Discussion:
Question about system dependencies policy...
(too old to reply)
Jonathan
2012-02-11 14:52:04 UTC
Permalink
What is the policy on system dependencies?

Here is the situation. The latest flask-notebook contains support for
OpenSSL. In order to compile properly it needs access to both the
openssl and openssl-dev packages. At least on my Ubuntu system the
openssl package is standard, but openssl-dev is not. When the flask-
notebook is incorporated, do we need to add the openssl package to the
compilation dependencies in the Sage readme, or does the flask
notebook spkg need to include or build those dependencies?

Thanks,
Jonathan
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 14:57:24 UTC
Permalink
Post by Jonathan
What is the policy on system dependencies?
Here is the situation. The latest flask-notebook contains support for
OpenSSL. In order to compile properly it needs access to both the
openssl and openssl-dev packages. At least on my Ubuntu system the
openssl package is standard, but openssl-dev is not. When the flask-
notebook is incorporated, do we need to add the openssl package to the
compilation dependencies in the Sage readme, or does the flask
notebook spkg need to include or build those dependencies?
My understanding is that the flask notebook cannot include the openssl
headers because of licensing incompatibilities.

So I'd support adding openssl-dev as a requirement of Sage. What
systems does it come default on? I don't recall having a problem on
OSX, for example.

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Alex Kramer
2012-02-11 14:59:30 UTC
Permalink
On Sat, Feb 11, 2012 at 9:57 AM, Jason Grout
So I'd support adding openssl-dev as a requirement of Sage.  What systems
does it come default on?  I don't recall having a problem on OSX, for
example.
On Debian (and presumably Ubuntu as well), the correct package name
appears to be libssl-dev, not openssl-dev.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-11 17:50:09 UTC
Permalink
Alex is correct. I stand corrected. The header files that are a
problem are part of libssl-dev. I did a quick read of their copyright
license. Since it allows redistribution of source and binaries with
acknowledgement, I'm not sure it is really incompatible with GPL,
although their secondary license (yes they have two inconsistent ones)
does not allow distribution under a GPL license. Still I see no
problem with depending on the package as it is open source. I agree
that distributing as part of Sage might be a problem.

Jonathan
Post by Alex Kramer
On Sat, Feb 11, 2012 at 9:57 AM, Jason Grout
So I'd support adding openssl-dev as a requirement of Sage.  What systems
does it come default on?  I don't recall having a problem on OSX, for
example.
On Debian (and presumably Ubuntu as well), the correct package name
appears to be libssl-dev, not openssl-dev.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 17:56:23 UTC
Permalink
Post by Jonathan
Since it allows redistribution of source and binaries with
acknowledgement, I'm not sure it is really incompatible with GPL,
That makes the OpenSSL license GPL-incompatible. See
http://people.gnome.org/~markmc/openssl-and-the-gpl.html

Thanks,

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-11 16:54:37 UTC
Permalink
Post by Jason Grout
Post by Jonathan
What is the policy on system dependencies?
Here is the situation. The latest flask-notebook contains support for
OpenSSL. In order to compile properly it needs access to both the
openssl and openssl-dev packages. At least on my Ubuntu system the
openssl package is standard, but openssl-dev is not. When the flask-
notebook is incorporated, do we need to add the openssl package to the
compilation dependencies in the Sage readme, or does the flask
notebook spkg need to include or build those dependencies?
My understanding is that the flask notebook cannot include the openssl
headers because of licensing incompatibilities.
So I'd support adding openssl-dev as a requirement of Sage. What systems
does it come default on? I don't recall having a problem on OSX, for
example.
Jason
Does that get around the licensing issues? I'm not convinced it does myself.

If you make it a requirement to use non-GPL code, which is not part of the core
of the operating system to run Sage, then I don't see how Sage can be considered
GPL any more.

What do you do if a system has the OpenSSL libraries, but they are too old? Or
if it has the libraries, but not the development headers? Someone has already
said the development headers don't come with Ubuntu.

Perhaps you can argue you don't actually link to the headers, so that is ok. All
seems a bit doggy to me.

I believe the license of Sage is very dubious at best, even in it's current
state. Unfortunately, the huge number of different "open source" licenses seems
to make this almost inevitable.

Has anyone ever tried getting the OpenSSL developers to release OpenSSL under a
GPL license, or perhaps dual license it, giving anyone the choice to use
whatever license they want.

Would you consider Sage GPL if it needed to link to libraries written by Wolfram
Research for Mathematica?

Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 17:38:03 UTC
Permalink
Post by Dr. David Kirkby
Post by Jason Grout
Post by Jonathan
What is the policy on system dependencies?
Here is the situation. The latest flask-notebook contains support for
OpenSSL. In order to compile properly it needs access to both the
openssl and openssl-dev packages. At least on my Ubuntu system the
openssl package is standard, but openssl-dev is not. When the flask-
notebook is incorporated, do we need to add the openssl package to the
compilation dependencies in the Sage readme, or does the flask
notebook spkg need to include or build those dependencies?
My understanding is that the flask notebook cannot include the openssl
headers because of licensing incompatibilities.
So I'd support adding openssl-dev as a requirement of Sage. What systems
does it come default on? I don't recall having a problem on OSX, for
example.
Jason
Does that get around the licensing issues? I'm not convinced it does myself.
I thought we came to a conclusion about this (that it was not okay to
ship, but was okay to use), but maybe not.

If it's a problem to use OpenSSL (as compared to shipping OpenSSL), then
I guess here are a few options:

1. Get sagenb relicensed BSD (which may require work to rewrite mitel's
contributions, since we can't seem to contact him for relicensing
permission). Would this solve the issue?

2. Figure out some way to use openssl alternatives. This might be
harder, since twisted depends on openssl, for example, and python

Here is (yet another) page on this:

http://lwn.net/Articles/428111/
Post by Dr. David Kirkby
If you make it a requirement to use non-GPL code, which is not part of
the core of the operating system to run Sage, then I don't see how Sage
can be considered GPL any more.
What do you do if a system has the OpenSSL libraries, but they are too
old? Or if it has the libraries, but not the development headers?
Someone has already said the development headers don't come with Ubuntu.
Perhaps you can argue you don't actually link to the headers, so that is
ok. All seems a bit doggy to me.
I believe the license of Sage is very dubious at best, even in it's
current state. Unfortunately, the huge number of different "open source"
licenses seems to make this almost inevitable.
Has anyone ever tried getting the OpenSSL developers to release OpenSSL
under a GPL license, or perhaps dual license it, giving anyone the
choice to use whatever license they want.
From the above page:

aiui [as I understand it], the problem here is actually a former OpenSSL
hacker who has no interest (and, in fact, a positive interest against)
in changing the OpenSSL licensing. Most of the current OpenSSL hackers
don't have an issue with the change (again, aiui).
Post by Dr. David Kirkby
Would you consider Sage GPL if it needed to link to libraries written by
Wolfram Research for Mathematica?
Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-11 17:47:17 UTC
Permalink
IANAL but I find it hard to believe that simply having non-GPL-compatible
software as a dependency disqualifies us from releasing Sage under the GPL.
If that were true, surely it would be impossible to license Windows
programs under the GPL, as in order to run them you must first install
Microsoft Windows. No?

-Keshav

----
Join us in #sagemath on irc.freenode.net
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 17:55:29 UTC
Permalink
Post by Keshav Kini
IANAL but I find it hard to believe that simply having
non-GPL-compatible software as a dependency disqualifies us from
releasing Sage under the GPL. If that were true, surely it would be
impossible to license Windows programs under the GPL, as in order to run
them you must first install Microsoft Windows. No?
IIRC, the question is not so much distributing our source that just has
an import statement, but distributing binaries that we've compiled.

And remember, GPL has an exception that says you can link against system
libraries (see the page I posted earlier, or
http://people.gnome.org/~markmc/openssl-and-the-gpl.html). Win32
certainly is a system library. Different people believe different
things about OpenSSL being a system library. IIRC, FSF doesn't think it is.

Thanks,

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-11 18:04:38 UTC
Permalink
IIRC, the question is not so much distributing our source that just has an
import statement, but distributing binaries that we've compiled.
Right, of course... if we're talking about distributing binaries then
what I said goes out the window. And of course we should be talking
about distributing binaries, since... we distribute binaries...

Thanks! :)

-Keshav

----
Join us in #sagemath on irc.freenode.net !
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-11 20:51:20 UTC
Permalink
Post by Dr. David Kirkby
I believe the license of Sage is very dubious at best
I will say it more strongly: Sage *is* violating the GPL by distributing
GPLv3-only packages (such as cvxopt) under a GPLv2+ licence.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 20:54:07 UTC
Permalink
Post by Jeroen Demeyer
Post by Dr. David Kirkby
I believe the license of Sage is very dubious at best
I will say it more strongly: Sage *is* violating the GPL by distributing
GPLv3-only packages (such as cvxopt) under a GPLv2+ licence.
Sage is changing the license for packages? I thought the Sage
distribution was GPLv3 because of GPLv3 packages it included. Who said
the Sage distribution was GPLv2+?

