IRCd-Hybrid with OpenSSL support in Debian: licences conflictresolution

Aurélien GÉRÔME ag at roxor.cx
Sun Sep 3 13:50:08 EDT 2006 

On Sun, Sep 03, 2006 at 12:54:17PM -0400, Alan LeVee wrote:
> I'm going to just sneak into this conversation here for a bit. I agree 

You did right. :)

> with the hindrances that the use of OpenSSL causes on the Debian 
> distribution as I'm a Debian user myself and helped develop the client 
> SSL implementation to the IRCD-Hybrid 7.x branch however GnuTLS would 
> not be a viable option Client <-> Server even though it is for Server 
> <-> Server because the problem is the few IRC clients that do exist that 
> support SSL, use the OpenSSL libraries for their implementation and 
> given that GnuTLS is rather particular about it's handshaking methods I 
> ran into problems getting them both to behave properly (though this may 
> have changed).

I concur.

> Plus GnuTLS requires a large unhealthy amount of the entropy pool which 
> can cause problems for people running servers that have no input device 
> hookups (on kernel 2.6 which lacks entropy sources and they sit in a 
> server cage) and lack a hardware RNG which is why I chose OpenSSL for 
> the Client <-> Server implementation so if they needed more secure 
> entropy they could use an EGD.

You must have dug the issue more than me on that...

> I would support however the move to add the appropriate legal licensing 
> marks but as for GnuTLS on a Client <-> Server level I don't think that 
> will be realistically possible for awhile until all known SSL IRC 
> clients (which some link against OpenSSL) can be effectively tested to 
> see if they can handshake with GnuTLS and when the problems with kernel 
> 2.6 are resolved that created the severe entropy problems that GnuTLS 
> doesn't handle well.

Anyway, I do not have the time to proceed on a GNUTLS port. :/

Well, what can be also done is the same procedure as the Irssi IRC
client did. Irssi is GPL'ed, but linking with OpenSSL is enabled in
Debian, because of the following text in debian/copyright.

***
COPYING includes the following addition to the GPL:

   Specific permission is granted for the GPLed code in this
   distribition to be linked to OpenSSL without invoking GPL clause
   2(b).
***

What I described earlier in my first post is the complete
procedure. However, I think what the authors of Irssi did is also
valid.

This is a little alteration to the GPL to allow what you all have
integrated in IRCd-Hybrid: SSL support. Maybe you can slip it into
IRCd-Hybrid COPYING file? The resulting binaries would therefore
be distributable. Moreover, it seems to only cover the parts using
OpenSSL if I am not mistaken.

When I look at <http://www.adx.irc7.pl/hybrid/>, you are currently
at least 8 Copyright Holders on IRCd-Hybrid. I think if you all give
your agreement on that little alteration, then maybe it is possible
to allow it. Otherwise, it is obviously a dead end. :(

Cheers,
-- 
 .''`.   Aurélien GÉRÔME
: :'  :
`. `'`   Free Software Developer
  `-     Unix Sys & Net Admin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.ircd-hybrid.org/pipermail/hybrid/attachments/20060903/2451eb6e/attachment.pgp>

More information about the hybrid mailing list