Debian Bug report logs - #409154
ITP: libapache2-mod-auth-openid -- OpenID authentication module for Apache2

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: NIIBE Yutaka <gniibe@fsij.org>

Date: Wed, 31 Jan 2007 09:03:02 UTC

Owned by: niibe yutaka <gniibe@fsij.org>

Severity: wishlist

Done: NIIBE Yutaka <gniibe@fsij.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to NIIBE Yutaka <gniibe@fsij.org>:
New Bug report received and forwarded. Copy sent to debian-devel@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: NIIBE Yutaka <gniibe@fsij.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: libapache2-mod-auth-openid -- OpenID authentication module for Apache2
Date: Wed, 31 Jan 2007 17:47:44 +0900
Package: wnpp
Severity: wishlist
Owner: NIIBE Yutaka <gniibe@fsij.org>


* Package name    : libapache2-mod-auth-openid
  Version         : 0.0
  Upstream Author : bmuller <bmuller@butterfat.net>
* URL             : http://www.butterfat.net/wiki/Projects/ModAuthOpenID
* License         : GPL
  Programming Lang: C++
  Description     : OpenID authentication module for Apache2
  mod_auth_openid is an authentication module for Apache2.
  It handles the functions of an OpenID consumer as specified in the
  OpenID 1.1 specification.



Tags added: pending Request was from Anibal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #12 received at 409154@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
To: 409154@bugs.debian.org
Subject: What is the status on libapache2-mod-auth-openid for debian?
Date: Mon, 30 Jul 2007 15:44:51 -0400
[Message part 1 (text/plain, inline)]
Hello folks--

I see that in february, this ITP for libapache2-mod-auth-openid was
claimed to be fixed by a package in the NEW queue, but now (nearly 6
months later) nothing has even shown up in unstable or experimental.

What's the status on this package?

Thanks for preparing it for debian!

       --dkg
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to NIIBE Yutaka <gniibe@fsij.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #17 received at 409154@bugs.debian.org (full text, mbox):

From: NIIBE Yutaka <gniibe@fsij.org>
To: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>, 409154@bugs.debian.org
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid for debian?
Date: Wed, 01 Aug 2007 16:19:28 +0900
Daniel Kahn Gillmor wrote:
> I see that in february, this ITP for libapache2-mod-auth-openid was
> claimed to be fixed by a package in the NEW queue, but now (nearly 6
> months later) nothing has even shown up in unstable or experimental.
> 
> What's the status on this package?

I once built the package and uploaded.  But we found license problem.
This software is licensed under GPL, and it depends on OpenSSL library,
which is incompatible to GPL.

If we could consider OpenSSL is system library, it can be distributed.

I will contact about this issue to the author.
-- 



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #22 received at 409154@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
To: NIIBE Yutaka <gniibe@fsij.org>
Cc: 409154@bugs.debian.org
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid for debian?
Date: Wed, 01 Aug 2007 15:13:23 -0400
[Message part 1 (text/plain, inline)]
On Wed 2007-08-01 03:19:28 -0400, NIIBE Yutaka wrote:

> I once built the package and uploaded.  But we found license
> problem.  This software is licensed under GPL, and it depends on
> OpenSSL library, which is incompatible to GPL.
>
> If we could consider OpenSSL is system library, it can be distributed.
>
> I will contact about this issue to the author.

Interesting.  Have you tried building it against one of the other TLS
implementations (e.g. gnutls, nss, yassl, etc?)

 http://www.gnu.org/software/gnutls/comparison.html

Would you mind publishing your packaging details?  I'd be willing to
try to switch TLS implementations if that's a possiblity.  i'd very
much like to see this functionality be easily accessible in debian.

Also: is it that mod_auth_openid requires linking with openssl
directly?  or is it that libopkele1 links to openssl, and therefore
can't be used in a GPL'ed program?

Or is it both?  the fact that libaprutil1-dev depends on libssl-dev
(via libpq-dev) makes it a bit hairy to even try to build a GPL'ed
apache module.

Nonetheless, there are many GPL'ed apache modules available, if you
believe the licensing on this page:

 http://modules.apache.org/search

Regards,

        --dkg
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to NIIBE Yutaka <gniibe@fsij.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #27 received at 409154@bugs.debian.org (full text, mbox):

From: NIIBE Yutaka <gniibe@fsij.org>
To: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>, 409154@bugs.debian.org
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid for debian?
Date: Thu, 02 Aug 2007 08:28:52 +0900
Just a quick replay,

Daniel Kahn Gillmor wrote:
> Would you mind publishing your packaging details?  I'd be willing to
> try to switch TLS implementations if that's a possiblity.  i'd very
> much like to see this functionality be easily accessible in debian.

