Howard Chu hyc@symas.com writes:
Since they're committed to using GnuTLS, yes. Unfortunately for the Debian community, just because software is released under the GPL doesn't say anything about its quality.
GnuTLS is used in Debian for libldap because the project believes that it's the only thing that it can do legally under the project's copyright law interpretation (without kicking out all the GPL software that directly or indirectly links with libldap), not because we have a preference for GPL software. Many people in Debian do not (myself included). Personally, I release all my stuff under the MIT license.
Other distributions disagree with the copyright law interpretation. Some lawyers apparently agree and others don't. Given that I'm neither a lawyer nor willing to pay the money to hire one for the project, and given that no one really cares about my opinion of Debian's copyright analysis anyway, it is what it is. Convincing me that Debian's position is wrong is essentially pointless. I can't change it. Convincing Eben Moglen that it's wrong might accomplish something.
It's frustrating for me too. The fault here lies with the combination of the obnoxious GPL refusal to cooperate with other licenses and the obnoxious OpenSSL advertising clause, or arguably with Debian's extremely conservative position on licensing with dynamic linking, but that's a fight that I have no desire to take on yet again.
There are enough other reasons to use already-packaged software and enough reasons to use Debian in preference to other distributions (for what we're doing at Stanford; I'm not interested in discussing that position with anyone on this list) that it was worth helping fund the development of the GnuTLS support. That support basically works, recommended or not, which is a better place than we were in before. I can only hope that it will get better in the future, or that some miracle will happen with either OpenSSL licensing or Debian's legal interpretation of copyright, none of which I have any real control over.