Debian Bug report logs - #163583
If you adopt this package, please port it to GNU TLS

version graph

Package: cadaver; Maintainer for cadaver is Sebastian Harl <tokkee@debian.org>; Source for cadaver is src:cadaver.

Reported by: Bernd Eckenfels <ecki@lina.inka.de>

Date: Sun, 6 Oct 2002 21:50:58 UTC

Severity: wishlist

Merged with 186738

Found in version 0.21.0-1

Fixed in version cadaver/0.22.4-1

Done: Sebastian Harl <sh@tokkee.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
New Bug report received and forwarded. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: cadaver@webdav.org
Cc: submit@bugs.debian.org
Subject: Licensing issues
Date: Sun, 6 Oct 2002 23:41:49 +0200
Package: cadaver
Severity: serious

Hello,

I am the Debian Maintainer of Cadaver, shipping cadaver with the default
debian distributions.

It comes to my attentin, that there is a licensing problem with linking GPL
programs (like cadaver is) to non GPL Libs (like OpenSSL).

You, as the copyright holder and license issuer need to expecitely allow
cadaver to be linked against openssl, like described in the GPL FAQ:

http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs

To understand more of the background, this thread

http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00558.html

might help you.

Well, anyway. All I would ask you for is, to allow explecitely in your
README File, that you allow linking with OpenSSL, since libcrypto is not
considered to be essential part of the operating system (for some strange
reasons I do not understand :)

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #10 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Randall Donald <ftpmaster@debian.org>
Cc: 163583@bugs.debian.org
Subject: Re: cadaver_0.20.5-1_i386.changes REJECTED
Date: Mon, 7 Oct 2002 00:07:12 +0200
On Sun, Oct 06, 2002 at 01:54:42AM -0400, Randall Donald wrote:
>     you'll need to get an exception from
>     the authors of cadaver to permit linking 
>     with openssl and include it in
>     the copyright file.

can't we just asume libcrypto to be part of the essential operating system,
which is covered by the default GPL Exception phrase.

Anyway.. I have contacted upstream and files a bug to track progress on this
issue.

Greetings
Bernd



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #15 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: debian-legal@lists.debian.org
Cc: 163583-quiet@bugs.debian.org, joe@manyfish.co.uk
Subject: cadaver licensing issues: openssl and GPL again
Date: Sat, 12 Oct 2002 01:24:35 +0200
Hello,

after I have received a Reject from FTP Masters on the cadaver package,
because it is GPL and linked against openssl, I opened up the Bug #163583 and
contacted upstream.

http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=163583

Here is the answer from Joe Orton, which basically tells me that he can't
relicense cadaver.

He is the same oppinion as I am, openssl should be considered part of the
operating system, which in that case is fine with the GPL and would solve
the licensing problem of cadaver (and many other openSSL using packages).

Considering the fact how many packages use the openssl libs, I dont see a
problem in defining openssl a OS base package. Especially since it is
priority "strandard" anyway.

Please cc me and the bug.

Greetings
Bernd


----- Forwarded message from Joe Orton <joe@manyfish.co.uk> -----

Envelope-to: ecki@lina.inka.de
From: Joe Orton <joe@manyfish.co.uk>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: cadaver@webdav.org, submit@bugs.debian.org
Subject: Re: [cadaver] Licensing issues
Mail-Followup-To: Bernd Eckenfels <ecki@lina.inka.de>, cadaver@webdav.org,
	submit@bugs.debian.org

Hi,

On Sun, Oct 06, 2002 at 11:41:49PM +0200, Bernd Eckenfels wrote:
...
> Well, anyway. All I would ask you for is, to allow explecitely in your
> README File, that you allow linking with OpenSSL, since libcrypto is not
> considered to be essential part of the operating system (for some strange
> reasons I do not understand :)

I've seen references to this before but I don't completely understand it
either: can you find a statement of why? It seems quite reasonable to me
to state that OpenSSL is "part of the operating system".  If you *don't*
consider that OpenSSL is part of your operating system, then I guess you
are obliged not to redistribute cadaver binaries which are linked
against OpenSSL.

cadaver includes LGPL code under FSF copyright at libneon/ne_md5.c; code
which I cannot relicense, so this is not simply a case of adding an
explicit disclaimer to the GPL as used in cadaver, I'm afraid.

Regards,

joe



----- End forwarded message -----

-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@netexpress.net>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #20 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@netexpress.net>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org, joe@manyfish.co.uk
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Fri, 11 Oct 2002 19:28:30 -0500
[Message part 1 (text/plain, inline)]
On Sat, Oct 12, 2002 at 01:24:35AM +0200, Bernd Eckenfels wrote:
> after I have received a Reject from FTP Masters on the cadaver package,
> because it is GPL and linked against openssl, I opened up the Bug #163583 and
> contacted upstream.

> http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=163583

> Here is the answer from Joe Orton, which basically tells me that he can't
> relicense cadaver.

> He is the same oppinion as I am, openssl should be considered part of the
> operating system, which in that case is fine with the GPL and would solve
> the licensing problem of cadaver (and many other openSSL using packages).

> Considering the fact how many packages use the openssl libs, I dont see a
> problem in defining openssl a OS base package. Especially since it is
> priority "strandard" anyway.