Thanks,

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-11 20:59:06 UTC
Permalink
Post by Jeroen Demeyer
I will say it more strongly: Sage *is* violating the GPL by distributing
GPLv3-only packages (such as cvxopt) under a GPLv2+ licence.
Sage is changing the license for packages?  I thought the Sage distribution
was GPLv3 because of GPLv3 packages it included.  Who said the Sage
distribution was GPLv2+?
Post by Jeroen Demeyer
(2) Sage is GPLv3, which is a license that is perceived as very
corporate unfriendly by many of the top companies that do commercial
software.
Last I checked, Sage was GPLv2+. This is stated in COPYING.txt in the root
directory of the latest dev version, too (4.7.2.alpha3). Has something
changed?
The complete Sage distribution is GPLv3+. The core Sage library
(written in Python and Cython) is GPLv2+. However, many of the
components of Sage are GPLv3+.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 21:03:41 UTC
Permalink
The complete Sage distribution is GPLv3+. The core Sage library
(written in Python and Cython) is GPLv2+. However, many of the
components of Sage are GPLv3+.
I suppose if we are really shipping GPLv3-*only* components, then the
distribution isn't really GPLv3+. So I guess that's one thing to
clarify (i.e., are we?).

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-11 21:05:29 UTC
Permalink
Post by Jeroen Demeyer
I will say it more strongly: Sage *is* violating the GPL by distributing
GPLv3-only packages (such as cvxopt) under a GPLv2+ licence.
Sage is changing the license for packages? I thought the Sage distribution
was GPLv3 because of GPLv3 packages it included. Who said the Sage
distribution was GPLv2+?
Post by Jeroen Demeyer
(2) Sage is GPLv3, which is a license that is perceived as very
corporate unfriendly by many of the top companies that do commercial
software.
Last I checked, Sage was GPLv2+. This is stated in COPYING.txt in the root
directory of the latest dev version, too (4.7.2.alpha3). Has something
changed?
The complete Sage distribution is GPLv3+. The core Sage library
(written in Python and Cython) is GPLv2+. However, many of the
components of Sage are GPLv3+.
So I guess COPYING.txt should be updated then...

And Wikipedia (http://en.wikipedia.org/wiki/Sage_Math) also says:

Sage is free software, distributed under the terms of the GNU General
Public License version 2+.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-11 21:14:05 UTC
Permalink
Post by Jeroen Demeyer
So I guess COPYING.txt should be updated then...
Yes, IMO it should. See http://trac.sagemath.org/sage_trac/ticket/12447 .

-Keshav

----
Join us in #sagemath on irc.freenode.net !
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-13 10:17:02 UTC
Permalink
Sage is changing the license for packages? I thought the Sage
distribution was GPLv3 because of GPLv3 packages it included. Who said
the Sage distribution was GPLv2+?
Thanks,
Jason
We have numerous GPL version 2 only components too, so the truth is there is no
legal license for Sage.

To cut and past from the GPL2 in gfan

======================
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
=======================

Since some of packages will not have the "or later version" added into the
license, we can't distribute Sage as GPL 3 or even "GPL 2 or any later version",
since some of the components don't have the "or any later version".

IMHO, if you want to be totally legal, then you should not use Sage.

On the other hand, I personally don't see anything particularly immoral about
using Sage. I don't think the intenstion of the authors of the packages would be
to prevent their code being used in projects like Sage.

Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-13 11:18:30 UTC
Permalink
Post by Dr. David Kirkby
Since some of packages will not have the "or later version" added into
the license, we can't distribute Sage as GPL 3 or even "GPL 2 or any
later version", since some of the components don't have the "or any
later version".
Which packages are those? I thought we were being really careful to not
include any packages that were GPLv2 only in the base, standard
distribution of Sage?

Or are you just imagining that there probably is such a package?

Thanks,

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-13 11:35:46 UTC
Permalink
Post by Dr. David Kirkby
Since some of packages will not have the "or later version" added into
the license, we can't distribute Sage as GPL 3 or even "GPL 2 or any
later version", since some of the components don't have the "or any
later version".
Which packages are those? I thought we were being really careful to not
include any packages that were GPLv2 only in the base, standard
distribution of Sage?
Or are you just imagining that there probably is such a package?
Thanks,
Jason
First one I find is gfan. This is SPKG.txt:

= gfan =

== Description ==
From http://www.math.tu-berlin.de/~jensen/software/gfan/gfan.html:

Gfan is a software package for computing Groebner fans and tropical varieties.
These are polyhedral fans associated to polynomial ideals. The maximal cones
of a Groebner fan are in bijection with the marked reduced Groebner bases of
its defining ideal. The software computes all marked reduced Groebner bases of
an ideal. Their union is a universal Groebner basis. The tropical variety of a
polynomial ideal is a certain subcomplex of the Groebner fan. Gfan contains
algorithms for computing this complex for general ideals and specialized
algorithms for tropical curves, tropical hypersurfaces and tropical varieties
of prime ideals. In addition to the above core functions the package contains
many tools which are useful in the study of Groebner bases, initial ideals and
tropical geometry.

== License ==
* GPL v2


This is COPYING in the source.

