Stephen Gran wrote:
I'm sorry in advance if this is something that has already been discussed to death.
Indeed, it was discussed many times. The OpenSSL advertising clause was also discussed a few months ago on the openssl-users mailing list, and it seems unlikely they'll ever change their licence. http://marc.theaimsgroup.com/?l=openssl-users&m=114460613316150&w=2
I have been googling around, and I do see some discussion about an openssl exception that took place in 2005, but I don't see any resolution, nor do I see any actual exception in COPYING. Is this something, first of all, that people are either interested in or amenable to? If so, has any progress been made?
In short: nothing has been done yet, but there's no strong objection to the exception. Speaking personally, I'd prefer a GnuTLS solution but I won't go against everybody else.
I ask all this because I recently took over comaintenance of the package for Debian, and there are several modules that we can't ship precompiled right now, as I understand it (eap being the most common, but for some reason postgres is also currently disabled - that needs seperate investigation).
The problem with the module rlm_sql_postgresql is the Debian package libpq4 depends on libssl. A user installing freeradius-postgresql also installs libssl through apt-get mechanism. $ apt-cache show libpq4 | grep Depends Depends: libc6 (>= 2.3.6-6), libcomerr2 (>= 1.33-3), libkrb53 (>= 1.4.2), libssl0.9.8 (>= 0.9.8b-1)
If no progress has been made, I would be willing to do some of the leg work sending around a sort of form email to contributors asking for an exception, or whatever you all thought was the best way of handling this.
The PostgreSQL project has a pending patch for GnuTLS support, but I don't know the status of this patch. (there is a problem with psqlODBC) http://archives.postgresql.org/pgsql-general/2006-04/msg00977.php When PostgreSQL completes their GnuTLS patch, it could be added as a dpatch in the postgresql source package, so the PostgreSQL client library doesn't depend on libssl anymore, and the freeradius-postgresql package can enter the Debian archive. -- Nicolas Baradakis