Bug#727660: gnutls28: CVE-2013-4466: GNUTLS-SA-2013-3
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Oct 27 15:08:25 UTC 2013
On 10/27/2013 10:17 AM, Andreas Metzler wrote:
> tpm used to be undistributable, see
right, i saw your note on gnutls-devel about the changes to tpm
licensing, thanks for staying on top of that!
> The dane situation is slightly better, but still sucks. libdane
> requires and links against libunbound. libunbound OTOH is linked
> against OpenSSL's libssl on Debian. Therefore libdane and any
> program using it ends up being dynamically linked against both libssl
> (OpenSSL license) and GnuTLS (LGPLv3+ via gmp).
> The result is not undistributable but not very useful, since it is
> e.g. GPL-incompatible. Apart from that it is more than a little bit
> ugly that libdane customers end up being linked against two different
> major TLS toolkits.
ugh, yes, i feared this was the issue. I agree that this outcome seems
problematic. Have you pointed this out to Nikos, or thought about any
(idly, i wonder if it would be possible to port libunbound to use nettle
instead of openssl's libcrypto)
More information about the Pkg-gnutls-maint