***@hawk:~/sage-5.0.beta3/spkg/standard/gfan-0.4plus.p1$ more src/COPYING
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc.
675 Mass Ave, Cambridge, MA 02139, USA



Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
William Stein
2012-02-13 12:58:49 UTC
Permalink
On Mon, Feb 13, 2012 at 3:35 AM, Dr. David Kirkby
Post by Dr. David Kirkby
Post by Dr. David Kirkby
Since some of packages will not have the "or later version" added into
the license, we can't distribute Sage as GPL 3 or even "GPL 2 or any
later version", since some of the components don't have the "or any
later version".
Which packages are those? I thought we were being really careful to not
include any packages that were GPLv2 only in the base, standard
distribution of Sage?
Or are you just imagining that there probably is such a package?
Thanks,
Jason
gfan is GPLv2+.

I know the author of gfan personally; I don't remember for sure, but I
think got him to GPL it in the first place. All he did was take his
code and put the standard GPL "COPYING" file (which has the GPLv2
license in it) in the same directory, and include a LICENSE file that
says:

-------------
deep:src wstein$ more LICENSE
The Gfan software is distributed under the "GNU GENERAL PUBLIC
LICENSE" as described in the file "COPYING".
Ask the author if you want a more reasonable license.
-------------

Because the LICENSE file (and code) do not specifically state that the
program is GPLv2, one may use any version of the GPL license (>= 2).

I'm not comfortable with this statement: "IMHO, if you want to be
totally legal, then you should not use Sage." It seems like FUD that
ignores a ton of hard work that we have all done campaigning to get
licenses changed, sometimes choosing a much more difficult path
(regarding which libraries we use) just because of GPL versions, etc.

To the best of my knowledge there is not ** ONE SINGLE PACKAGE **
included with Sage that is licensed GPLv2 only. If this is not
actually the case, I really want to know about it. I believe that
Sage is 100% legally distributed and does not violate any copyright
statements at all.

That said, it would be good to change the line in *our* SPKG.txt for
gfan that says:

"== License ==
* GPL v2"

This line was added in 2010 by Alex Ghitza and positively reviewed by
Marshal Hampton. They claimed to be dealing with trac #3043 (from 4
years ago) which specifically asked for clarification of this. The
first comment on trac #3043 was by Michael Abshoff (who has actually
read the GPL) where he explained very clearly exactly how things work
with GPL, and that the software is GPLv2+. Then Alex seems to have
ignored or misinterpreted Michael's remark with "I would say that's
pretty clear"... since maybe he hasn't so closely read the GPL.

So please review: http://trac.sagemath.org/sage_trac/ticket/12504

-- William
Post by Dr. David Kirkby
= gfan =
== Description ==
Gfan is a software package for computing Groebner fans and tropical varieties.
These are polyhedral fans associated to polynomial ideals. The maximal cones
of a Groebner fan are in bijection with the marked reduced Groebner bases of
its defining ideal. The software computes all marked reduced Groebner bases of
an ideal. Their union is a universal Groebner basis. The tropical variety of a
polynomial ideal is a certain subcomplex of the Groebner fan. Gfan contains
algorithms for computing this complex for general ideals and specialized
algorithms for tropical curves, tropical hypersurfaces and tropical varieties
of prime ideals. In addition to the above core functions the package contains
many tools which are useful in the study of Groebner bases, initial ideals and
tropical geometry.
== License ==
 * GPL v2
This is COPYING in the source.
                   GNU GENERAL PUBLIC LICENSE
                      Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
                         675 Mass Ave, Cambridge, MA 02139, USA
Dave
--
To unsubscribe from this group, send an email to
For more options, visit this group at
http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
--
William Stein
Professor of Mathematics
University of Washington
http://wstein.org
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Burcin Erocal
2012-02-13 15:27:55 UTC
Permalink
On Mon, 13 Feb 2012 04:58:49 -0800
Post by William Stein
On Mon, Feb 13, 2012 at 3:35 AM, Dr. David Kirkby
Post by Dr. David Kirkby
Since some of packages will not have the "or later version" added
into the license, we can't distribute Sage as GPL 3 or even "GPL
2 or any later version", since some of the components don't have
the "or any later version".
Which packages are those? I thought we were being really careful
to not include any packages that were GPLv2 only in the base,
standard distribution of Sage?
Or are you just imagining that there probably is such a package?
Thanks,
Jason
gfan is GPLv2+.
I know the author of gfan personally; I don't remember for sure, but I
think got him to GPL it in the first place. All he did was take his
code and put the standard GPL "COPYING" file (which has the GPLv2
license in it) in the same directory, and include a LICENSE file that
-------------
deep:src wstein$ more LICENSE
The Gfan software is distributed under the "GNU GENERAL PUBLIC
LICENSE" as described in the file "COPYING".
Ask the author if you want a more reasonable license.
-------------
Because the LICENSE file (and code) do not specifically state that the
program is GPLv2, one may use any version of the GPL license (>= 2).
I asked Anders about the license off list before William's post. To
clarify this, he changed the LICENSE file to the following :

--------------
The Gfan software is distributed under the "GNU GENERAL PUBLIC LICENSE"
version 2 or any later version as described in the file "COPYING". Ask
the author if you want a more reasonable license.
--------------


This will be in a later release of gfan.