The specific wording of the GPL grants an exception for linking binaries
against GPL-incompatible libraries that are part of the OS, *as long as*
your GPL binary is not shipped together with your libraries.  Debian
does not make this distinction; unless we were to make a new gpl-non-ssl
archive section, everything that we ship in main is part of a single OS
and is shipped together.

So the options are that you could secure a clarification of the GPL's OS
exemption from the FSF, in the form of a new revision of the GPL, that
permits what you're asking; or you can find a way to replace OpenSSL in
the build with a library providing equivalent features, such as gnutls.
It seems to me that the second is slightly more feasible. :)

Since Debian adopted its current hardline position on the GPL+OpenSSL
licensing issue, I've noticed a dramatic decrease in the number of
things OpenSSL can do that cannot also be done with GPL- or
LGPL-compatible libraries, and I've also discovered that there were many
more LGPL crypto routines available than I had previously thought.  One
of my packages was using OpenSSL, but only for DES and MD4; it was a
simple matter of a couple evenings' work to integrate some equivalent
code from libmhash and libmcrypt.  If you need any help finding LGPL
code that meets your needs, let me know.

Also, if the only barrier to relicensing is the presence of third-party
LGPL code, this is not a barrier at all, since the LGPL permits linking 
this code against any other object files you choose.

Steve Langasek
postmodern programmer

> ----- Forwarded message from Joe Orton <joe@manyfish.co.uk> -----
> 
> Envelope-to: ecki@lina.inka.de
> From: Joe Orton <joe@manyfish.co.uk>
> To: Bernd Eckenfels <ecki@lina.inka.de>
> Cc: cadaver@webdav.org, submit@bugs.debian.org
> Subject: Re: [cadaver] Licensing issues
> Mail-Followup-To: Bernd Eckenfels <ecki@lina.inka.de>, cadaver@webdav.org,
> 	submit@bugs.debian.org
> 
> Hi,
> 
> On Sun, Oct 06, 2002 at 11:41:49PM +0200, Bernd Eckenfels wrote:
> ...
> > Well, anyway. All I would ask you for is, to allow explecitely in your
> > README File, that you allow linking with OpenSSL, since libcrypto is not
> > considered to be essential part of the operating system (for some strange
> > reasons I do not understand :)
> 
> I've seen references to this before but I don't completely understand it
> either: can you find a statement of why? It seems quite reasonable to me
> to state that OpenSSL is "part of the operating system".  If you *don't*
> consider that OpenSSL is part of your operating system, then I guess you
> are obliged not to redistribute cadaver binaries which are linked
> against OpenSSL.
> 
> cadaver includes LGPL code under FSF copyright at libneon/ne_md5.c; code
> which I cannot relicense, so this is not simply a case of adding an
> explicit disclaimer to the GPL as used in cadaver, I'm afraid.
> 
> Regards,
> 
> joe
> 
> 
> 
> ----- End forwarded message -----
> 
> -- 
>   (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
>  ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
>   o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
> (O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Joe Orton <joe@manyfish.co.uk>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #25 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Joe Orton <joe@manyfish.co.uk>
To: Steve Langasek <vorlon@netexpress.net>
Cc: Bernd Eckenfels <ecki@lina.inka.de>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sat, 12 Oct 2002 13:00:26 +0100
Hi,

On Fri, Oct 11, 2002 at 07:28:30PM -0500, Steve Langasek wrote:
...
> The specific wording of the GPL grants an exception for linking binaries
> against GPL-incompatible libraries that are part of the OS, *as long as*
> your GPL binary is not shipped together with your libraries.  Debian
> does not make this distinction; unless we were to make a new gpl-non-ssl
> archive section, everything that we ship in main is part of a single OS
> and is shipped together.

Hmmm, I see the wording:

  "unless that component [of the OS] itself accompanies the executable"

Surely if your interpretation of this is correct, the *BSD projects
could not redistribute GPL code linked against their C libraries, which
they currently do with GCC and more?

...
> Also, if the only barrier to relicensing is the presence of third-party
> LGPL code, this is not a barrier at all, since the LGPL permits linking 
> this code against any other object files you choose.

Can you explain why? The LGPL seems to have exactly the same restriction
as the GPL about linking against components of the operating system.

The suggestion of adding support to cadaver (actually to neon) for a
replacement SSL library is a good one, and I would welcome such a
contribution.

Regards,

joe



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Henning Makholm <henning@makholm.net>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #30 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Henning Makholm <henning@makholm.net>
To: Joe Orton <joe@manyfish.co.uk>
Cc: Steve Langasek <vorlon@netexpress.net>, Bernd Eckenfels <ecki@lina.inka.de>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: 12 Oct 2002 15:20:07 +0200
Scripsit Joe Orton <joe@manyfish.co.uk>
> On Fri, Oct 11, 2002 at 07:28:30PM -0500, Steve Langasek wrote:

> > The specific wording of the GPL grants an exception for linking binaries
> > against GPL-incompatible libraries that are part of the OS, *as long as*
> > your GPL binary is not shipped together with your libraries.

> Hmmm, I see the wording:
>   "unless that component [of the OS] itself accompanies the executable"
> Surely if your interpretation of this is correct, the *BSD projects
> could not redistribute GPL code linked against their C libraries,

Arent the xBSD X libraries under the two-clause BSD licence these
days? That licence is GPL-compatible.

