LDAP keyserver patch

David Shaw dshaw@jabberwocky.com
Wed Sep 12 22:12:02 2001 

--0eh6TmSyL6TZE2Uz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 12, 2001 at 12:42:02AM -0500, gnupg-devel@thewrittenword.com wr=
ote:

> On Mon, Sep 10, 2001 at 07:58:18AM +0200, Florian Weimer wrote:

> > David Shaw <dshaw@jabberwocky.com> writes:

> >=20

> > > Included in the patch is a helper application for LDAP and another one

> > > for email keyservers.  You need OpenLDAP installed to enable LDAP

> > > support.

> >=20

> > Note that the OpenLDAP license is in a constant flux.  The most recent

> > version (2.7) seems to be GPL-compatible (so that you can distribute

> > binaries), but some of the previous ones were definitely not.

> >=20

> > I don't know if the current GPL compatibility is a mere accident, or

> > if it is by design.

>=20

> It is by design. We were going to bring up the issue and emailed

> licensing@gnu.org but were told not to as RMS was going to handle

> this. I emailed licensing@gnu.org to confirm the 2.7 license as being

> GPL compatible and received a response that RMS has agreed that it is.

>=20

> You will need to find a version of OpenLDAP with this license to be

> able to use it though (I have not looked at the license on the latest

> 1.2 and 2.0 versions). Note though that I think this applies mainly to

> commercial unixen that do not have OpenLDAP as part of the base OS

> (same exception clause that allows GPL software on Solaris to link

> against Solaris libc).

>=20

> Note that OpenLDAP 2.0.x can use SASL which uses OpenSSL. The OpenSSL

> license is *incompatible* with the GPL. So, I believe (IANAL)

> that OpenLDAP + Cyrus SASL would be imcompatible with the GPL (hence

> incompatible with GnuPG). Ugh! To overcome this, some GPL programs

> like fetchmail add the following to the GPL license:

>   Specific permission is granted for this code to be linked to OpenSSL

>   (this is necessary becuse the OpenSSL license is not GPL-compatible).


Interesting.  I did have a similar note in the gpgkeys_ldap code to
allow it to be linked with OpenLDAP, but if the OpenLDAP licence is
now GPL-compatible, then that is great.

I don't use OpenSSL in the patch, and given the design of the
keyservers it isn't likely to be needed - there is a notion of
authenticated communication with the keyservers, but that can be done
with a signed (via GnuPG itself) LDAP request.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--0eh6TmSyL6TZE2Uz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO5+ISIccwqs8s7QVAQHbKwf7B7r5Y37yszmDH5lt1tLKGqILbsdD6Ax0
y1Z6c3Fexv/lv1EYq3GaHYZUKW0lt5R2BcForNH22hr2D39UCLMTPbkcIsaXf7sN
uMTGNKXdGb21oG5M1CohPKr/N88bHKPiXqfCs66RykSNLdK30BRxuJq9dohBvKJJ
PwFWhGi8h4LgdCwGiT394ziCS9rqqG9BKQFm87Q8ZNBYbVYVLehKEnCRWBKw8BMz
TK10M2WwZ00M7fIiG/hv9NDzs/bWaISA3P8kpFC+gfYaMtDyR3iO6P8uOQnI5QFP
BVdwlFrlMTY3psboI5vVnpeS467K1pvb1kRd7inTMjpYzQjweyMyGw==
=oz51
-----END PGP SIGNATURE-----

--0eh6TmSyL6TZE2Uz--