[Webkit-unassigned] [Bug 162913] [GTK][EFL] CryptoDigest implementation depends on GnuTLS with LGPLv3+/GPLv2+ deps
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 6 07:13:57 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=162913
--- Comment #12 from Carlos Alberto Lopez Perez <clopez at igalia.com> ---
Well, nothing of that is our problem.
We are LGPLGv2+ and no one of the libraries we link to is LGPLv3+. Fact: GnuTLS which is also LGPLGv2+.
GnuTLS can (in practice) end being LGPLGv3+ depending on how you build it.
But that is not our problem. Really.
I agree with trying to replace the GnuTLS dependency.
But keep in mind that this is not going to 100% fix the issue.
Even if we replace the GnuTLS dependency for the crypto code, you will probably end using it anyway via libsoup -> glib-networking -> gnutls backend.
And I don't know in which state of quality are the other glib-networking backends.
So in the end I think this can be summarized as:
* We are not depending on any LGPLv3+ library. But one of our dependencies (GnuTLS) has decided to depend on a LGPLv3+ library. Fortunately this is still something you can work-around by using old nettle and old libgmp if you care about this issue.
* We will try to avoid using GnuTLS because of the above. But keep in mind that even when we end doing that, you can end anyways using GnuTLS without realizing this via the glib-networking TLS backend dependency.
So in the end this (carefully selecting which libraries and versions go into the build) is something the distributor should care about, and not us.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161006/826fdffa/attachment.html>
More information about the webkit-unassigned
mailing list