1 xmlsec and libxmlsec for Debian
2 -------------------------------
4 The upstream documentation is included with the libxmlsec1-dev package and
5 located at /usr/share/doc/libxmlsec1-dev.
7 When developing with the xmlsec library, you have a choice of openssl,
8 gnutls, or nss crypto engines. By using "pkg-config xmlsec1-<engine>" or
9 "xmlsec1-config --crypto=<engine>", you can get the necessary compiler
10 command-line switches for enabling a certain engine.
12 If you want to license your application that uses the xmlsec library under
13 the GNU GPL, or want your library that uses the xmlsec library to be GPL-
14 compatible, I suggest using the gnutls engine. Use of the nss crypto engine
15 may also be compatible with the GPL, but see bugs #207024 and #207026.
16 Regarding openssl, there is a bit of controversy about whether it can be
17 considered part of the OS and therefore make use of a loophole in the GPL.
18 (See the xmlsec FAQ in the documentation.) More specifically, debian-legal
19 takes a hard line and does not allow GPL'd packages that link to openssl to
20 exist in main. In the future, support for PGP key types may be added, which
21 would become another reason to go with the gnutls engine.
23 Note that the library has a dynamic crypto engine loading feature, but I
24 have not yet enabled it.
26 Note that a number of the examples included with the -dev package will
27 not compile successfuly under the gnutls engine (due to lack of features
28 compared to openssl), and will fail under both the gnutls and nss engines
29 (due to lack of pem file support, etc.).
31 Upstream has promised that they will increment the number in the library name
32 name (for example, xmlsec1 -> xmlsec2) whenever a binary incompatibility is
33 introduced, and that it will always match the soname number. For this
34 reason I chose to omit the soname number from package names.
37 -- John V. Belmonte <jbelmonte@debian.org>
projects / external / xmlsec1.git / blob