LGPL library using only LGPL-parts of partially GPL shared library (gnutls, nettle)
Simon Josefsson
simon at josefsson.org
Sun Feb 20 15:33:50 CET 2011
Andreas Metzler <ametzler at downhill.at.eu.org> writes:
> On 2011-02-20 Simon Josefsson <simon at josefsson.org> wrote:
>> The Blowfish code in Nettle has already been re-implemented under
>> LGPLv2+ but not released yet. I am working on re-implementing Serpent
>> under LGPLv2+, however there are multiple and incompatible test vectors
>> of Serpent and it is not clear which corresponds to the "real" Serpent.
>
>> Meanwhile, perhaps the Nettle package in Debian could disable Serpent
>> and Blowfish, or since the Blowfish re-write mostly re-established
>> LGPLv2+ as the license of the old code, at least disable Serpent?
> [...]
>
> Hello,
> That would break the ABI and require a soname change, afaiui.
Fixing Serpent would probably require the same, since the current
implementation isn't compatible with (for example) Libgcrypt.
> I have the feeling that the discussion I started is an academic one
> anyway. Nettle's public key library (libhogweed) uses and links against
> libgmp, which is LGPLv3+. Therefore switching gnutls from gcrypt to
> nettle would break GPLv2-compatibility (GPLv2 without the "or any
> later version " clause). Oh dear.
It has been discussed to dual-license some libraries under
GPLv2+/LGPLv3+ to avoid this problem. I wonder if this could be a way
out here. GnuTLS 2.12 is not released (and there is not even any
release candidates), so we still have time to resolve this in a good
way.
(I've changed gnutls-dev at gnupg.org into gnutls-devel at gnu.org which is
the current list address.)
/Simon
More information about the Gnutls-devel
mailing list