Cheers,
Burcin
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-13 15:42:27 UTC
Permalink
Post by William Stein
On Mon, Feb 13, 2012 at 3:35 AM, Dr. David Kirkby
Post by Dr. David Kirkby
Since some of packages will not have the "or later version" added into
the license, we can't distribute Sage as GPL 3 or even "GPL 2 or any
later version", since some of the components don't have the "or any
later version".
Which packages are those? I thought we were being really careful to not
include any packages that were GPLv2 only in the base, standard
distribution of Sage?
Or are you just imagining that there probably is such a package?
Thanks,
Jason
gfan is GPLv2+.
I know the author of gfan personally; I don't remember for sure, but I
think got him to GPL it in the first place. All he did was take his
code and put the standard GPL "COPYING" file (which has the GPLv2
license in it) in the same directory, and include a LICENSE file that
-------------
deep:src wstein$ more LICENSE
The Gfan software is distributed under the "GNU GENERAL PUBLIC
LICENSE" as described in the file "COPYING".
Ask the author if you want a more reasonable license.
-------------
But currently SPKG.txt and COPYING state version 2 only.

SPKG.txt for Mercurial states

"== License ==
* GNU General Public License version 2, or any later version
"

but the COPYING file does not state "or any later version". Some programs do
(like znpoly), but Mercurial does not. Nor does gfan - despite you say you know
different. Nor does the COPYING file in 'moin', though SPKG.txt says it is
"GPLv2+".
Post by William Stein
Because the LICENSE file (and code) do not specifically state that the
program is GPLv2, one may use any version of the GPL license (>= 2).
Note, that an author has to add the "or any later version" for it to become
applicable. Unless that is specifically stated, it you can't apply it.

iconv is GPL3 only.
Post by William Stein
I'm not comfortable with this statement: "IMHO, if you want to be
totally legal, then you should not use Sage." It seems like FUD that
ignores a ton of hard work that we have all done campaigning to get
licenses changed, sometimes choosing a much more difficult path
(regarding which libraries we use) just because of GPL versions, etc.
If you believe it is 100% legal that is fine. But I don't, and nor does Jeroen
Demeyer

http://groups.google.com/group/sage-devel/msg/078c738469cc5bbd
Post by William Stein
To the best of my knowledge there is not ** ONE SINGLE PACKAGE **
included with Sage that is licensed GPLv2 only.
Well, certainly there seems to be a lot of COPYING files that state they are GPL
version 2, with no mention of the "any later version" the license says one
should put if one wants to apply the license to later releases.
Post by William Stein
If this is not
actually the case, I really want to know about it. I believe that
Sage is 100% legally distributed and does not violate any copyright
statements at all.
You are welcome to your opinion. I just don't happen to agree with it.

Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
William Stein
2012-02-13 16:32:24 UTC
Permalink
On Mon, Feb 13, 2012 at 7:42 AM, Dr. David Kirkby
Post by Dr. David Kirkby
Post by William Stein
On Mon, Feb 13, 2012 at 3:35 AM, Dr. David Kirkby
Post by Dr. David Kirkby
Since some of packages will not have the "or later version" added into
the license, we can't distribute Sage as GPL 3 or even "GPL 2 or any
later version", since some of the components don't have the "or any
later version".
Which packages are those? I thought we were being really careful to not
include any packages that were GPLv2 only in the base, standard
distribution of Sage?
Or are you just imagining that there probably is such a package?
Thanks,
Jason
gfan is GPLv2+.
I know the author of gfan personally; I don't remember for sure, but I
think got him to GPL it in the first place.  All he did was take his
code and put the standard GPL "COPYING" file (which has the GPLv2
license in it) in the same directory, and include a LICENSE file that
-------------
deep:src wstein$ more LICENSE
The Gfan software is distributed under the "GNU GENERAL PUBLIC
LICENSE" as described in the file "COPYING".
Ask the author if you want a more reasonable license.
-------------
But currently SPKG.txt and COPYING state version 2 only.
SPKG.txt for Mercurial states
"== License ==
 * GNU General Public License version 2, or any later version
"
but the COPYING file does not state "or any later version". Some programs do (like znpoly), but Mercurial does not. Nor does gfan - despite you say you know different. Nor does the COPYING file in 'moin', though SPKG.txt says  it is "GPLv2+".
That does not matter.
Post by Dr. David Kirkby
Post by William Stein
Because the LICENSE file (and code) do not specifically state that the
program is GPLv2, one may use any version of the GPL license (>= 2).
Note, that an author has to add the "or any later version" for it to become applicable. Unless that is specifically stated, it you can't apply it.
I think you are just making that up.  From the GPL: "If the Program
does not specify a version number of this License, you may choose any
version ever published by the Free Software Foundation."
Post by Dr. David Kirkby
iconv is GPL3 only.
That's fine because GPL3 is GPLv2+ compatible. Remember your claim
is: "if you want to be totally legal, then you should not use Sage."
Post by Dr. David Kirkby
Post by William Stein
I'm not comfortable with this statement: "IMHO, if you want to be
totally legal, then you should not use Sage."  It seems like FUD that
ignores a ton of hard work that we have all done campaigning to get
licenses changed, sometimes choosing a much more difficult path
(regarding which libraries we use) just because of GPL versions, etc.
If you believe it is 100% legal that is fine. But I don't, and nor does Jeroen Demeyer
http://groups.google.com/group/sage-devel/msg/078c738469cc5bbd
There he says "I will say it more strongly: Sage *is* violating the
GPL by distributing
GPLv3-only packages (such as cvxopt) under a GPLv2+ licence. "