> > Also, if the only barrier to relicensing is the presence of third-party
> > LGPL code, this is not a barrier at all, since the LGPL permits linking 
> > this code against any other object files you choose.

> Can you explain why? The LGPL seems to have exactly the same restriction
> as the GPL about linking against components of the operating system.

The point is that the LGPL's *general* rule about derived works is
more lax than that of the GPL: The LGPL does not require the entire
derived work to be licenced under GPL, just that the user can plug in
new versions of the LGPL-covered part. Thus the "OS-component"
exception is typically not invoked at all in these cases.

-- 
Henning Makholm          "*Tak* for de ord. *Nu* vinker nobelprisen forude."



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@netexpress.net>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #35 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@netexpress.net>
To: Joe Orton <joe@manyfish.co.uk>
Cc: Bernd Eckenfels <ecki@lina.inka.de>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sat, 12 Oct 2002 10:06:35 -0500
[Message part 1 (text/plain, inline)]
On Sat, Oct 12, 2002 at 01:00:26PM +0100, Joe Orton wrote:

> On Fri, Oct 11, 2002 at 07:28:30PM -0500, Steve Langasek wrote:

> > The specific wording of the GPL grants an exception for linking binaries
> > against GPL-incompatible libraries that are part of the OS, *as long as*
> > your GPL binary is not shipped together with your libraries.  Debian
> > does not make this distinction; unless we were to make a new gpl-non-ssl
> > archive section, everything that we ship in main is part of a single OS
> > and is shipped together.

> Hmmm, I see the wording:

>   "unless that component [of the OS] itself accompanies the executable"

> Surely if your interpretation of this is correct, the *BSD projects
> could not redistribute GPL code linked against their C libraries, which
> they currently do with GCC and more?

The current generation of BSD system libraries are all licensed in a
GPL-compatible manner (BSD license w/o advertising clause).  So this is
not a problem unless they try to link gcc against something that has not 
had the licensing clause removed, such as OpenSSL. :)

> ...
> > Also, if the only barrier to relicensing is the presence of third-party
> > LGPL code, this is not a barrier at all, since the LGPL permits linking 
> > this code against any other object files you choose.

> Can you explain why? The LGPL seems to have exactly the same restriction
> as the GPL about linking against components of the operating system.

The LGPL's definitions are:

    A "library" means a collection of software functions and/or data
  prepared so as to be conveniently linked with application programs
  (which use some of those functions and data) to form executables.

    The "Library", below, refers to any such software library or work
  which has been distributed under these terms.  A "work based on the
  Library" means either the Library or any derivative work under
  copyright law: that is to say, a work containing the Library or a
  portion of it, either verbatim or with modifications and/or translated
  straightforwardly into another language.  (Hereinafter, translation is
  included without limitation in the term "modification".)

    "Source code" for a work means the preferred form of the work for
  making modifications to it.  For a library, complete source code means
  all the source code for all modules it contains, plus any associated
  interface definition files, plus the scripts used to control
  compilation and installation of the library.

You have a collection of such functions and data that are licensed
under the LGPL.  Since the LGPL's definition does NOT say "a library is
a collection of software functions [...] that have been compiled and
linked into an ELF shared object", I believe what you have is still
covered by this definition even though the files happen to be included
in your source and may be linked directly into one or more applications.
If there's any doubt, you can probably take the LGPLed code and
structure your source tree such that a static LGPL lib is created prior 
to final linking. ;)

Here is what the LGPL says about the requirements on applications using
the library (which implicitly covers other libraries used by that
application, since the LGPL says nothing about other libraries):

    5. A program that contains no derivative of any portion of the
  Library, but is designed to work with the Library by being compiled or
  linked with it, is called a "work that uses the Library".  Such a
  work, in isolation, is not a derivative work of the Library, and
  therefore falls outside the scope of this License.

    However, linking a "work that uses the Library" with the Library
  creates an executable that is a derivative of the Library (because it
  contains portions of the Library), rather than a "work that uses the
  library".  The executable is therefore covered by this License.
  Section 6 states terms for distribution of such executables.

So neon+OpenSSL is a "work that uses the Library", and the source is not
a derivative work of the Library and is therefore not governed by the
LGPL's requirements on source code.

The binaries are derived works, covered by section 6:

    6. As an exception to the Sections above, you may also combine or
  link a "work that uses the Library" with the Library to produce a
  work containing portions of the Library, and distribute that work
  under terms of your choice, provided that the terms permit
  modification of the work for the customer's own use and reverse
  engineering for debugging such modifications.

  [...] Also, you must do one of these things:

    a) Accompany the work with the complete corresponding
    machine-readable source code for the Library including whatever
    changes were used in the work (which must be distributed under
    Sections 1 and 2 above); and, if the work is an executable linked
    with the Library, with the complete machine-readable "work that
    uses the Library", as object code and/or source code, so that the
    user can modify the Library and then relink to produce a modified
    executable containing the modified Library.  (It is understood
    that the user who changes the contents of definitions files in the
    Library will not necessarily be able to recompile the application
    to use the modified definitions.)

    [...]

