On Mon, Oct 16, 2017 at 6:08 AM, Emmanuel Charpentier <[email protected]> wrote: > [ The first post started too fast... Sorry for the interruption ! ] > > Following numerous discussions on this list and various Trac tickets*, the > issue of maintaining Sage-specific patches to various components of Sage > emerged again about the proposed upgrade of R to 3.4.2 (discussed here). > William again raises the issue of security. > > Since Trac#22189, installation of a systemwide opennssl is recommended (may > be too strongly, in the taste of some respectable Sage developers...). The > ongoing relicensing of OpenSSL should lift the last barriers to its > inclusion in sage. A discussed here,, the probability of a legal problem > related to the incusion of this library in Sage seems infinitesimal. > > It has beeen furthermore suggested to add to our licensing (an adaptatin of) > the following language, used in Gnu Wget License (GPL) : > > "Additional permission under GNU GPL version 3 section 7 > > If you modify this program, or any covered work, by linking or combining it > with the OpenSSL project's OpenSSL library (or a modified version of that > library), containing parts covered by the terms of the OpenSSL or SSLeay > licenses, the Free Software Foundation grants you additional permission to > convey the resulting work. Corresponding Source for a non-source form of > such a combination shall include the source code for the parts of OpenSSL > used as well as that of the covered work." > > > The proposed inclusion would entail : > > Deprecation of our OpenSSL-avidance patches > Standardization of SSL communications on OpenSSL > > At compilation, research of a systemwide OpenSSL > If found : do nothing > In not found : installation of OpenSSL in the Sage tree from a Sage-specific > repository (as for most of our standard and optional packages...). > > Licensing clarification > > In short, we have two options : include OpenSSL now (using language > clarification), or wait for the complete OpenSSL relicensing. The exact > terms of the vote are therefore : > > |_| Yes, we should fully support OpenSSL now, and clarify the licensing > issue. > > |_| No, we should wait until OpenSSL finishes fixing their license situation > formally. >
Has anyone emailed them and just tell them the plan is for SageMath in November 2017 to include OpenSSL and include a license clarification of some type, and ask the OpenSSL people for their reaction? According to https://www.openssl.org/community/contacts.html the email for licensing issues is [email protected], but they have a developers' email list at https://www.openssl.org/community/mailinglists.html. > The vote will take place as answers to this post, and will be open until > Monday October 23, 14h UTC. > > Sincerely yours, > > > Emmanuel Charpentier > > * Perusing the results of searching Trac and sage-devel Google group is > enlightening... > -- > Emmanuel Charpentier > > -- > You received this message because you are subscribed to the Google Groups > "sage-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/sage-devel. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
