git imap-send ssl support

This is still here on Karmic..

From the Debian bug:
“Unfortunately, Debian cannot distribute the result of linking git imap-send to OpenSSL for licensing reasons. So the easiest fix is most likely to modify it to use libgnutls.”

Status changed to 'Confirmed' because the bug affects multiple users.

There is discussion in the Debian bug of a patch by Mike Miller in late 2010 to replace the dependency on 'OpenSSL' with one on 'gnuTLS'.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434599#49

which made its way to the git-devel mailing-list but seems to have stalled.

http://marc.info/?l=git&m=128931540311518&w=2

The licenses for 'git' (GPLv2) and 'openssl' (BSD-like with advertising clause) are incompatible:

http://lists.debian.org/debian-legal/2002/10/msg00113.html
http://people.gnome.org/~markmc/openssl-and-the-gpl.html

The 'git' package already uses 'gnuTLS' for other cryptographic services and Mike Miller wrote his patch to use the gnutls-openssl compatibility functions. However, there was no public API access to required functions for MD5-CRAM authentication and it seems he stalled on the amount of work required to get changes in libgcrypt that gnutls relied on for MD5 hashes and base64 encoding.

Since then gnutls has moved on, replacing its dependency on libgcrypt with libnettle in 2.12.x. libnettle's API provides public access to both:

MD5 - http://www.lysator.liu.se/~nisse/nettle/nettle.html#Hash-functions
base64 - http://www.lysator.liu.se/~nisse/nettle/nettle.html#Ascii-encoding

However, Debian and Ubuntu are still using libgnutls26 (gnutls 2.12.14+security patches) from late 2011 depending on libgcrypt.

If/once Debian and Ubuntu move to using a gnutls that depends on libnettle it should allow us to push the git patches upstream and gain TLS support in git-imap-send. The main problem is gnutls has changed its license which would prevent any GPL v2 only applications/libraries that currently depend on it from being linked against it. See:

http://lists.debian.org/debian-legal/2011/02/msg00006.html
https://lists.ubuntu.com/archives/ubuntu-devel/2012-July/035575.html

Two good news items:

1. libgnutls28 has been in Debian/Ubuntu for a while, and with Utopic, libcurl4-gnutls-dev (which is a dependency of git) will finally depend on libgnutls28-dev, which is a dummy package pointing to libgnutls-dev, which in turn is at version 3.2.16, and which depends on nettle-dev (as opposed to its predecessors, which depended on libgcrypt).

2. In Utopic, gnutls28 depends on libgmp-dev (>= 2:6), which has been dual-licensed as LGPLv3+/GPLv2+.

So I think it should be both technically and legally feasible to use gnutls and nettle in order to implement imap-send for current versions of git!

Even better, curl nowadays speaks IMAP.

I've started work on this; see the Debian bug for more information.

Fixed in Git 2.10.2.