      For an executable, the required form of the "work that uses the
  Library" must include any data and utility programs needed for
  reproducing the executable from it.  However, as a special exception,
  the materials to be distributed need not include anything that is
  normally distributed (in either source or binary form) with the major
  components (compiler, kernel, and so on) of the operating system on
  which the executable runs, unless that component itself accompanies
  the executable.

And those are really all the requirements that the LGPL imposes on
source code that is linked to the library to form an executable, but is
not part of the library itself -- i.e., not much.  It certainly doesn't
require that they be available under the same terms, since it explicitly
allows closed-source apps to link against LGPL libs; so the OpenSSL
license is not really a problem at all.

Cheers,
Steve Langasek
postmodern programmer
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #40 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Joe Orton <joe@manyfish.co.uk>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sat, 12 Oct 2002 17:43:17 +0200
On Sat, Oct 12, 2002 at 10:06:35AM -0500, Steve Langasek wrote:
> And those are really all the requirements that the LGPL imposes on
> source code that is linked to the library to form an executable, but is
> not part of the library itself -- i.e., not much.  It certainly doesn't
> require that they be available under the same terms, since it explicitly
> allows closed-source apps to link against LGPL libs; so the OpenSSL
> license is not really a problem at all.

I did not get your last message. You are talking about LGPL, OpenSSL is not
LGPL and it looks like it _is_ a problem for GPL Programs, cause this is all
this thread is about. It is a modified BSD with advertising. Do you mean the
LGPL Code (in that case one source file from the glibc!)?

There are 2 options here:

a) consider OpenSSL part of the OS, but this wont work since the lib and the
GPL work may not be shipped together in that case (ugh!)

b) relicense cadaver to allow openssl, but this wont work cause of LGPL code
included from other sources.

My idea would be to relicense cadaver (with the exception of the FSF files)
and let me handle this. I think there should be no problem to call the md5
function from libcrypto instead of ne_md5.c in case of enabled openssl.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@netexpress.net>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #45 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@netexpress.net>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: Joe Orton <joe@manyfish.co.uk>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sat, 12 Oct 2002 10:57:04 -0500
[Message part 1 (text/plain, inline)]
On Sat, Oct 12, 2002 at 05:43:17PM +0200, Bernd Eckenfels wrote:
> On Sat, Oct 12, 2002 at 10:06:35AM -0500, Steve Langasek wrote:
> > And those are really all the requirements that the LGPL imposes on
> > source code that is linked to the library to form an executable, but is
> > not part of the library itself -- i.e., not much.  It certainly doesn't
> > require that they be available under the same terms, since it explicitly
> > allows closed-source apps to link against LGPL libs; so the OpenSSL
> > license is not really a problem at all.

> I did not get your last message. You are talking about LGPL, OpenSSL is not
> LGPL and it looks like it _is_ a problem for GPL Programs, cause this is all
> this thread is about. It is a modified BSD with advertising. Do you mean the
> LGPL Code (in that case one source file from the glibc!)?

> b) relicense cadaver to allow openssl, but this wont work cause of LGPL code
> included from other sources.

Why would it not work?  My point was that LGPL code doesn't *need* to be
relicensed in order to use it with OpenSSL.  If the author holds
copyright on all the other files, he can relicense however he chooses.

Steve Langasek
postmodern programmer
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Joe Orton <joe@manyfish.co.uk>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #50 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Joe Orton <joe@manyfish.co.uk>
To: Steve Langasek <vorlon@netexpress.net>
Cc: Bernd Eckenfels <ecki@lina.inka.de>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sun, 13 Oct 2002 00:38:10 +0100
On Sat, Oct 12, 2002 at 10:06:35AM -0500, Steve Langasek wrote:
> On Sat, Oct 12, 2002 at 01:00:26PM +0100, Joe Orton wrote:
> 
> > On Fri, Oct 11, 2002 at 07:28:30PM -0500, Steve Langasek wrote:
> 
> > > The specific wording of the GPL grants an exception for linking binaries
> > > against GPL-incompatible libraries that are part of the OS, *as long as*
> > > your GPL binary is not shipped together with your libraries.  Debian
> > > does not make this distinction; unless we were to make a new gpl-non-ssl
> > > archive section, everything that we ship in main is part of a single OS
> > > and is shipped together.
> 
> > Hmmm, I see the wording:
> 
> >   "unless that component [of the OS] itself accompanies the executable"
> 
> > Surely if your interpretation of this is correct, the *BSD projects
> > could not redistribute GPL code linked against their C libraries, which
> > they currently do with GCC and more?
> 
> The current generation of BSD system libraries are all licensed in a
> GPL-compatible manner (BSD license w/o advertising clause).

OK, bad example. Better examples are that Solaris ships with gzip, or
BSD/OS ships with gcc, emacs, and so on....  Aren't those GPL
violations?

joe



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@netexpress.net>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #55 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@netexpress.net>
To: Joe Orton <joe@manyfish.co.uk>
Cc: Bernd Eckenfels <ecki@lina.inka.de>, debian-legal@lists.debian.org, 163583-quiet@bugs.debian.org
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sat, 12 Oct 2002 19:12:35 -0500
[Message part 1 (text/plain, inline)]
On Sun, Oct 13, 2002 at 12:38:10AM +0100, Joe Orton wrote:
> On Sat, Oct 12, 2002 at 10:06:35AM -0500, Steve Langasek wrote:
> > On Sat, Oct 12, 2002 at 01:00:26PM +0100, Joe Orton wrote:

> > > On Fri, Oct 11, 2002 at 07:28:30PM -0500, Steve Langasek wrote:

> > > > The specific wording of the GPL grants an exception for linking binaries
> > > > against GPL-incompatible libraries that are part of the OS, *as long as*
> > > > your GPL binary is not shipped together with your libraries.  Debian
> > > > does not make this distinction; unless we were to make a new gpl-non-ssl
> > > > archive section, everything that we ship in main is part of a single OS
> > > > and is shipped together.

