[OE-core] [PATCH V2 7/7] opkg-keyrings: New recipe
Richard Tollerton
rich.tollerton at ni.com
Wed Feb 11 22:49:58 UTC 2015
Paul Barker <paul at paulbarker.me.uk> writes:
> On Tue, Feb 10, 2015 at 06:43:34PM -0600, Richard Tollerton wrote:
>> Paul Barker <paul at paulbarker.me.uk> writes:
>>
>> > This recipe wraps package and package feed verification keys into a package,
>> > making the management and deployment of verification keys much easier. Comments
>> > on how to select keys for inclusion in this package are provided in the recipe
>> > file.
>>
>> Would you be receptive to this package being extended to support OpenSSL
>> keys?
>
> I wouldn't advise it.
>
> There is no 'OpenSSL exception' in the opkg license and so a few people have
> been worried that shipping binaries of opkg linked against OpenSSL is a breach
> of the respective licenses. IANAL, but people have been concerned.
Do you recall if this is specifically because OpenSSL is statically
linked into libopkg? (Why is that done, anyway?)
> OpenSSL support is probably less tested than gpg support as well.
>
> However, if it's something you're already using, have tested and are comfortable
> with the licensing implications then go for it.
Meh. We've got some existing OpenSSL infrastructure for other operating
systems, so we were kinda sliding into an OpenSSL-based opkg setup by
sheer inertia. But if gnupg is going to align better with everybody else
long term, it's not too late to change directions.
More information about the Openembedded-core
mailing list