The inclusion of OpenSSL in Sage has been decided after a long and fruitful discussion. Now remains to implement it…
The case of installing Sage without OpenSSL is addressed in a separate thread (to be posted RealSoonNow).
Since the OpenSSL relicensing is still underway, the “obvious” way (make openssl a standard package, and be done with it) canot be done (yet : that will be the end of the story…). The following proposal deals with the transitional period until this relicensing.
The ticket #24107 has been opened on Track. However, it seems more useful to keep the discussion here, dedicating the exchanges on Trac to technical implementation issues.
The incompatibility between GPL and OpenSSL Licenses does not seem to amount to much
"Additional permission under GNU GPL version 3 section 7If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, the Free Software Foundation grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work."
That (modulo sed -e"s/Free Foftware Foundation/Sage/g"
, of course) seems to cover all possible recourse against us except possibly their use of GPL version 3 rather than 2. GPL exegetes, there is your opportunity to speak up…
However, in the relevant pieces of documentation (mostly README, I think), we may add the following blurb :
"Sage depends on the availability of the OpenSSL software library (a piece of software that allows secure
communications between your computer and servers used to download parts of the system) in your system software.
It is likely that this library is already present on your system. If you are using a pre-compiled packaging of Sage, such
as the Windows distribution, a Debian, Red Hat or Gentoo package or a Macintosh package, these packages depend on
the necessary library, that will be automatically installed on your computer from the official source of your software
package."
In the Installation Guide, the same language could be inserted in the relevant “binary installation” part. In the “compiling from sources” part, ditto, but add :
"However, due to its current licensing terms, Sage can be linked against (i. e. built in order to work using) this library,
but we cannot host it on our servers.
If this library and its header files are not currently installed, the installation script will offer you the choice of
* downloading OpenSSL sources from the OpenSSL repository, for installation in the Sage tree only, or
* aborting the installation, in order to let you install OpenSSL systemwide
In the first case, OpenSSL will be used only by Sage and its hosted software, such as Python and R. In the second
case, OpenSSL will become available to all your installed programs."
In short, we need practical advice on how to cope with various versions of Mac OS and non-Linux, non-FreeBSD unices (which are a bit exotic, nowadays…). Advice welcome.
There, things begin to be interesting :
We can use a procedure that I’m said to be used for some of our standard packages : the toplevel configure
script :
$SAGE_ROOT
tree ;The step 2. cannot be used “raw” in openssl’s case : the normal installation process would fail at the download stage. We can :
$SAGE_ROOT/upstream
, then proceed as for a “normal’ package ;I propose that we combine those steps in the following manner :
$SAGE_ROOT/upstream
then proceed ;All traces of our current, outdated and probably (pseudo-)illegal openssl package must disappear.
Also, looking for optional packages, I see :
charpent@p-202-021:~$ sage -optional | grep openssl
openssl.................................1.0.2j (not_installed)
pyopenssl...............................17.3.0 (not_installed)
I do not understand why. Is my last installation too old ? The questoin goes to mirrors administrators and possibly present and past release managers.
What do you think ? Advice, criticisms, lazzi and even koans welcome.
HTH,
—
Emmanuel Charpentier
Proposal for implementation of OpenSSL inclusion in Sage.
The inclusion of OpenSSL in Sage has been decided after a long and fruitful discussion. Now remains to implement it…
On Wed, Oct 25, 2017 at 5:42 PM, Emmanuel Charpentier
<emanuel.c...@gmail.com> wrote:
> I need an example of a standard package not installed if present systemwide
> : I know there are some, but can't retrieve it right now...
gcc