On Thu, Feb 07, 2008 at 01:01:09PM -0800, Linus Torvalds wrote:

quoted text
> > FWIW, this is not about OpenSSL for SHA1; it is about the underlying
> > library used by curl to do SSL (gnutls vs openssl).
> 
> My comment was about claiming "not distributable". That was simply not 
> true. It's perfectly distributable, it's just Debian that has issues with 
> OpenSSL (but then they shouldn't link it against curl either, so there 
> seems to be some _other_ problem there too).

And I happen to agree with you, but...

quoted text
> > And the problem is that curl linked against gnutls seems _broken_, so 
> > Anand has asked if Debian can ship a binary git linked against a curl 
> > that is linked against openssl (and the answer is probably "no, Debian 
> > people think that is wrong").
> 
> Sure. And you can probably fix it by using NO_OPENSSL, which uses the 
> Mozilla SHA1 library. As I also pointed out.

what I was saying before is that NO_OPENSSL _doesn't_ fix the problem,
because this has nothing whatsoever to do with the mozilla sha1 library
or any decision that git can make.

Debian provides two versions of curl, one that uses openssl and one that
uses gnutls. The question of which is used depends on which Debian
package you happen to have installed. So it is not a git matter at all,
but rather a matter of Debian policy about which version of curl is used
when building the official binary packages.

quoted text
> In short - I just wanted to make sure that we do not make the insane 
> Debian policies somehow official git ones.

Agreed. There is no fallout from this issue for git; it is purely a
Debian build process issue.

-Peff
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html