> > > Hmmm, I see the wording:

> > >   "unless that component [of the OS] itself accompanies the executable"

> > > Surely if your interpretation of this is correct, the *BSD projects
> > > could not redistribute GPL code linked against their C libraries, which
> > > they currently do with GCC and more?

> > The current generation of BSD system libraries are all licensed in a
> > GPL-compatible manner (BSD license w/o advertising clause).

> OK, bad example. Better examples are that Solaris ships with gzip, or
> BSD/OS ships with gcc, emacs, and so on....  Aren't those GPL
> violations?

Are these actually shipped as part of the OS?  I was told at one point
that Sun shipped all of the GNU tools on a separate, add-on CD because
of this clause of the GPL.  If these packages are linked against
proprietary libs and are being shipped as part of the OS, that would
seem to be a GPL violation, yes.

It may also be that the companies doing this have large legal teams who
have determined it is not a license violation.  But as far as we in
Debian understand it, it is, so we can't afford to ship binaries in this
configuration unless we have clear proof of this -- whether or not
others out there might be doing it.

Steve Langasek
postmodern programmer
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #60 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Joe Orton <joe@manyfish.co.uk>
Cc: 163583-quiet@bugs.debian.org, wichert@wiggy.net
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Mon, 23 Dec 2002 01:35:47 +0100
Hello Joe,

just to get back to you to because of the OpenSSL and Cadaver GPL issue:

it looks to me that debian officers insist, that cadaver is only liked
against openssl if you exlicitely allow this in the source by a statement.

The other option would be to port cadaver against GNUTLS.

Unfortunatelly I do not have the time for the second option, so I ask you to
make a new release, otherwise debian will most likely remove the package
from it's repository and I will not maintain it in that case any longer :(

So please help me with that issue. There are some samples for right wording
in the debian-legal archive or here:
http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs (2nd license
sample)

Wichert has reminded me of that open issue. Because of that the
current version in debian is 0.18 even if i have already packaged the most
recent 0.20 version.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Joe Orton <joe@manyfish.co.uk>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #65 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Joe Orton <joe@manyfish.co.uk>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: 163583-quiet@bugs.debian.org, wichert@wiggy.net, Steve Langasek <vorlon@netexpress.net>
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Mon, 23 Dec 2002 00:56:41 +0000
Hi Bernd,

Sorry - I meant to follow up on this a while ago.

On Mon, Dec 23, 2002 at 01:35:47AM +0100, Bernd Eckenfels wrote:
> just to get back to you to because of the OpenSSL and Cadaver GPL issue:
> 
> it looks to me that debian officers insist, that cadaver is only liked
> against openssl if you exlicitely allow this in the source by a statement.

Steve Langasek on debian-legal seemed to imply that because the SSL code
is isolated inside neon, under the LGPL, the cadaver GPL code might be
immune from the conflict with the restrictions of the OpenSSL license.

    GPL (cadaver)   --->   LGPL (neon)   --->  OpenSSL

I'm afraid I didn't completely follow the arguments - I've CC'ed Steve
so maybe he can confirm or deny this point.

> The other option would be to port cadaver against GNUTLS.
> 
> Unfortunatelly I do not have the time for the second option, so I ask you to
> make a new release, otherwise debian will most likely remove the package
> from it's repository and I will not maintain it in that case any longer :(

In the short term I would recommend that you simply drop SSL support
from your cadaver package; don't pass --with-ssl to configure!

SSL support can then hopefully be restored later once the licensing
issues have been resolved.

Regards,

joe



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #70 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Joe Orton <joe@manyfish.co.uk>
Cc: 163583-quiet@bugs.debian.org, wichert@wiggy.net, Steve Langasek <vorlon@netexpress.net>
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Mon, 23 Dec 2002 02:59:06 +0100
On Mon, Dec 23, 2002 at 12:56:41AM +0000, Joe Orton wrote:
> SSL support can then hopefully be restored later once the licensing
> issues have been resolved.

well, what would bne wrong to simply add the additional statement to the
license? Do you feel you do not have the right to do that? As I understand
it, debian do not want to move itself in a postion where a "might be enough"
statement is existent. 

(On the other hand, if debia nwants to be shure without a handwritten
signature no license would be valid,anyway).

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@netexpress.net>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #75 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@netexpress.net>
To: Joe Orton <joe@manyfish.co.uk>
Cc: Bernd Eckenfels <ecki@lina.inka.de>, 163583-quiet@bugs.debian.org, wichert@wiggy.net
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Sun, 22 Dec 2002 21:09:20 -0600
[Message part 1 (text/plain, inline)]
Hi Joe,

On Mon, Dec 23, 2002 at 12:56:41AM +0000, Joe Orton wrote:

> Sorry - I meant to follow up on this a while ago.

