Bug#747031: fixed in python-debian 0.1.22
Stuart Prescott
s.prescott at unsw.edu.au
Wed Jun 11 12:12:21 UTC 2014
Hi John,
> * python_support: Avoid hashlib dependency, using the built-in _sha or
> _sha1 module (depending on Python version) instead. That way we
> don't link in OpenSSL, which has an incompatible license.
> (Closes: 747031)
We should be careful that this particular change is not backwards compatible
with wheezy's python:
$ PYTHONPATH=. python -c 'import debian.debian_support;
debian.debian_support.new_sha1()'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "debian/debian_support.py", line 50, in new_sha1
"Built-in sha1 implementation not found; cannot use hashlib"
NotImplementedError: Built-in sha1 implementation not found; cannot use
hashlib implementation because it depends on OpenSSL, which may not be linked
with this library due to license incompatibilities
(the test suite does fail which would alert a backporter)
Fiddling around with an internal interface like _sha feels quite wrong too. I
think it's likely to bring pain back to us in the future.
I'm quite unconvinced by the argument that a GPL'd script can't import
hashlib; I think GPLv3 is quite clear that "hashlib" is a Standard Interface
of the Python programming language and that making use of it is fine; the
language is less precise for GPLv2 but I still don't think there's a problem
there. There are plenty of other GPL'd things in Debian that "import hashlib"
and I don't think anyone's interested in working on this.
I've taken this particular issue out of the too-hard-basket and put it back in
several times already... thanks for taking a crack at it.
cheers
Stuart
--
Stuart Prescott
Senior Lecturer in Chemical Engineering
Rm 706 Chemical Sciences Building
UNSW AUSTRALIA
UNSW SYDNEY NSW 2052 AUSTRALIA
T: +61 2 9385 2641
F: +61 2 9385 5966
More information about the pkg-python-debian-maint
mailing list