Packagers: Please Read - KTp Auth Handler Dependencies

George Kiagiadakis kiagiadakis.george at gmail.com
Thu Nov 7 07:59:14 UTC 2013


On Tue, Nov 5, 2013 at 8:17 PM, David Edmundson
<david at davidedmundson.co.uk> wrote:
> Can you make sure ktp-auth-handler depends on libqca-ossl for *all*
> shipped versions.
>
> Also if anyone knows why QCA, a library for handling certificates, was
> split into _not including the part that handles certificates_  please
> tell me. It seems to be for the sole purpose of making apps crash and
> making me annoyed. I get a bug report a day.

There has always been a licensing issue with openssl, because its
license is incompatible with the GPL. In order to use openssl in your
GPL application, you need to explicitly add a clause in the license
saying that you permit linking it with openssl. Now by making the
openssl backend of qca a plugin, this restriction is somewhat worked
around. Theoretically, qca could also support certificate handling in
some better backend (a gcrypt backend would be great), which would
solve the issue, but nobody has implemented that yet.

But anyway, even with the plugin mechanism, adding a direct dependency
on the openssl plugin is also avoided because people are afraid of
these legal issues. What you could do, however, is to ask packagers
how this could be fixed legally on your side (you have to add some
extra clause in the license of auth-handler, afaik) and explicitly ask
people to make it depend on openssl.


More information about the KDE-Telepathy mailing list