> On Mon, Dec 23, 2002 at 01:35:47AM +0100, Bernd Eckenfels wrote:
> > just to get back to you to because of the OpenSSL and Cadaver GPL issue:
> > 
> > it looks to me that debian officers insist, that cadaver is only liked
> > against openssl if you exlicitely allow this in the source by a statement.

> Steve Langasek on debian-legal seemed to imply that because the SSL code
> is isolated inside neon, under the LGPL, the cadaver GPL code might be
> immune from the conflict with the restrictions of the OpenSSL license.

>     GPL (cadaver)   --->   LGPL (neon)   --->  OpenSSL

> I'm afraid I didn't completely follow the arguments - I've CC'ed Steve
> so maybe he can confirm or deny this point.

Hmm.  Reviewing the debian-legal thread in the archive, I don't think it
was clear to me what you were asking.  Are you saying with the above
diagram that you have a GPL program, which links to an LGPL library,
which itself links to OpenSSL?

It was my impression that you were *only* asking about the combination
of LGPL+OpenSSL, not GPL+LGPL+OpenSSL.  The former is legally ok, the
latter is legally questionable.

Hope that clears up any miscommunications.

-- 
Steve Langasek
postmodern programmer
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Joe Orton <joe@manyfish.co.uk>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #80 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Joe Orton <joe@manyfish.co.uk>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: 163583-quiet@bugs.debian.org, wichert@wiggy.net, Steve Langasek <vorlon@netexpress.net>
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Mon, 23 Dec 2002 10:37:04 +0000
On Mon, Dec 23, 2002 at 02:59:06AM +0100, Bernd Eckenfels wrote:
> On Mon, Dec 23, 2002 at 12:56:41AM +0000, Joe Orton wrote:
> > SSL support can then hopefully be restored later once the licensing
> > issues have been resolved.
> 
> well, what would bne wrong to simply add the additional statement to the
> license? Do you feel you do not have the right to do that? As I understand
> it, debian do not want to move itself in a postion where a "might be enough"
> statement is existent. 

I don't own the copyright on all the GPL code in cadaver (there are some
bits of FSF code in there), so adding a license exception is not
possible, unfortunately.

Not linking cadaver against OpenSSL is *definitely* enough, surely? I'm
not sure what you mean by a "might be enough" position?

Regards,

joe



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #85 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: debian-devel@lists.debian.org
Cc: submit@bugs.debian.org
Subject: RFA: cadaver
Date: Mon, 23 Dec 2002 17:28:52 +0100
package: wnpp
severity: normal

I intend to orphan cadaver if nobody is taking the maintainerhsip.

The reason for this is, that I do not want to stress myself with
debian-legal issues anymore. For a full hitory of the problem, see bug
report #163583

I have packaged 0.20, but it is not available on ftp site. since it was
restricted for licensing issues (conflict between OpenSSL and GPL), but I
will reupload it with SSL disabled.

The new maintainer will have to port cadaver to GNU TLS, since cadaver
without SSL support does not make much sence to me.

The package has no open bug reports.

If you are interested, please contact me.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and filed, but not forwarded. Copy sent to cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #90 received at 163583-quiet@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Joe Orton <joe@manyfish.co.uk>
Cc: 163583-quiet@bugs.debian.org, wichert@wiggy.net, Steve Langasek <vorlon@netexpress.net>
Subject: Re: cadaver licensing issues: openssl and GPL again
Date: Mon, 23 Dec 2002 17:23:37 +0100
On Mon, Dec 23, 2002 at 10:37:04AM +0000, Joe Orton wrote:
> Not linking cadaver against OpenSSL is *definitely* enough, surely? I'm
> not sure what you mean by a "might be enough" position?

this was not refering to the -non-ssl mode, but to the libneon lgpl mode or
the "shipped with os" argument.

Well, I do not want to drop SSL support, since the tool loses its value for
me in that case. So I will use it peronally, but not maintain it anymore. I
asum the new maintainer will contact you, if one is found.

I understand that you cant change the copyright, this is a realy ugly
example of this GPL virus :)

Greetings
Bernd



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #95 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: control@bugs.debian.org
Cc: 163583@bugs.debian.org
Subject: reser
Date: Wed, 26 Feb 2003 03:07:34 +0100
severity 163583 wishlist
retitle 163583 If you adopt this package, please port it to GNU TLS
thanks

For now, the package has no SSL/TLS support.



Severity set to `wishlist'. Request was from Bernd Eckenfels <ecki@lina.inka.de> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Bernd Eckenfels <ecki@lina.inka.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Stephen Zander <gibreel@debian.org>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #104 received at 163583@bugs.debian.org (full text, mbox):

From: Stephen Zander <gibreel@debian.org>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: 163583@bugs.debian.org
Subject: cadaver up for adoption still?
Date: Fri, 14 Mar 2003 10:44:49 -0800
Subject says it all, and yes, I've read the messages in #163583.  Let
me know if you'd still like to give the package away.

-- 
Stephen

"A duck!"



