Bug#733295: gnutls-bin: please compile GnuTLS with DANE support
Cyril Brulebois
kibi at debian.org
Tue Mar 24 21:01:20 UTC 2015
Hi,
James Cloos <cloos at jhcloos.com> (2013-12-29):
> >>>>> "AM" == Andreas Metzler <ametzler at bebt.de> writes:
>
> AM> libdane requires and links against libunbound. libunbound OTOH
> AM> is linked against OpenSSL's libssl on Debian[1].
>
> A possible way forward is to configure unbound --with-nss, which
> should provide license compatibility for all libunbound users.
(Background: This issue has just been pointed out to me after a GNUnet
conference. At least one developer there is interested in seeing a fix
reach the archive.)
1. Not having looked too much at unbound yet, it seems to indeed
support NSS instead of OpenSSL, so one might think about switching
to it to get rid of (possible) OpenSSL license incompatibilities.
2. A softer way might be to build an NSS variant of the unbound library
alongside with the OpenSSL (current/default) one, so that packages
like GnuTLS can pull it instead, and deliver DANE support.
3. Yet another way might be to teach unbound to support GnuTLS in
addition to OpenSSL and NSS, so that one can build a GnuTLS variant
instead of an NSS one.
Solution 1 seems harsh and could possibly break rdepends; solution 2
seems safer and only a (small?) matter of packaging; solution 3 might
involve some bits of coding, and might cause tests entanglements in
configure.ac.
Thoughts? Should I look into patching unbound to support solution 2?
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20150324/f3651e8c/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list