Here it is:

	http://www.gniibe.org/oitoite/libapache-mod-auth-openid/

That's for your reference.

I think that distribution of this diff is OK, and people can
build the binary package by themselves.
-- 



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #32 received at 409154@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: 409154@bugs.debian.org
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid, for debian?
Date: Wed, 01 Aug 2007 19:34:25 -0400
Posting this exchange with Brian's permission:

On Wed 2007-08-01 15:07:48 -0400, "bmuller@butterfat.net wrote:

> Hello - I'm the lead developer for mod_auth_openid.
>
> Would it be sufficient for me to distribute mod_auth_openid with an
> OpenSSL exemption to the GPL (as described at
> http://lists.debian.org/debian-legal/2004/05/msg00595.html )?

I'm not enough of a debian-legal person to say conclusively that it'd
be acceptable for debian, but since mod_auth_openid is the only piece
of code here under the GPL and you control the entire copyright
(afaict) i think this would be a legitimate course of action.

> I've contacted the libopkele (the dependency that actually uses
> OpenSSL) developer about possibly using GNUTLS instead of OpenSSL, but
> I'm fairly certain that he's not going to be willing to change.

sigh.  yeah, that could well be an uphill battle.  Thanks for pinging
further upstream about it.  I'll drop them a note myself to see if
it'll help any.  debian's libopkele is already building cleanly
against libcurl-gnutls, so there's only the direct use of openssl that
they'd need to worry about.  What a chain of dependencies!

> If necessary, I can revert to a less restrictive license, but would
> prefer to go with the GPL.

I don't know that you'd need to do anything less restrictive than the
OpenSSL exemption you describe.  Thank you very much for both taking
the license wrangling seriously and for being reasonable about it.

Regards,

        --dkg



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to "bmuller@butterfat.net" <bmuller@butterfat.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #37 received at 409154@bugs.debian.org (full text, mbox):

From: "bmuller@butterfat.net" <bmuller@butterfat.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: 409154@bugs.debian.org
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid, for debian?
Date: Thu, 02 Aug 2007 18:37:27 -0400
I spoke with the developer for libopkele, and he's going to look into 
using GNUTLS (soon).  He's pretty responsive and understanding of the 
licensing issue.  There is only a small portion of libopkele that uses 
OpenSSL; hopefully it shouldn't be hard to offer a GNUTLS option.

For now, I'm going to go ahead and add the OpenSSL exception to the 
upcoming release of version 0.1 (this will be available within the next 
week or two).  I'll send a notice to the bug post when the next version 
is released.

Thanks,
Brian



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to "bmuller@butterfat.net" <bmuller@butterfat.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #42 received at 409154@bugs.debian.org (full text, mbox):

From: "bmuller@butterfat.net" <bmuller@butterfat.net>
To: 409154@bugs.debian.org
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid,, for debian?
Date: Tue, 21 Aug 2007 21:12:10 -0400
Mod_auth_openid version 0.1 can now be downloaded from 
http://butterfat.net/wiki/Projects/ModAuthOpenID/Releases .  It has been 
released under the MIT license, so all the licensing issues should be 
taken care of now.


Brian 





Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>:
Bug#409154; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, niibe yutaka <gniibe@fsij.org>. Full text and rfc822 format available.

Message #47 received at 409154@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
To: 409154@bugs.debian.org
Cc: bmuller@butterfat.net
Subject: Re: Bug#409154: What is the status on libapache2-mod-auth-openid,, for debian?
Date: Wed, 22 Aug 2007 00:26:13 -0400
[Message part 1 (text/plain, inline)]
For what it's worth, i used the packaging supplied by NIIBE Yutaka to
package svn r60 (0.1 came from svn r78, i think), and the package i
built appears to be functional in production.  I think this should
progress into debian proper for wider testing.

Thanks for all the work on this, folks.

       --dkg
[Message part 2 (application/pgp-signature, inline)]

Bug closed, send any further explanations to NIIBE Yutaka <gniibe@fsij.org> Request was from NIIBE Yutaka <gniibe@fsij.org> to control@bugs.debian.org. (Sun, 30 Sep 2007 13:12:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 29 Oct 2007 07:29:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 13:24:00 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.