* Stephen Frost:
Ah, this does sound rather ugly and not something we'd want. The
particular library doesn't make a whole heck of alot of difference to me
provided it has the general functionality necessary and a compatible
license (where 'compatible' in this case really means 'Debian feels
* Florian Weimer ([EMAIL PROTECTED]) wrote:
* Stephen Frost:
Ah, this does sound rather ugly and not something we'd want. The
particular library doesn't make a whole heck of alot of difference to me
provided it has the general functionality necessary and a compatible
license (where
Stephen Frost wrote:
* David Boreham ([EMAIL PROTECTED]) wrote:
Fascinating thread for the holidays. I found it interesting that nobody
has mentioned
NSS (former Netscape SSL library). It has its own bag of problems of
course, but
for me is potentially more attractive than GNU TLS. e.g. it
* David Boreham ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
Not sure what license that's under,
From http://www.mozilla.org/projects/security/pki/nss/:
'NSS is available under the Mozilla Public License, the GNU General
Public License, and the GNU Lesser General Public License.'
Works
David Boreham wrote:
Stephen Frost wrote:
* David Boreham ([EMAIL PROTECTED]) wrote:
Fascinating thread for the holidays. I found it interesting that
nobody has mentioned
NSS (former Netscape SSL library). It has its own bag of problems of
course, but
for me is potentially more attractive
Stephen Frost wrote:
* David Boreham ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
Not sure what license that's under,
From http://www.mozilla.org/projects/security/pki/nss/:
'NSS is available under the Mozilla Public License, the GNU General
Public License, and the GNU
Andrew Dunstan [EMAIL PROTECTED] writes:
Also, do we really want to import the NSPR into Postgres? I suspect not.
Of course, the only thing that people are tripping over license-wise is
libpq. But I think we would want to keep that as lean and mean as
possible, too.
Yeah, requiring NSPR to
Andrew Dunstan wrote:
I suspect most postgres developers and companies would like to keep
things as BSDish as possible.
Right, hence OpenSSL would be the obvious best choice.
In respect of licencing however, NSS is no 'worse' than GNU TLS
because it may be distributed under the GPL and LGPL.
* Andrew Dunstan ([EMAIL PROTECTED]) wrote:
I suspect most postgres developers and companies would like to keep
things as BSDish as possible. Dealing with a multitude of licenses might
be fun for some, but many of us find it a pain in the neck.
It'd be great if PostgreSQL could use an SSL
* David Boreham ([EMAIL PROTECTED]) wrote:
Andrew Dunstan wrote:
I suspect most postgres developers and companies would like to keep
things as BSDish as possible.
Right, hence OpenSSL would be the obvious best choice.
In respect of licencing however, NSS is no 'worse' than GNU TLS
Stephen Frost wrote:
Also, do we really want to import the NSPR into Postgres? I suspect not.
Of course, the only thing that people are tripping over license-wise is
libpq. But I think we would want to keep that as lean and mean as
possible, too.
erm, I'm not really sure what you're
* David Boreham ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
erm, I'm not really sure what you're saying here but perhaps I can
clarify: I wasn't suggesting to add any serious amount of source code
to PostgreSQL - NSS would be used just as OpenSSL is today, and as
GNUTLS support was
Stephen Frost wrote:
-- Start of PGP signed section.
* David Boreham ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
erm, I'm not really sure what you're saying here but perhaps I can
clarify: I wasn't suggesting to add any serious amount of source code
to PostgreSQL - NSS would be used
On Tue, Jan 02, 2007 at 01:29:35PM -0500, Stephen Frost wrote:
Would a patch to implement dual-support for OpenSSL and NSS be
acceptable? Would just replacing OpenSSL support with NSS support be
When I was looking into this I looked at NSS, and eventually decided on
GnuTLS. Why? Because I read
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
Ah, this does sound rather ugly and not something we'd want. The
particular library doesn't make a whole heck of alot of difference to me
provided it has the general functionality necessary and a compatible
license (where
Bruce Momjian wrote:
Keep in mind in most cases OpenSSL is already part of the operating
system, unless you are using Win32.
My understanding is that the Debian people are saying the exception for
libraries shipped with the OS does NOT apply to *other* libraries or
programs that are
* Andrew Dunstan ([EMAIL PROTECTED]) wrote:
Bruce Momjian wrote:
Keep in mind in most cases OpenSSL is already part of the operating
system, unless you are using Win32.
My understanding is that the Debian people are saying the exception for
libraries shipped with the OS does NOT apply to
Martijn van Oosterhout wrote:
- Thread safety (GnuTLS is thread-safe by design, no locks needed)
- Proper layering (creating your own I/O function is trivial)
- Seperate namespace
- Non-blocking support from the get-go
were taken care of. Since people are citing maintainability as a
concern, I
[EMAIL PROTECTED] (Joshua D. Drake) writes:
The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).
Complete side note but one feature that I brought up to my team a
potentially
Hi,
I've just read most of that thread and found it rather disappointing.
I'd just like to add my 2 (or 3) cents:
a) I like to have the freedom to choose what software (under which
licenses) I'm using. Thus I'd like to see GNUTLS supported, as it adds
an additional feature to PostgreSQL per
On Sun, Dec 31, 2006 at 03:25:42PM +0100, Markus Schiltknecht wrote:
b) The other features of Martijn's patch got completely overseen. Can we
(can you Martijn?) break up the patch into smaller pieces and discuss
single independent features, like querying for parameters of the SSL
On Sun, Dec 31, 2006 at 03:59:29PM +0100, Martijn van Oosterhout wrote:
Please read the OpenSSL-GPL FAQ. They themselves acknowledge it's a
problem, but claim they fall under the operating system exception,
which is fine for everyone except the distributor of the operating
system.
It seems your interpretation of the OpenSSL position is as
questionable as your interpretation of the GPL, and what the GPL can
legally require. :-)
Nobody has proven an issue exists. The only way to prove it would be
for an actual court case to set the precident.
Further, OpenSSL is not
Hi,
Martijn van Oosterhout wrote:
Please read the OpenSSL-GPL FAQ. They themselves acknowledge it's a
problem, but claim they fall under the operating system exception,
which is fine for everyone except the distributor of the operating
system.
http://www.openssl.org/support/faq.html#LEGAL2
Hi,
[EMAIL PROTECTED] wrote:
Nobody has proven an issue exists. The only way to prove it would be
for an actual court case to set the precident.
That's exactly the mentality that I'm questioning. Why always go to
legal boundaries and ask for courts?
Joshua D. Drake wrote:
Further, OpenSSL
On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Keep in mind it took years to get OpenSSL support up to the level we
have it now. It took SSL experts coming in and out of our development
process to get it 100% feature-complete.
Actually,
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Robert Treat wrote:
given options like --enable-dtrace and --with-libedit-preferred, I don't
find
this argument compelling...
Keep in mind it took years to get OpenSSL support up to the level we
have it now. It took SSL experts coming in and
* Andrew Dunstan ([EMAIL PROTECTED]) wrote:
Bruce Momjian wrote:
Keep in mind it took years to get OpenSSL support up to the level we
have it now. It took SSL experts coming in and out of our development
process to get it 100% feature-complete. Doing this for another
library, I am
* Tom Lane ([EMAIL PROTECTED]) wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Keep in mind it took years to get OpenSSL support up to the level we
have it now. It took SSL experts coming in and out of our development
process to get it 100% feature-complete.
Actually, it's *not*
* Martijn van Oosterhout (kleptog@svana.org) wrote:
On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
Actually, it's *not* feature-complete even yet.
What's missing? I don't see anything on the TODO list relating to
this. If you wanted a GnuTLS patch that supported more features
On Fri, Dec 29, 2006 at 08:12:47PM -0500, Stephen Frost wrote:
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
We use it on some of our production systems (since it can
provide cracklib, password expiration, etc, and the postgres
instance inside it's own vserver so it doesn't hurt as much
Stephen Frost wrote:
* Martijn van Oosterhout (kleptog@svana.org) wrote:
On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
Actually, it's *not* feature-complete even yet.
What's missing? I don't see anything on the TODO list relating to
this. If you wanted a GnuTLS patch that
Kerberos is there and it's not too hard to use (though does depend
on the MIT Kerberos for Windows service currently). Supporting
SSPI/GSSAPI and then writing a small document on how to generate
Windows keytabs for Postgres would mean single-sign-on for Windows
users using applications which
This would be the big feature I think is missing from our current SSL
support. I don't think it'd be terribly difficult to support with
either library (I think most of the work would be on the PG user auth
side, which would be useable by either).
Wouldn't it be a lot more logical to
On Sat, Dec 30, 2006 at 08:14:16AM -0800, Joshua D. Drake wrote:
This would be the big feature I think is missing from our current SSL
support. I don't think it'd be terribly difficult to support with
either library (I think most of the work would be on the PG user auth
side, which
On Sat, Dec 30, 2006 at 06:05:14PM +0100, Martijn van Oosterhout wrote:
Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this with the postgresql username yet, but I havn't seen any proposals
about how
The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).
Complete side note but one feature that I brought up to my team a
potentially useful would be to allow the use of ssh keys
Stephen Frost wrote:
-- Start of PGP signed section.
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Robert Treat wrote:
given options like --enable-dtrace and --with-libedit-preferred, I don't
find
this argument compelling...
Keep in mind it took years to get OpenSSL support up to
Stephen Frost wrote:
Yet *having* that requirement on a *derived work* which includes GPL
code is *against* the terms of the GPL. That's *exactly* the issue.
The GPL says more than you must provide the source code to everything,
it explicitly includes a requirement that no additional
[EMAIL PROTECTED] wrote:
On Sat, Dec 30, 2006 at 06:05:14PM +0100, Martijn van Oosterhout wrote:
Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this with the postgresql username yet, but I havn't seen
If you want real language-lawyer over-reach, check out this 2003 posting
that says our BSD license wording is not compatible with the OpenBSD BSD
license:
http://archives.postgresql.org/pgsql-bugs/2003-11/msg00212.php
OpenBSD feels the without fee can be misinterpreted, so PostgreSQL
On Sat, 2006-12-30 at 13:44 -0500, Bruce Momjian wrote:
If you want real language-lawyer over-reach, check out this 2003 posting
that says our BSD license wording is not compatible with the OpenBSD BSD
license:
http://archives.postgresql.org/pgsql-bugs/2003-11/msg00212.php
OpenBSD
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
Yet *having* that requirement on a *derived work* which includes GPL
code is *against* the terms of the GPL. That's *exactly* the issue.
The GPL says more than you must provide the source code to everything,
it explicitly
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
Kerberos is there and it's not too hard to use (though does depend
on the MIT Kerberos for Windows service currently). Supporting
SSPI/GSSAPI and then writing a small document on how to generate
Windows keytabs for Postgres would mean
Stephen Frost wrote:
-- Start of PGP signed section.
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
Yet *having* that requirement on a *derived work* which includes GPL
code is *against* the terms of the GPL. That's *exactly* the issue.
The GPL says more than you must
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
* Martijn van Oosterhout (kleptog@svana.org) wrote:
On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
Actually, it's *not* feature-complete even yet.
What's missing? I don't see anything on the TODO list relating to
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
[EMAIL PROTECTED] wrote:
On Sat, Dec 30, 2006 at 06:05:14PM +0100, Martijn van Oosterhout wrote:
Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).
Complete side note but one feature that I brought up to my team a
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
So it's *not* an additional restriction. Not to mention the other
reason- the license isn't part of the *work*.
It is an _additional_ license you have to include, not just their
license. I don't see how requiring an
Stephen Frost wrote:
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
Kerberos is there and it's not too hard to use (though does depend
on the MIT Kerberos for Windows service currently). Supporting
SSPI/GSSAPI and then writing a small document on how to generate
Windows keytabs for Postgres
On Sat, 2006-12-30 at 14:28 -0500, Stephen Frost wrote:
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).
Complete
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
I had to stuble together a Certificate Revocation List (CRL) patch for
8.2 from soneone's posted patch. I didn't even know what CRL was, and
got no feedback from the community, so I had to figure it out myself to
get it into CVS (for server and
Stephen Frost wrote:
-- Start of PGP signed section.