However, that again is irrelevant, because we are *not* distributing
cvxopt under a GPLv2+ license. I don't why anybody would think we
are. Why do you and Jereon think I am distributing Sage under a
GPLv2+ license?!?!

The only claim made in our COPYING file is this:

"Every component of Sage except jsmath is licensed under a GPL v2
(or later) compatible license."

The GPLv3-only license is compatible with GPLv2+, in the sense that
one can combine a GPLv2+ codebase with a GPLv3 codebase to create a
new program that is licensed under GPLv3. Obviously, as a combined
work, one must apply the GPLv3 license to the GPLv2+ codebase.
Post by Dr. David Kirkby
Post by William Stein
To the best of my knowledge there is not ** ONE SINGLE PACKAGE **
included with Sage that is licensed GPLv2 only.
Well, certainly there seems to be a lot of COPYING files that state they are GPL version 2, with no mention of the "any later version" the license says one should put if one wants to apply the license to later releases.
The COPYING file is from FSF. It looks like this. Maybe you should read it:

-------------------------------------------------------------------------------------------
$ cat COPYING
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
...
... If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
...
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
...
If this is what you want to do, use the GNU Library General
Public License instead of this License.
-------------------------------------------------------------------------------------------
Post by Dr. David Kirkby
Post by William Stein
If this is not
actually the case, I really want to know about it.   I believe that
Sage is 100% legally distributed and does not violate any copyright
statements at all.
You are welcome to your opinion. I just don't happen to agree with it.
I would be very appreciate if you could provide even a shred of
evidence that supports your opinion that: "IMHO, if you want to be
totally legal, then you should not use Sage." I know of absolutely no
copyright issues with the current Sage distribution. If I were aware
of any violations, I would address them ASAP.

-- William

--
William Stein
Professor of Mathematics
University of Washington
http://wstein.org
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-13 17:00:55 UTC
Permalink
Post by William Stein
On Mon, Feb 13, 2012 at 7:42 AM, Dr. David Kirkby
Post by Dr. David Kirkby
But currently SPKG.txt and COPYING state version 2 only.
SPKG.txt for Mercurial states
"== License ==
* GNU General Public License version 2, or any later version
"
but the COPYING file does not state "or any later version". Some programs do (like znpoly), but Mercurial does not. Nor does gfan - despite you say you know different. Nor does the COPYING file in 'moin', though SPKG.txt says it is "GPLv2+".
That does not matter.
Why does it not matter?
Post by William Stein
Post by Dr. David Kirkby
Note, that an author has to add the "or any later version" for it to become applicable. Unless that is specifically stated, it you can't apply it.
I think you are just making that up. From the GPL: "If the Program
does not specify a version number of this License, you may choose any
version ever published by the Free Software Foundation."
I'm not making it up.

If someone writes "This program is released under the GPL", and does not state a
version, then you are correct that you are able to apply any version you want.

However, if a version is stated, as it it with moinmoin, gfan, Mercurial, then
you can't just add the "any later" bit if you chose to.

Take Moinmoin for example. As that is currently in Sage, the license says at the
top:

GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

further down we read

Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

Clearly in this case moinmoin has

1) Stated a version (version 2, June 1991)
2) Has not stated "or any later version"
3) Has not just stated "the GPL" and not given a version.

In that case, it is just version 2. But other code is just version 3. The two
are incompatible.
Post by William Stein
I would be very appreciate if you could provide even a shred of
evidence that supports your opinion that: "IMHO, if you want to be
totally legal, then you should not use Sage." I know of absolutely no
copyright issues with the current Sage distribution. If I were aware
of any violations, I would address them ASAP.
I've provided more than a shred of evidence.

Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
William Stein
2012-02-13 17:11:05 UTC
Permalink
On Mon, Feb 13, 2012 at 9:00 AM, Dr. David Kirkby
Post by Dr. David Kirkby
Post by William Stein
On Mon, Feb 13, 2012 at 7:42 AM, Dr. David Kirkby
Post by Dr. David Kirkby
But currently SPKG.txt and COPYING state version 2 only.
SPKG.txt for Mercurial states
"== License ==
 * GNU General Public License version 2, or any later version
"
but the COPYING file does not state "or any later version". Some programs
do (like znpoly), but Mercurial does not. Nor does gfan - despite you say
you know different. Nor does the COPYING file in 'moin', though SPKG.txt
says  it is "GPLv2+".
That does not matter.
Why does it not matter?
Do you understand the following statement?: The COPYING file is
something provided by FSF. It is not modified by the author of the
code.
Post by Dr. David Kirkby
Post by William Stein
Post by Dr. David Kirkby
Note, that an author has to add the "or any later version" for it to
become applicable. Unless that is specifically stated, it you can't apply
it.
I think you are just making that up.  From the GPL: "If the Program
does not specify a version number of this License, you may choose any
version ever published by the Free Software Foundation."
I'm not making it up.
If someone writes "This program is released under the GPL", and does not
state a version, then you are correct that you are able to apply any version
you want.
However, if a version is stated, as it it with moinmoin, gfan, Mercurial,
then you can't just add the "any later" bit if you chose to.
Take Moinmoin for example. As that is currently in Sage, the license says at
Moinmoin is GPLv2+. The file moin-1.9.1.p2/src/moin/README says "This
program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or
(at your option) any later version."

They then include the file COPYING that is distributed by the FSF,
which you keep quoting from.
Post by Dr. David Kirkby
                   GNU GENERAL PUBLIC LICENSE
                      Version 2, June 1991
further down we read
Each version is given a distinguishing version number.  If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation.  If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
Clearly in this case moinmoin has
1) Stated a version (version 2, June 1991)
Nope.
Post by Dr. David Kirkby
2) Has not stated "or any later version"
Nop.e
Post by Dr. David Kirkby
3) Has not just stated "the GPL" and not given a version.
Nope.
Post by Dr. David Kirkby
In that case, it is just version 2. But other code is just version 3. The
two are incompatible.
Nope.
Post by Dr. David Kirkby
Post by William Stein
I would be very appreciate if you could provide even a shred of
evidence that supports your opinion that: "IMHO, if you want to be
totally legal, then you should not use Sage."  I know of absolutely no
copyright issues with the current Sage distribution.  If I were aware
of any violations, I would address them ASAP.
I've provided more than a shred of evidence.
Not a single shred.

Can you please read [1] very carefully, then reconsider your position?

[1] http://www.gnu.org/licenses/gpl-howto.html
Post by Dr. David Kirkby
Dave
--
To unsubscribe from this group, send an email to
For more options, visit this group at
http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
--
William Stein
Professor of Mathematics
University of Washington
http://wstein.org
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-13 17:19:09 UTC
Permalink
If I understand correctly, William's point is that simply placing a
copy of the GPL, with a version number attached or otherwise, with a
"or any later version" included or otherwise, in the program's source
code is not equivalent to a declaration of licensing under the GPL of
a particular version, even if said copy of the GPL specifies a
particular version of the GPL which said copy constitutes. Further,
Michael Abshoff's comment at
http://trac.sagemath.org/sage_trac/ticket/3043 is that the FSF's
interpretation of what license the software is under if it simply
includes some copy of the GPL in its source code but does not declare
itself to be under that license is that the software is under that GPL
copy's declared version and any later version, regardless of whether
the text "or any later version" appears in said copy of the GPL.

(Of course, I don't vouch for any of these statements - just trying to
clarify the discussion.)

-Keshav
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
William Stein
2012-02-13 17:42:35 UTC
Permalink
Post by Keshav Kini
If I understand correctly, William's point is that simply placing a
copy of the GPL, with a version number attached or otherwise, with a
"or any later version" included or otherwise, in the program's source
code is not equivalent to a declaration of licensing under the GPL of
a particular version, even if said copy of the GPL specifies a
particular version of the GPL which said copy constitutes. Further,
Michael Abshoff's comment at
http://trac.sagemath.org/sage_trac/ticket/3043 is that the FSF's
interpretation of what license the software is under if it simply
includes some copy of the GPL in its source code but does not declare
itself to be under that license is that the software is under that GPL
copy's declared version and any later version, regardless of whether
the text "or any later version" appears in said copy of the GPL.
(Of course, I don't vouch for any of these statements - just trying to
clarify the discussion.)
-Keshav
Wow, you actually *sounded* like a lawyer for a moment there!

