[rrd-developers] [rrd] Why / How / When is version 1.2 developed?

Tobias Oetiker tobi at oetiker.ch
Thu Apr 9 16:48:11 CEST 2009


Hi Sebastian,

Today Sebastian Harl wrote:

> Hi Kevin and Tobi,
>
> On Thu, Apr 09, 2009 at 03:49:57AM -0500, kevin brintnall wrote:
> > I'm considering making a "soft" dependency on OpenSSL for the rrdcached
> > auth code.
>
> Apart from the currently ongoing discussion about technical issues
> regarding authentication concepts (in which I mostly share Florian's
> point of view - quite frankly, I'm pretty disappointed about how
> security is handled, driven by PR related arguments and irresponsible
> users instead of real technical aspects of how to provide good and
> _real_ security), we'll run into license issues when using OpenSSL. The
> problem is that the OpenSSL / SSLeay license is incompatible to the GPL
> (see [1]). In order to make it possible for users to link RRDtool
> against libssl, a special exception has to be added to the license of
> _each_ source file that will later be linked against libssl (see [2]).
> Since this is a license change, it would require the permission of
> _every_ copyright holder of those pieces of the software, which is
> basically impossible in RRDtool. Using, e.g., GnuTLS would be a valid
> option though ...

What can I say ... the whole ssl situation is a dark place to be
so many obstacles ... nearly on par with sasl ... :-( another
reason to maybe use something simple for now ...

cheers
tobi


> Cheers,
> Sebastian
>
> [1] http://www.gnu.org/philosophy/license-list.html#OpenSSL
> [2] http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
>
>

-- 
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900



More information about the rrd-developers mailing list