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #109 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Stephen Zander <gibreel@debian.org>, 163583@bugs.debian.org
Subject: Re: Bug#163583: cadaver up for adoption still?
Date: Fri, 14 Mar 2003 21:17:24 +0100
On Fri, Mar 14, 2003 at 10:44:49AM -0800, Stephen Zander wrote:
> Subject says it all, and yes, I've read the messages in #163583.  Let
> me know if you'd still like to give the package away.

The package is up for adoption if the new maintainer has ported it ti GNU
TLS, yes.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Stephen Zander <gibreel@debian.org>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #114 received at 163583@bugs.debian.org (full text, mbox):

From: Stephen Zander <gibreel@debian.org>
To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: Stephen Zander <gibreel@debian.org>, 163583@bugs.debian.org
Subject: Re: Bug#163583: cadaver up for adoption still?
Date: Fri, 14 Mar 2003 16:32:51 -0800
>>>>> "Bernd" == Bernd Eckenfels <ecki@lina.inka.de> writes:
    Bernd> The package is up for adoption if the new maintainer has
    Bernd> ported it ti GNU TLS, yes.

Building cadaver against an external libneon (libneon is packaged)
both addresses this issue and is possible today, I just tried.  It
avoids the licensing issue (or at least makes it someone lese's
problem), because it breaks the GPL->LGPL->SSL question into GPL->LGPL
& LGPL->SSL.

Do you still want to give up this package?

-- 
Stephen

"Farcical aquatic ceremonies are no basis for a system of government!"



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #119 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Stephen Zander <gibreel@debian.org>
Cc: 163583@bugs.debian.org
Subject: Re: Bug#163583: cadaver up for adoption still?
Date: Sat, 15 Mar 2003 05:39:36 +0100
On Fri, Mar 14, 2003 at 04:32:51PM -0800, Stephen Zander wrote:
> Building cadaver against an external libneon (libneon is packaged)
> both addresses this issue and is possible today

AFAIK it does not help, but if you are willing to fight that out in debian
legal..

> Do you still want to give up this package?

Only to the DD who ports it to GNU TLS, because otherwise there is no need
for a new maintainer.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Merged 163583 186738. Request was from Bernd Eckenfels <ecki@lina.inka.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <ecki@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #126 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <ecki@lina.inka.de>
To: Thomas Viehmann <tv@beamnet.de>
Cc: 188381@bugs.debian.org, 163583@bugs.debian.org, 186738@bugs.debian.org, 174071@bugs.debian.org
Subject: Re: [Fwd: ITA: cadaver -- command-line client for WebDAV server]
Date: Sat, 12 Apr 2003 15:17:03 +0200
On Sat, Apr 12, 2003 at 10:26:33AM +0200, Thomas Viehmann wrote:
> I'd like to adopt cadaver and work out the problem of SSL support.
> (I.e. either linking with libneon and getting an exception for the other parts
> or moving to GnuTLS.)
> I'm not a DD, so I'll be asking you or debian-mentors for a sponsor once things
> are ready.

Thats fine with me. I am glad to sponsor you. As soon as you have resolved
the issues and be ready to upload a package, you have it. Until then, I
will keep maintaining that package, since besides the SSL issue I see no
reason to hand it over.

Please make sure you have the aproval on debian-legal AND from FTP-Masters
before you consider your job done. Thanks for your time and commitment to
help the project out with this.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Thomas Viehmann <tv@beamnet.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>, cadaver@packages.qa.debian.org. Full text and rfc822 format available.

Message #131 received at 163583@bugs.debian.org (full text, mbox):

From: Thomas Viehmann <tv@beamnet.de>
To: 163583@bugs.debian.org
Cc: 174071@bugs.debian.org, Steve Langasek <vorlon@netexpress.net>
Subject: Progress in libneon/cadaver GnuTLS
Date: Sat, 19 Apr 2003 01:21:05 +0200
[Message part 1 (text/plain, inline)]
Hi.

Just to let everyone know, I've just connected to my SSL Webdav server using
cadaver with GnuTLS.
I still need to do the certificate stuff right (and find a good place for
calling global_deinit...).
I don't post a preliminary patch because I don't publish things created at 1 AM
in the morning and because the CA file is hardcoded and memory leaked... Expect
something a patch soon, though.

Steve: You wrote on 174071 that you had patches to detect gnutls. Would you mind
sending them to me? Thanks.

Cheers

T.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>. Full text and rfc822 format available.

Message #136 received at 163583@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 163583@bugs.debian.org
Subject: GnuTLS support in neon subvcersion repository.
Date: Mon, 20 Dec 2004 12:10:27 +0100
FYI: There is code for using GnuTLS instead of OpenSSL in neon's
subversion repository. So this bug might magically go away when a new
major revision of neon is released.
             cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/



Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Sebastian Harl <sh@tokkee.org>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>. Full text and rfc822 format available.

Message #141 received at 163583@bugs.debian.org (full text, mbox):

From: Sebastian Harl <sh@tokkee.org>
To: control@bugs.debian.org
Cc: 163583@bugs.debian.org, 188381@bugs.debian.org, 247374@bugs.debian.org
Subject: cadaver with TLS support linked against libneon
Date: Fri, 15 Sep 2006 17:55:32 +0200
[Message part 1 (text/plain, inline)]
block 163583 by 374180
block 188381 by 374180
block 247374 by 374180
thanks

I am currently preparing a cadaver package including GnuTLS support (thru
libneon). Thus I need a GnuTLS enabled libneon26 package.