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
So it's *not* an additional restriction. Not to mention the other
reason- the license isn't part of the *work*.
It is an _additional_ license you have to include, not
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and
Stephen Frost wrote:
-- Start of PGP signed section.
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy,
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms
Stephen Frost wrote:
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
On Sat, Dec 30, 2006 at 05:03:23PM -0500, Bruce Momjian wrote:
I appriciate your pedantism but in the end it really doesn't matter very
much. This is, aiui anyway, the way Debian interprets the various
licenses. You're welcome to your own interpretation.
That was my point --- that it
Martijn van Oosterhout wrote:
-- Start of PGP signed section.
On Sat, Dec 30, 2006 at 05:03:23PM -0500, Bruce Momjian wrote:
I appriciate your pedantism but in the end it really doesn't matter very
much. This is, aiui anyway, the way Debian interprets the various
licenses. You're
Tom Lane wrote:
What basically bothers me about this is that trying to support both the
OpenSSL and GNUTLS APIs is going to be an enormous investment of
development and maintenance effort, because it's such a nontrivial thing
Fascinating thread for the holidays. I found it interesting that
* David Boreham ([EMAIL PROTECTED]) wrote:
Fascinating thread for the holidays. I found it interesting that nobody
has mentioned
NSS (former Netscape SSL library). It has its own bag of problems of
course, but
for me is potentially more attractive than GNU TLS. e.g. it has FIPS-140
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Martijn van Oosterhout wrote:
Somehow I don't think a statement requiring you to put some guys name
in all your advertising material is the same as requiring you to
preserve the copyright notice.
Agreed, but the words additional restrictions
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
I appriciate your pedantism but in the end it really doesn't matter very
much. This is, aiui anyway, the way Debian interprets the various
licenses. You're welcome to your own interpretation.
That was my point --- that it
On Sat, 2006-12-30 at 22:18 -0500, Stephen Frost wrote:
* Bruce Momjian ([EMAIL PROTECTED]) wrote:
Stephen Frost wrote:
I appriciate your pedantism but in the end it really doesn't matter very
much. This is, aiui anyway, the way Debian interprets the various
licenses. You're welcome
On Sat, Dec 30, 2006 at 05:03:23PM -0500, Bruce Momjian wrote:
Stephen Frost wrote:
I appriciate your pedantism but in the end it really doesn't matter very
much. This is, aiui anyway, the way Debian interprets the various
licenses. You're welcome to your own interpretation.
That was my
On 12/29/06, Stephen Frost wrote:
So, Debian is distributing an application (exim4 w/ libpq libssl)
which includes GPL code (exim4) combined with code under another license
(BSD w/ advertising clause) which *adds additional restrictions* (the
advertising clause) over those in the GPL, which is
On Fri, Dec 29, 2006 at 12:08:37AM -0500, Tom Lane wrote:
Stephen, let me explain *exactly* why I think this is horsepucky.
libjpeg, my other major open-source project, has always been shipped
under a BSD-ish license that includes an advertising clause; I quote:
: (2) If only executable
* Martijn van Oosterhout (kleptog@svana.org) wrote:
On Fri, Dec 29, 2006 at 12:08:37AM -0500, Tom Lane wrote:
libjpeg, my other major open-source project, has always been shipped
under a BSD-ish license that includes an advertising clause; I quote:
: (2) If only executable code is
On Fri, Dec 29, 2006 at 08:31:34PM +1300, Mark Kirkwood wrote:
[EMAIL PROTECTED] wrote:
I will try again. It is a difficult subject for many.
GPL software derived from PostgreSQL must honour the restrictions defined
by the PostgreSQL (BSD) license.
GPL software derived from OpenSSL must
On Fri, Dec 29, 2006 at 09:52:08AM -0500, [EMAIL PROTECTED] wrote:
I think the issue revolves around the conditions that GPL stipulates
about linking against libraries requiring the entire product to be
*distributed* as GPL, even if components have differing licenses. This
is the
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
GPL software derived from PostgreSQL must honour the restrictions defined
by the PostgreSQL (BSD) license.
