[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: LDAP keyserver patch
From: David Shaw <dshaw () jabberwocky ! com>
Date: 2001-09-12 16:07:36
[Download RAW message or body]
On Wed, Sep 12, 2001 at 12:42:02AM -0500, gnupg-devel@thewrittenword.com wrote:
> On Mon, Sep 10, 2001 at 07:58:18AM +0200, Florian Weimer wrote:
> > David Shaw <dshaw@jabberwocky.com> writes:
> >
> > > Included in the patch is a helper application for LDAP and another one
> > > for email keyservers. You need OpenLDAP installed to enable LDAP
> > > support.
> >
> > Note that the OpenLDAP license is in a constant flux. The most recent
> > version (2.7) seems to be GPL-compatible (so that you can distribute
> > binaries), but some of the previous ones were definitely not.
> >
> > I don't know if the current GPL compatibility is a mere accident, or
> > if it is by design.
>
> It is by design. We were going to bring up the issue and emailed
> licensing@gnu.org but were told not to as RMS was going to handle
> this. I emailed licensing@gnu.org to confirm the 2.7 license as being
> GPL compatible and received a response that RMS has agreed that it is.
>
> You will need to find a version of OpenLDAP with this license to be
> able to use it though (I have not looked at the license on the latest
> 1.2 and 2.0 versions). Note though that I think this applies mainly to
> commercial unixen that do not have OpenLDAP as part of the base OS
> (same exception clause that allows GPL software on Solaris to link
> against Solaris libc).
>
> Note that OpenLDAP 2.0.x can use SASL which uses OpenSSL. The OpenSSL
> license is *incompatible* with the GPL. So, I believe (IANAL)
> that OpenLDAP + Cyrus SASL would be imcompatible with the GPL (hence
> incompatible with GnuPG). Ugh! To overcome this, some GPL programs
> like fetchmail add the following to the GPL license:
> Specific permission is granted for this code to be linked to OpenSSL
> (this is necessary becuse the OpenSSL license is not GPL-compatible).
Interesting. I did have a similar note in the gpgkeys_ldap code to
allow it to be linked with OpenLDAP, but if the OpenLDAP licence is
now GPL-compatible, then that is great.
I don't use OpenSSL in the patch, and given the design of the
keyservers it isn't likely to be needed - there is a notion of
authenticated communication with the keyservers, but that can be done
with a signed (via GnuPG itself) LDAP request.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
[Attachment #3 (application/pgp-signature)]
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic