Mozilla, License (again), PPG, GPGME
ben.bucksch.news at beonex.com
Sat Mar 9 16:02:01 CET 2002
sorry for reopening the old, annoying question , but...
Mozilla is MPL, GnuPG is GPL, MPL and GPL are not compatible. Mozilla
wants PGP, GnuPG wants to have an interface in Mozilla (at least Werner
and the German gov't says so).
The Mozilla relicensing is not necessarily of much help, because a GPL
lib would force all of Mozilla under the GPL, which would make other
inclusions impossible (e.g. Macromedia Flash).
GnuPG is a separate executable, so there doesn't have to be a problem,
if Mozilla communicates with GnuPG via pipes. Enigmail does this, for
The most sane method is to have a standard library, which can be linked
from other apps (like MUAs) and which wraps the communication with GnuPG
into a nice API. That's what GPGME  and PPG  try to achieve.
However, because that lib is then linked directly with the using program
(e.g. Mozilla), the lib license must be compatible with the license of
the using program. I.e. the lib cannot be GPL, if it wants to be used by
Mozilla and other programs. "Other programs" might include Microsoft
Outlook [Express], now that the future of the commercial PGP is unclear.
(Outlook has such a large market share that OpenPGP needs to have a nice
UI for it, if it ever wants to be a widely used standard. I know the
security concerns, but I think they are not really relevant.)
The author expressed intend to open the PPG license specifically so that
Mozilla could use it. (Thanks!) 
GPGME, however, is GPL.
PPG, however, seems to be dormant (last release 2 years ago), and GPGME
is actively developed (last checkin 2 days ago).
I found a diary entry  of Werner Koch, reading:
> /Monday, October 30 /
> Worked on *GPGME*, which may translate to GPG Made Easy. This the 3rd
> attempt to write a usable wrapper libary around GPG. Why? While
> playing with Evolution and Mozilla, I figured out that we should not
> duplicate gpg access code (which is pretty obvious) but have a good
> library to do that once and bulletproof.
> I looked at GPAPA but it actually is too strong bound to GPA and the
> design is not very flexibel. Looked again at *PGG* but this thing is
> too complicated and too much OOed. So, what to do? I stared out of the
> window for a long time before I decided that this 3rd attempt is worth
> a try. The goals of *gpgme* are: Should be able to run asyncronously,
> take filenames or memory areas, design must allow a better integration
> with OO systems, easy to read (at least for me), easy to build, limit
> use of resources.
So far for the facts, as I understood them.
* What's the state of PGG? I guess it's unusable by now?
* (What's wrong with OO? - no answer required :). )
* Why GPL for GPGME? Werner, you say you want to use the lib for
Mozilla, but you are surely aware of the license problems. What
was your plan, or did you just "default" to GPL :), planning to
think about the problem later?
P.S. In case you didn't hear of:
* Mozilla has now partial S/MIME support, and Netscape claims that
the underlying stuff is general enough for OpenPGP. As usual, they
have no docs whatsoover. I haven't looked at it myself.
* NAI worked on a Mozilla plugin last year, but the code was
rejected. IMHO, it looked better than the Netscape S/MIME stuff.
More information about the Gnupg-devel