-specific patches to various components of Sage emerged again about the proposed upgrade <https://trac.sagemath.org/ticket/24026> of R to 3.4.2 (discussed here <https://groups.google.com/forum/#!topic/sage-devel/rhMrNK_2c24>). William again raises <https://groups.google.com/d/msg/sage-devel/rhMrNK_2c24/WQ5FPmsiAQAJ> the issue of security.
Since Trac#22189 <https://trac.sagemath.org/ticket/22189>, installation of a systemwide opennssl is recommended (may be too strongly <https://trac.sagemath.org/ticket/22620>, in the taste of some respectable Sage developers...). The ongoing relicensing of OpenSSL should lift the last barriers to its inclusion in sage. A discussed here <https://groups.google.com/forum/#!topic/sage-devel/rhMrNK_2c24>,, the probability of a legal problem related to the incusion of this library in Sage seems infinitesimal. It has beeen furthermore suggested <https://groups.google.com/d/msg/sage-devel/rhMrNK_2c24/GYHzsSd6BAAJ> to add to our licensing (an adaptatin of) the following language, used in Gnu Wget License (GPL) : "Additional permission under GNU GPL version 3 section 7 If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, the Free Software Foundation grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work." The proposed inclusion would entail : - Deprecation of our OpenSSL-avidance patches - Standardization of SSL communications on OpenSSL - At compilation, research of a systemwide OpenSSL - If found : do nothing - In not found : installation of OpenSSL in the Sage tree from a Sage-specific repository (as for most of our standard and optional packages...). - Licensing clarification In short, we have two options : include OpenSSL now (using language clarification), or wait for the complete OpenSSL relicensing. The exact terms of the vote are therefore : |_| Yes, we should fully support OpenSSL now, and clarify the licensing issue. |_| No, we should wait until OpenSSL finishes fixing their license situation formally. The vote will take place as answers to this post, and will be open until Monday October 23, 14h UTC. Sincerely yours, Emmanuel Charpentier * Perusing the results of searching Trac and sage-devel Google group is enlightening... -- Emmanuel Charpentier -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.