Skip to content
Snippets Groups Projects
Commit 05a54aff authored by Martyn Welch's avatar Martyn Welch Committed by Martyn Welch
Browse files

Changes for TLS-stack review comments


A number of clarifications and changes have been requested as part of the
TLS-stack document review.

Signed-off-by: default avatarMartyn Welch <martyn.welch@collabora.com>
parent fe604e63
No related branches found
No related tags found
1 merge request!111Changes for TLS-stack review comments
Pipeline #164046 passed
......@@ -7,12 +7,12 @@ outputs:
- pdf-in
---
The Apertis distribution is targeted towards the development of and use in
electronic devices. In line with this goal, the Apertis project strives to
provide software components that, where there is intent that they form part of
the software stack on the devices themselves, are free from licensing
constraints that may make it unsuitable in certain use cases. An example is
software licensed under the terms of the GNU
The Apertis distribution provides both a development environment for electronic
devices as well as a software stack to be used on them. In line with this
goal, the Apertis project strives to provide software components that, where
there is intent that they form part of the software stack on the devices
themselves, are free from licensing constraints that may make it unsuitable in
certain use cases. An example is software licensed under the terms of the GNU
[GPL-3](https://www.gnu.org/licenses/gpl-3.0.en.html) (General Public License)
or [LGPL-3](https://www.gnu.org/licenses/lgpl-3.0.en.html) (Lesser General
Public License) which are known to present a problem as they sometimes
......@@ -60,7 +60,7 @@ currently provides [GnuTLS](https://www.gnutls.org/),
- **NSS**: Apertis currently provides NSS version 3.42.1. This version
is approximately a year and a half old, and is packaged as part of Debian
Buster. As with OpenSSL, support for Debian Buster
[is expected](https://wiki.debian.org/LTS) until June 2024.
is expected until June 2024.
Some of the packages requiring TLS support only support one of the currently
provided TLS implementations, often due to licensing compatibility. Other
......@@ -72,14 +72,14 @@ detailed analysis in the [Appendix]({{< ref "#appendix" >}}).
The TLS libraries used in Apertis today are currently supported, though this
will not remain the case indefinitely, with Ubuntu dropping support for the
currently used GnuTLS in 2022 and OpenSSL 1.1 losing support in 2024.
currently used GnuTLS in 2022, NSS and OpenSSL 1.1 losing support in 2024.
Future releases of Apertis would be expected to be based on newer versions of
Debian (as covered in the [Apertis Release Flow]({{< ref
"release-flow.md#apertis-release-flow" >}}). As could be expected, newer
versions of Debian have integrated newer versions of these TLS libraries.
Upgrading to newer versions of the GnuTLS or OpenSSL may present issues for
Apertis:
Whilst upgrading to newer versions of NSS does not appear to present any
issues, the GnuTLS or OpenSSL may present issues for Apertis:
- **GnuTLS**: Whilst GnuTLS is licensed under the
[LGPL-2.1](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html), it uses
......@@ -376,7 +376,7 @@ to fair use laws in some jurisdictions or explicitly allowed by the GPL when it
act of running the Program is not restricted".
A further argument is that the GPL
[states](https://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section3)) "as
[states](https://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section3) "as
a special exception, the source code distributed need not include anything that
is normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on which the
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment