freeradius and openssl exception

Stephen Gran steve at
Thu Jul 27 02:32:59 CEST 2006

On Wed, Jul 26, 2006 at 09:15:21PM +0200, Nicolas Baradakis said:
> Stephen Gran wrote:
> > > The problem with the module rlm_sql_postgresql is the Debian
> > > package libpq4 depends on libssl. A user installing
> > > freeradius-postgresql also installs libssl through apt-get
> > > mechanism.
> >
> > Oh yes, I understand that - I just am not clear on why this instance
> > of transitive linking is actually a problem.  But that's not really
> > an issue for discussion on freeradius-dev, I don't think.
> It's an issue for debian-legal.

Oh yes, I am aware of the arguments, thank you.  I'm just not sure I
agree with them.  As I said, though, I don't really think this has
anything to do with freeradius development.  If you really want to have
the conversation about why I think what about about transitive linking,
we can have it via private mail or some list dedicated to tedious
legalities.  I don't think this is the place for it, though.

> > > When PostgreSQL completes their GnuTLS patch, it could be added as
> > > a dpatch in the postgresql source package, so the PostgreSQL
> > > client library doesn't depend on libssl anymore, and the
> > > freeradius-postgresql package can enter the Debian archive.
> >
> > That would be nice.  That still leaves us with the eap submodules
> > that expect to use openssl directly, though.  They are the ones that
> > represent clear problems for binary redistribution, and can only
> > really be solved within the freeradius project (well, or within the
> > openssl community, but as you pointed out, that seems unlikely).
> Concerning the eap submodules, I'm all for Alan's idea of an apt
> repository on We are already maintaining the files
> under the debian directory between each releases, therefore there
> isn't much additional work. While we are at it, we can also provide
> the latest version of FreeRADIUS for the users running Debian Sarge.

OK, just a quick question, though: is the core freeradius team the sole
copyright holders?  If so, binary redistribution is no problem, and it
seems reasonable.  It would also probably be reasonably trivial to just
grant an excemption if that was the case, however.  If you're not the
sole copyright holders, of course, you'll need to ask for permission
from the others, in which case we're in roughly the same place, aren't
|  Stephen Gran                  | Men of quality are not afraid of women  |
|  steve at             | for equality.                           |
| |                                         |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the Freeradius-Devel mailing list