Stephen Gran wrote:
The problem with the module rlm_sql_postgresql is the Debian package libpq4 depends on libssl. A user installing freeradius-postgresql also installs libssl through apt-get mechanism.
Oh yes, I understand that - I just am not clear on why this instance of transitive linking is actually a problem. But that's not really an issue for discussion on freeradius-dev, I don't think.
It's an issue for debian-legal. http://lists.debian.org/debian-legal/2002/11/msg00253.html
When PostgreSQL completes their GnuTLS patch, it could be added as a dpatch in the postgresql source package, so the PostgreSQL client library doesn't depend on libssl anymore, and the freeradius-postgresql package can enter the Debian archive.
That would be nice. That still leaves us with the eap submodules that expect to use openssl directly, though. They are the ones that represent clear problems for binary redistribution, and can only really be solved within the freeradius project (well, or within the openssl community, but as you pointed out, that seems unlikely).
Concerning the eap submodules, I'm all for Alan's idea of an apt repository on freeradius.org. We are already maintaining the files under the debian directory between each releases, therefore there isn't much additional work. While we are at it, we can also provide the latest version of FreeRADIUS for the users running Debian Sarge. -- Nicolas Baradakis