GPL software derived from OpenSSL must honour the restrictions defined
by the OpenSSL license.
You're talking about GPL software as if
* Martijn van Oosterhout (kleptog@svana.org) wrote:
On Fri, Dec 29, 2006 at 09:52:08AM -0500, [EMAIL PROTECTED] wrote:
We're not talking about including GPL code in OpenSSL, though. This is
about OpenSSL as the base library. The GPL cannot stipulate that a GPL
program may only be linked
Martijn van Oosterhout kleptog@svana.org writes:
On Fri, Dec 29, 2006 at 12:08:37AM -0500, Tom Lane wrote:
libjpeg, my other major open-source project, has always been shipped
under a BSD-ish license that includes an advertising clause; I quote:
: (2) If only executable code is distributed,
* Tom Lane ([EMAIL PROTECTED]) wrote:
Martijn van Oosterhout kleptog@svana.org writes:
On Fri, Dec 29, 2006 at 12:08:37AM -0500, Tom Lane wrote:
libjpeg, my other major open-source project, has always been shipped
under a BSD-ish license that includes an advertising clause; I quote:
:
Now Exim has granted an exception that gets Debian off the hook, but
they didn't have to do that.
Right. If they didn't then it's conceivable that Exim could sue Debian
for violating the GPL license. Not exactly likely to happen but being
cautious it's best to get their explicit approval
On 12/29/06, Stephen Frost wrote:
In the case above, exim4 *can* provide an exception because it's the
*GPL* of *exim4* which is being violated by the advertising clause in
the *OpenSSL* license. Which exim4 upstream has *done*, and which can
be seen in their license (linked to previously in
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote:
Now Exim has granted an exception that gets Debian off the hook, but
they didn't have to do that.
Right. If they didn't then it's conceivable that Exim could sue Debian
for violating the GPL license. Not exactly likely to happen but being
Caution to the point of fantasy is a waste of resources. Caution to
further a political agenda (not you - but the people whose opinions you
are repeating) is exploitation.
I don't believe Debian has any kind of political agenda in this regard.
Debian's agenda is to follow the licenses
* August Zajonc ([EMAIL PROTECTED]) wrote:
On 12/29/06, Stephen Frost wrote:
In the case above, exim4 *can* provide an exception because it's the
*GPL* of *exim4* which is being violated by the advertising clause in
the *OpenSSL* license. Which exim4 upstream has *done*, and which can
be
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
Actually everything about Debian (the project) is a political agenda.
That doesn't mean that it is invalid though.
*smirk
That being said, this topic is WAY OFF-TOPIC for the discussion. The
discussion is:
Will we accept GNU TLS.
Currently
On Fri, Dec 29, 2006 at 10:32:34AM -0800, Joshua D. Drake wrote:
Currently there has not been one technical argument that is valid to
have us include GNU TLS.
1) The normal freedom that not being tied down to a single product
provides. The same reason somebody might build MySQL + PostgreSQL
entirely.
4) GNUTLS development seems more active? OpenSSL has been in a frozen/mature
state for a while. I don't understand why OpenSSL is still labelled as
0.9.x, which might indicate alpha quality, under heavy development.
I don't find the reasons too compelling - but they are
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
4) GNUTLS development seems more active? OpenSSL has been in a frozen/mature
state for a while. I don't understand why OpenSSL is still labelled as
0.9.x, which might indicate alpha quality, under heavy development.
I don't find the
On Friday 29 December 2006 14:49, Joshua D. Drake wrote:
entirely.
4) GNUTLS development seems more active? OpenSSL has been in a
frozen/mature state for a while. I don't understand why OpenSSL is still
labelled as 0.9.x, which might indicate alpha quality, under heavy
development.
On Fri, 2006-12-29 at 17:57 -0500, Robert Treat wrote:
On Friday 29 December 2006 14:49, Joshua D. Drake wrote:
entirely.
