[Webkit-unassigned] [Bug 162913] [GTK][EFL] CryptoDigest implementation depends on GnuTLS with LGPLv3+/GPLv2+ deps
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 5 06:08:40 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=162913
--- Comment #3 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Note that we seem to agree that libgcrypt is the best option if we add a new dependency.
However, Zan notes that WTF has its own implementation of SHA-1, and we could probably roll our own SHA-2 as well, which together would be sufficient to replace all GnuTLS functionality used by CryptoDigest. This would probably be ideal.
We also considered mbed TLS (formerly Polar SSL), and discarded it as an option as it uses Apache license.
(In reply to comment #1)
> - openssl
>
> * Apache license is not compatible with GPLv2, unless an exception is added
> by GPL users
Note: the OpenSSL license is not compatible with GPLv2 unless the system library exception is used, and Debian has declined to declare OpenSSL a system library. OpenSSL is planning to change its license in the future to Apache v2, which is also not compatible with GPLv2.
(In reply to comment #2)
> >no activity since 2010
>
> This is not true, look at git repository. It is very active
libtomcrypt has activity in its git repository, but appears to have no releases since 2010. At least we failed to find them anywhere.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161005/82204375/attachment.html>
More information about the webkit-unassigned
mailing list