[Linux-ha-dev] GnuTLS, OpenSSL and management daemon
Alan Robertson
alanr at unix.sh
Tue Aug 16 12:36:39 MDT 2005
Guochun Shi wrote:
>
> At 05:05 PM 8/16/2005 +0800, you wrote:
>>Hi,
>>
>>I am working on the GUI now.
> great, I remember some ppl were working on GUI, any news from them?
>
>
>>We need a security connection between the remote GUI client and the management daemon.
>
> any design document available?
>
>>As we know that the most popular OpenSSL has some license issue, refer to horms's email, or http://www.gnome.org/~markmc/openssl-and-the-gpl.html
>>
>>So we have following choices:
>>1. add the exception cause as OpenSSL request.
>>2. seperate the transport layer from management daemon to avoid link to OpenSSL, and make the transport layer as a seprate program or daemon.
>>3. use GnuTLS. Who has experience about GnuTLS? Any comment?
>>4. IPsec, it needs above 2.6 or it must patch on kernel as I know.
>
> 2 looks good to me. If we don't make the transport layer a library, I assume it's all ok
>
For those complaining about option (2), the license problem is very
easily contained, and very easily solved in this code. If it's linked
against any other GPL code (like heartbeat), then it's very difficult to
get all the permissions from all the copyright owners.
--
Alan Robertson <alanr at unix.sh>
"Openness is the foundation and preservative of friendship... Let me
claim from you at all times your undisguised opinions." - William
Wilberforce
More information about the Linux-HA-Dev
mailing list