<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Hi all,<br>

    </p>

    <div class="moz-cite-prefix">On 10/12/21 19:45, Emanuele Aina wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:11915e3538a36e4f28fe0f01eb8a0d4547ab24d7.camel@collabora.com">

      <pre class="moz-quote-pre" wrap="">Hello all,

the latest source code scan highlighted that the version of Nettle used

on Apertis target images for the v2020 and v2021 releases is already

subject to the relicensing to LGPL-3 or GPL-2 and it is no longer LGPL-

2.1 licensed as the metadata from the original Debian package sources

indicated.

This means that any program using libnettle, and by extension libraries

like libgnutls, glib-networking and libsoup, has to be licensed under

the terms of the GPL-2 or the terms of the LGPL-3 license should be

applied to libnettle.

This goes against the Apertis licensing expectations[1] therefore we

are now working on a fix.

The v2022 release channel is not affected thanks to the rework of the

TLS stack usage[2] done in that channel. The recent documentation work

helped raising the awareness of the issue, identifying its impact and

the possible ways to address it.

We currently plan to backport the changes from v2022 to v2021, and even

v2020. Usage of libnettle and its reverse dependencies like libgnutls

will still be subject to the LGPL-3 or GPL-2 dual-license, but

libraries like glib-networking and libsoup will be moved to the OpenSSL

backend to avoid the issue. Check the document about the TLS stack

licensing[2] for further details.

In case of any doubt, we are available for any inquiry and

clarification about the impact of the issue.

Thank you!

[1] <a class="moz-txt-link-freetext" href="https://www.apertis.org/policies/license-expectations/">https://www.apertis.org/policies/license-expectations/</a>

[2] <a class="moz-txt-link-freetext" href="https://www.apertis.org/concepts/tls-stack/">https://www.apertis.org/concepts/tls-stack/</a>

</pre>

    </blockquote>

    <pre class="moz-signature" cols="72">

</pre>

    <div id="magicdomid8" class="ace-line"><span

        class="author-a-z82zz87znz88zz77zz72zz68zz90znz74zaz78zz66zz90zz75z0">The

        plan announced to backport the changes for the TLS stack [1]

        from v2022 to v2021 and v2020 has already been executed and new

        versions of the affected packages are already available for

        testing at v2021-updates and v2020-updates.</span></div>

    <div id="magicdomid9" class="ace-line"><br>

    </div>

    <div id="magicdomid11" class="ace-line"><span

        class="author-a-z82zz87znz88zz77zz72zz68zz90znz74zaz78zz66zz90zz75z0">Under

        the scope of these change glib-networking was updated to 2.66 to

        properly support OpenSSL backend.</span></div>

    <div id="magicdomid12" class="ace-line"><br>

    </div>

    <div id="magicdomid13" class="ace-line"><span

        class="author-a-z74zz69zz71zz87zz74zz85znmz78zyz68zz80z9i7z72z">We

        encourage people to test the new packages in the v2020-updates

        and v2021-updates repositories. They will be folded in the main

        v2020 and v2021 as part of publishing the next official

        releases, v2020.7 [2] and v2021.3 [3].</span></div>

    <div id="magicdomid14" class="ace-line"><br>

    </div>

    <div id="magicdomid16" class="ace-line"><span

        class="author-a-z82zz87znz88zz77zz72zz68zz90znz74zaz78zz66zz90zz75z0">In

        case of any doubt, we are available for any inquiry and

        clarification about the impact of the issue.</span></div>

    <div id="magicdomid17" class="ace-line"><br>

    </div>

    <div id="magicdomid18" class="ace-line"><span

        class="author-a-z82zz87znz88zz77zz72zz68zz90znz74zaz78zz66zz90zz75z0">Thank

        you!</span></div>

    <div id="magicdomid19" class="ace-line"><br>

    </div>

    <div id="magicdomid20" class="ace-line"><span

        class="author-a-z82zz87znz88zz77zz72zz68zz90znz74zaz78zz66zz90zz75z0">[1]

      </span><span

        class="author-a-z82zz87znz88zz77zz72zz68zz90znz74zaz78zz66zz90zz75z0

        url"><a href="https://www.apertis.org/concepts/tls-stack/"

          rel="noreferrer noopener" class="moz-txt-link-freetext">https://www.apertis.org/concepts/tls-stack/</a></span></div>

    <div id="magicdomid21" class="ace-line"><span

        class="author-a-z74zz69zz71zz87zz74zz85znmz78zyz68zz80z9i7z72z">[2]

      </span><span

        class="author-a-z74zz69zz71zz87zz74zz85znmz78zyz68zz80z9i7z72z

        url"><a

          href="https://www.apertis.org/release/v2020.7/release_schedule/"

          rel="noreferrer noopener" class="moz-txt-link-freetext">https://www.apertis.org/release/v2020.7/release_schedule/</a></span></div>

    <div id="magicdomid22" class="ace-line"><span

        class="author-a-z74zz69zz71zz87zz74zz85znmz78zyz68zz80z9i7z72z">[3]

      </span><span

        class="author-a-z74zz69zz71zz87zz74zz85znmz78zyz68zz80z9i7z72z

        url"><a

          href="https://www.apertis.org/release/v2021.3/release_schedule/"

          rel="noreferrer noopener" class="moz-txt-link-freetext">https://www.apertis.org/release/v2021.3/release_schedule/</a></span></div>

    <div id="magicdomid23" class="ace-line"><br>

    </div>

    <pre class="moz-signature" cols="72">

-- 

Walter Lozano

Collabora Ltd.</pre>

  </body>

</html>