On Sat, Jul 20, 2019 at 12:13:38PM +0200, Michael Ströder wrote:
The support for GNUTLS was requested by Debian folks because of OpenSSL licensing paranoia. Does anybody maintain the stuff?
As the Debian maintainer I consider the GnuTLS support primarily my responsibility at this point, so yes, I do try to respond and investigate GnuTLS related issues. Luckily many of these get handled through the Debian bugtracker before this side ever hears of them. But I'm only reacting to issues that are reported to me; I'm not an active OpenLDAP user myself.
The question is whether this is still revelavant with OpenSSL 3.0.0 moving to Apache-2.0 license [1]. [2] says APL-2.0 is not compatible with GPLv2 though.
Unfortunately that's correct - the Apache license does not solve the issue for binaries containing GPLv2 code without an OpenSSL exception.