4) GNUTLS development seems more active? OpenSSL has been in a
frozen/mature state for a while. I don't understand why OpenSSL is still
labelled as 0.9.x, which
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
On Fri, 2006-12-29 at 17:57 -0500, Robert Treat wrote:
On Friday 29 December 2006 14:49, Joshua D. Drake wrote:
given options like --enable-dtrace and --with-libedit-preferred, I don't
find
this argument compelling...
I don't like either
On Fri, 2006-12-29 at 18:56 -0500, Stephen Frost wrote:
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
On Fri, 2006-12-29 at 17:57 -0500, Robert Treat wrote:
On Friday 29 December 2006 14:49, Joshua D. Drake wrote:
given options like --enable-dtrace and --with-libedit-preferred, I don't
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
I do not like --enable-dtrace because it is a Solaris only thing and a
waste of maintability resources (although small).
While the analysis can only be done on Solaris I feel that improvments
from the analysis may be useful on other platforms. For
I do not like --with-krb5 because it has extremely limited real world
use.
Riiigghhhttt... Only every Windows setup which uses Active Directory,
most major universities, and certain large corporations (uh, AOL?) would
even think to use something like Kerberos!
I said Extremely Limited
On Dec 29, 2006, at 7:09 PM, Joshua D. Drake wrote:
On Fri, 2006-12-29 at 18:56 -0500, Stephen Frost wrote:
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
On Fri, 2006-12-29 at 17:57 -0500, Robert Treat wrote:
On Friday 29 December 2006 14:49, Joshua D. Drake wrote:
given options like
I don't understand why this has devolved into an argument about what
people do and don't like. It's like specifically choosing a forum
that will have the most disagreement.
Yep :), I saw we go over to debian-general and ask why they are trying
to make all these projects use GNU/TLS ;)
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
I do not like --with-krb5 because it has extremely limited real world
use.
Riiigghhhttt... Only every Windows setup which uses Active Directory,
most major universities, and certain large corporations (uh, AOL?) would
even think to use
Robert Treat wrote:
On Friday 29 December 2006 14:49, Joshua D. Drake wrote:
entirely.
4) GNUTLS development seems more active? OpenSSL has been in a
frozen/mature state for a while. I don't understand why OpenSSL is still
labelled as 0.9.x, which might indicate alpha quality,
Bruce Momjian wrote:
Robert Treat wrote:
5) GNUTLS does not run well under all of our supported platforms.
given options like --enable-dtrace and --with-libedit-preferred, I don't
find
this argument compelling...
Keep in mind it took years to get OpenSSL support up to the level we
have
Bruce Momjian [EMAIL PROTECTED] writes:
Keep in mind it took years to get OpenSSL support up to the level we
have it now. It took SSL experts coming in and out of our development
process to get it 100% feature-complete.
Actually, it's *not* feature-complete even yet.
What basically bothers
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
What is the consideration here? I read the thread and it appears that
OpenSSL is not compatible with GPL? But we don't care about that right?
The OpenSSL looks pretty BSDish to me, expect the advertising clause (is
that what caused XFree86.org to
Joshua D. Drake wrote:
Hello,
What is the consideration here? I read the thread and it appears that
OpenSSL is not compatible with GPL? But we don't care about that right?
The OpenSSL looks pretty BSDish to me, expect the advertising clause (is
that what caused XFree86.org to fork?).
On Thu, 2006-12-28 at 13:01 -0500, Stephen Frost wrote:
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
What is the consideration here? I read the thread and it appears that
OpenSSL is not compatible with GPL? But we don't care about that right?
The OpenSSL looks pretty BSDish to me, expect
On Thu, 2006-12-28 at 13:02 -0500, Bruce Momjian wrote:
Joshua D. Drake wrote:
Hello,
What is the consideration here? I read the thread and it appears that
OpenSSL is not compatible with GPL? But we don't care about that right?
The OpenSSL looks pretty BSDish to me, expect the
* Joshua D. Drake ([EMAIL PROTECTED]) wrote:
On Thu, 2006-12-28 at 13:01 -0500, Stephen Frost wrote:
OpenSSL isn't compatible with the GPL.
The original discussion stated that well placed attorneys in the market
feel that the FSF is trying to reach beyond the hands of god on this one
and
1 - 100 of 122 matches
Mail list logo