Better proxy support available via libcurl?

Werner Koch wk at gnupg.org
Wed Aug 2 19:32:10 CEST 2006


On Wed,  2 Aug 2006 14:17, David Shaw said:

> I must disagree.  Unless I am seriously misreading the GPL, the
> restriction would be on *distributing* a binary with GPG linked to an

That is right.

However, the discussion was about about the W32 version of GnuPG and
tehre it is pretty common to distribute binaries.  In fact most people
won't be able to build their own binary. 

Thus my suggestion to detect this or to print a warning.  For example,
libgcrypt does print such a warning if it may not be used unter terms
of the LGPL (due to a missing /dev/random).

> OpenSSL libcurl, and even then the restriction depends on whether
> OpenSSL is considered part of the OS or not.

OpenSSL is clearly not part of the OS (at least for almost all
GNU/Linux systems).

Being a GNU project we need to take such issues seriously.  It is just
that I did not thought about this because the keyserver helpers are
rather new.  We had similar discussion within other projects and came
to the conclusion that indirect linking is indeed a problem and one
that package maintainers are often not aware of.  A warning will
indeed help them.

I just checked a stock SUSE system with gpg 1.4.0 installed - it
indeed links to openssl - that is clearly not complying with the GPL.

> OSX decided it that it was.  Either way the OS goes, it's not
> something we can reasonably answer within GPG.

I will raise this point at the GNU maintainers list and report back
then.

> The packager of the binary has many choices: they can build with
> OpenSSL+libcurl, they can build with GnuTLS+libcurl, they can build
> with plain libcurl, or they can build without libcurl at all.  We've

It is not easy to do.  For example with current Debian you may either
install the gnutls or the openssl based version of cURL.

> I'd be happy to write a paragraph or two for the README file about
> this.  It's not even a libcurl-specific issue: the LDAP keyserver
> helper can link to OpenLDAP, which can also be built with OpenSSL.

I know.  All this deep linking chains raise a lot of problems and
licensing questions are just one of them.



Salam-Shalom,

   Werner




More information about the Gnupg-devel mailing list