Re: Bacula and OpenSSL (original) (raw)

On Thu, Jul 19, 2007 at 04:22:06PM +0200, Shane M. Coughlan wrote:

=== We do not believe that OpenSSL qualifies as a System Library in Debian. The System Library definition is meant to be read narrowly, including only code that accompanies genuinely fundamental components of the system.

OpenSSL certainly "accompanies" genuinely fundamental components of the system; it's status in Debian is that it's as "fundamental" as apt, and significantly more fundamental than any windowing system, which is explicitly listed as an example of a "fundamental component" in the GPLv3.

I don't see anything to suggest that that's the case for OpenSSL in Debian: the package only has important priority (as opposed to glibc's required),

The definition of the "required" priority is the minimal set of packages that are required for a system to be administered using dpkg. That excludes, for instance, gcc, not to mention window managers and even all our kernel packages.

there are only about 350 packages depending on it (as opposed to glibc's 8500),

There are apparently 360 packages just on my system which will be removed if I remove openssl, and I only have 1883 installed. On the same system (which is my day to day desktop), removing libx11-6 takes down 610 packages. On a headless server, removing libx11-6 takes down 7 packages, while libssl0.9.8 takes 82 packages with it.

and it isn't installed on a base system.

The base system is precisely those packages at priority required or important, and includes openssl.

To put it plainly, if OpenSSL actually were a System Library, I would expect it to look more like one.

From what I can see of the GPLv3 text, OpenSSL plainly is a System Library for Debian -- SSL support is a "major essential component of the specific operating system", and one that we include on all systems as soon as they're installed before giving users the option of what to install, whether they're building a server, desktop system, embedded target or anything else. It's integrated into the operating system to the level at which basic tools such as curl and wget are configured to rely on it and through those dependencies such as debootstrap (used to install the Debian base system), openoffice.org, gimp, and bzflag; likewise python directly depends on ssl, and hence so do all the python scripts in the archive.

It's not "essential" by the very limited meaning we use for the "Essential: yes" field in the Packages files, which is to say, "if you remove this package, you will not be able to manage your system using dpkg" (and indeed that field is used for only a subset of the Priority: required packages, and happens to not be used for glibc), but it's certainly essential by most common usages of the term, and some more general usage of the term is certainly implied by the GPLv3's reference to "window managers" as essential components.

Cheers, aj

Attachment:signature.asc
Description: Digital signature

Reply to: