opencdk under LGPL

Simon Josefsson simon at
Mon Jan 14 17:33:47 CET 2008

"Nikos Mavrogiannopoulos" <nmav at> writes:

> On Jan 14, 2008 4:57 PM, Simon Josefsson <simon at> wrote:
>> > I have splitted the files in the opencdk distribution in a way that we can
>> > copy directly the LGPL ones only. This is what I've done in the lgpl branch.
>> > I don't know how good idea would be to drop the dependency on opencdk
>> > completely and use the included LGPL files only.
>> I think it would be better to have a libgnutls-openpgp (under LGPL) for
>> the OpenPGP stuff, for at least two reasons: size and API compatibility.
>> This would make it easier to do further work on the OpenPGP stuff
>> without breaking API/ABI for the core library.  What do you think?
> No I don't think the idea into splitting into sublibraries is a good
> idea. It causes more
> problems than it solves. All features can be compiled out if
> necessary, thus it should
> cause a space problem. About compatibility, it doesn't cause any except for the
> changes I did to the functions. All applications linked to
> gnutls-extra will continue
> to work with openpgp in the main library!

Ok.  But any future API changes in the openpgp code will cause a version bump, and every one of those causes a lot of work
for packagers.  The new modification to gnutls_openpgp_privkey_sign_hash
will cause another API/ABI break for the core library, which is really
bad.  Putting the openpgp stuff in a libgnutls-openpgp can make it
possible to only cause these problems for the people who are using the
openpgp stuff.  Right now all gnutls users suffer from ABI breaks even
though they don't use those features.

Or do you think the openpgp API is now stable enough, so that we should
never break it again in a reasonable time (e.g., 5 years)?

Can't we revert the gnutls_openpgp_privkey_sign_hash change, and
introduce a new gnutls_openpgp_privkey_sign_hash2 instead?  That will
avoid breaking the ABI again for the 2.4 release, which I think would be
a good thing.

>> As for opencdk, I'm not sure... as far as I know, very few (if any)
>> applications except gnutls uses opencdk.  But having it available as a
>> separate library is good in case someone wants to use it.  It also helps
>> to make sure gnutls and the lgpl-opencdk library are well separated, and
>> that we only use public APIs etc.
> Currently, there is no LGPL only version of opencdk, that's why it is
> included in the
> main gnutls library (no symbols exported). Once an lgpl version is
> available we can link
> on it!

Yes, let's do it that way.  If a LGPL opencdk ever materialize, we can
use it, otherwise we use our internal mini-opencdk version.


More information about the Gnutls-devel mailing list