Laszlo could you please provide such a package? neon26 builds and works fine
with GnuTLS enabled. If you need help, I'd be glad to help out.

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl
GnuPG-ID: 0x8501C7FC
http://tokkee.org/

[signature.asc (application/pgp-signature, inline)]

Blocking bugs of 163583 added: 374180 Request was from Sebastian Harl <sh@tokkee.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Bernd Eckenfels <ecki@debian.org>:
Bug#163583; Package cadaver. Full text and rfc822 format available.

Acknowledgement sent to Bernd Eckenfels <be-mail2006@lina.inka.de>:
Extra info received and forwarded to list. Copy sent to Bernd Eckenfels <ecki@debian.org>. Full text and rfc822 format available.

Message #148 received at 163583@bugs.debian.org (full text, mbox):

From: Bernd Eckenfels <be-mail2006@lina.inka.de>
To: Sebastian Harl <sh@tokkee.org>
Cc: 247374@bugs.debian.org, 374180@bugs.debian.org, 163583@bugs.debian.org, 188381@bugs.debian.org
Subject: Re: Bug#247374: cadaver with TLS support linked against libneon
Date: Sat, 16 Sep 2006 01:52:10 +0200
On Fri, Sep 15, 2006 at 05:55:32PM +0200, Sebastian Harl wrote:
> block 163583 by 374180
> block 188381 by 374180
> block 247374 by 374180
> thanks
> 
> I am currently preparing a cadaver package including GnuTLS support (thru
> libneon). Thus I need a GnuTLS enabled libneon26 package.
> 
> Laszlo could you please provide such a package? neon26 builds and works fine
> with GnuTLS enabled. If you need help, I'd be glad to help out.
> 
> Cheers,
> Sebastian
> 
> -- 
> Sebastian "tokkee" Harl
> GnuPG-ID: 0x8501C7FC
> http://tokkee.org/

great, thanks for that work. Feel free to take cadaver over in that case.

Gruss
Bernd
-- 
  (OO)     -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. )    ecki@{inka.de,linux.de,debian.org}  http://www.eckes.org/
  o--o   1024D/E383CD7E  eckes@IRCNet  v:+497211603874  f:+49721151516129
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!



Reply sent to Sebastian Harl <sh@tokkee.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bernd Eckenfels <ecki@lina.inka.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #153 received at 163583-close@bugs.debian.org (full text, mbox):

From: Sebastian Harl <sh@tokkee.org>
To: 163583-close@bugs.debian.org
Subject: Bug#163583: fixed in cadaver 0.22.4-1
Date: Tue, 16 Jan 2007 19:32:02 +0000
Source: cadaver
Source-Version: 0.22.4-1

We believe that the bug you reported is fixed in the latest version of
cadaver, which is due to be installed in the Debian FTP archive:

cadaver_0.22.4-1.diff.gz
  to pool/main/c/cadaver/cadaver_0.22.4-1.diff.gz
cadaver_0.22.4-1.dsc
  to pool/main/c/cadaver/cadaver_0.22.4-1.dsc
cadaver_0.22.4-1_i386.deb
  to pool/main/c/cadaver/cadaver_0.22.4-1_i386.deb
cadaver_0.22.4.orig.tar.gz
  to pool/main/c/cadaver/cadaver_0.22.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 163583@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Harl <sh@tokkee.org> (supplier of updated cadaver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  8 Jan 2007 14:48:42 +0000
Source: cadaver
Binary: cadaver
Architecture: source i386
Version: 0.22.4-1
Distribution: experimental
Urgency: low
Maintainer: Sebastian Harl <sh@tokkee.org>
Changed-By: Sebastian Harl <sh@tokkee.org>
Description: 
 cadaver    - command-line WebDAV client
Closes: 163583 186738 247374 397735
Changes: 
 cadaver (0.22.4-1) experimental; urgency=low
 .
   * New upstream release.
   * Upload to experimental because of Etch freeze.
   * Link against libneon26-gnutls:
     - Enabled GnuTLS support (Closes: #163583, #186738, #247374).
     - Replaced libneon25-dev build dependency with libneon26-gnutls-dev.
   * Added patches/netrc.dpatch: Document the .netrc file support in the manpage
     (Closes: #397735).
   * Added watch file.
   * Upstream no longer provides a debian/ directory. Thus repackaging is not
     required any longer.
Files: 
 a38f1ec7f842fda31daf5d5fa435bdcd 688 web optional cadaver_0.22.4-1.dsc
 988887f713acabeee648184e6c63960d 714425 web optional cadaver_0.22.4.orig.tar.gz
 ea0c4fc80753405aee6d0d6344369673 6200 web optional cadaver_0.22.4-1.diff.gz
 49c69f3ee07e2ff04c3966d5a2bceb63 92322 web optional cadaver_0.22.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFrSPi01u8mbx9AgoRAvDxAKDORZpfM7VHIEbLYHVSxoQ3ZiV/qgCfRYoI
pZYXlA4eVSVMAzKszUdCxfM=
=X2d3
-----END PGP SIGNATURE-----




Reply sent to Sebastian Harl <sh@tokkee.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Keisuke URAGO <bravo@resourcez.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 17 Jun 2008 07:33:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:42:15 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.