libgit2 switch from mbedTLS to OpenSSL
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Wed Jun 29 10:56:57 UTC 2022
On 6/29/22 10:33, Simon Chopin wrote:
> Hi!
>
> As part of our efforts to support the Rust toolchain in main, we need to
> have libgit2 in main (dependency of cargo). However, it currently links
> against mbedTLS for its HTTPS backend rather than OpenSSL, for licensing
> reasons IIUC. Those reasons would now be invalid with the new OpenSSL
> 3.0 licensing.
>
> I'd like to switch it back to OpenSSL to avoid pulling yet another TLS
> implementation in main, however I'm a bit fuzzy whether this would
> constitute a breaking change for the libgit2 package. The libgit2
> library does not expose anything from its crypto implem as part of its
> API, nor does it re-export any of their symbols (assuming I understand
> the output of readelf -s correctly).
>
> Could someone confirm that this does not represent a breaking change?
>
> Cheers,
> --
> Simon Chopin
> Foundations Team Ubuntu Core Dev
> simon.chopin at canonical.com schopin at ubuntu.com
>
Libgit2 is licensed under GPLv2 which is incompatible with the Apache v2
license of OpenSSL 3.0 (see
https://www.gnu.org/licenses/license-list.html.en).
But a "Linking Exception" is present in the COPYRIGHT file of libgit2.
Please, recheck if that exception is enough for your use case.
Best regards
Heinrich
More information about the ubuntu-devel
mailing list