-- William
Post by Keshav Kini
--
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
--
William Stein
Professor of Mathematics
University of Washington
http://wstein.org
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-13 20:34:40 UTC
Permalink
Post by Keshav Kini
If I understand correctly, William's point is that simply placing a
copy of the GPL, with a version number attached or otherwise, with a
"or any later version" included or otherwise, in the program's source
code is not equivalent to a declaration of licensing under the GPL of
a particular version, even if said copy of the GPL specifies a
particular version of the GPL which said copy constitutes. Further,
Michael Abshoff's comment at
http://trac.sagemath.org/sage_trac/ticket/3043 is that the FSF's
interpretation of what license the software is under if it simply
includes some copy of the GPL in its source code but does not declare
itself to be under that license is that the software is under that GPL
copy's declared version and any later version, regardless of whether
the text "or any later version" appears in said copy of the GPL.
(Of course, I don't vouch for any of these statements - just trying to
clarify the discussion.)
-Keshav
I can understand and agree with Alex's comments

=============================
Both the version of gfan that's currently in Sage (0.3) and the latest version
(0.4plus) have a file COPYING which is just the text of GPL version 2. I would
say that's pretty clear, and it should be in the file SPKG.txt.
=============================

I would interpret Alex as saying that's version 2, and only version 2.

I've no idea how Michael Abshoff can say the FSF consider that code is licensed
under version X+, even if you include a license with version X, and no comment
about later versions. That makes no sense to me, and I've no idea where Micheal
got that from. He has not provided any evidence to back up that dubious claim.

I think we could argue this all night. I for one think Sage is on dodgy ground
license-wise. Jeroen Demeyer is even more adamant there are legal issues.

William is happy.

Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Burcin Erocal
2012-02-13 21:18:08 UTC
Permalink
On Mon, 13 Feb 2012 20:34:40 +0000
Post by Dr. David Kirkby
Post by Keshav Kini
If I understand correctly, William's point is that simply placing a
copy of the GPL, with a version number attached or otherwise, with a
"or any later version" included or otherwise, in the program's
source code is not equivalent to a declaration of licensing under
the GPL of a particular version, even if said copy of the GPL
specifies a particular version of the GPL which said copy
constitutes. Further, Michael Abshoff's comment at
http://trac.sagemath.org/sage_trac/ticket/3043 is that the FSF's
interpretation of what license the software is under if it simply
includes some copy of the GPL in its source code but does not
declare itself to be under that license is that the software is
under that GPL copy's declared version and any later version,
regardless of whether the text "or any later version" appears in
said copy of the GPL.
(Of course, I don't vouch for any of these statements - just trying
to clarify the discussion.)
-Keshav
I can understand and agree with Alex's comments
=============================
Both the version of gfan that's currently in Sage (0.3) and the
latest version (0.4plus) have a file COPYING which is just the text
of GPL version 2. I would say that's pretty clear, and it should be
in the file SPKG.txt. =============================
I would interpret Alex as saying that's version 2, and only version 2.
I've no idea how Michael Abshoff can say the FSF consider that code
is licensed under version X+, even if you include a license with
version X, and no comment about later versions. That makes no sense
to me, and I've no idea where Micheal got that from. He has not
provided any evidence to back up that dubious claim.
See here for instance:

https://fedoraproject.org/wiki/Licensing/FAQ#How_do_I_figure_out_what_version_of_the_GPL.2FLGPL_my_package_is_under.3F

Quoting from item 4 in that answer:

If neither the source, nor the upstream composed documentation says
anything about the license version, then it could be under _ANY_
version of the GPL. The version listed in COPYING is irrelevant from
this perspective. Technically it could be under any license, but if
all we have to go by is COPYING, we'll use COPYING to imply that it
is under the GPL, all versions (GPL+).
Post by Dr. David Kirkby
I think we could argue this all night. I for one think Sage is on
dodgy ground license-wise. Jeroen Demeyer is even more adamant there
are legal issues.
William is happy.
IMHO, the tone on sage-devel has been deteriorating lately. Please try
not to contribute to the noise this way. Several people have tried to
give helpful responses to your initial claim. Repeating the same point
over and over without looking anything up is not productive.

On Mon, 13 Feb 2012 15:42:27 +0000
Post by Dr. David Kirkby
But currently SPKG.txt and COPYING state version 2 only.
SPKG.txt for Mercurial states
"== License ==
* GNU General Public License version 2, or any later version
"
but the COPYING file does not state "or any later version". Some
programs do (like znpoly), but Mercurial does not. Nor does gfan -
despite you say you know different. Nor does the COPYING file in
'moin', though SPKG.txt says it is "GPLv2+".
Mercurial source code clearly states GPLv2+. They also have it on
their web site:

http://mercurial.selenic.com/wiki/License

Same for moinmoin:

http://moinmo.in/GPL


Cheers,
Burcin
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-14 19:30:39 UTC
Permalink
Post by William Stein
"Every component of Sage except jsmath is licensed under a GPL v2
(or later) compatible license."
At the very least, this is confusing wording. I interpreted this as a
claim that all code in Sage could be released under the GPL v2. Reading
http://www.gnu.org/licenses/gpl-faq.html#WhatIsCompatible it is clear
this was a mis-interpretation.

I also think that the fact that the sentence quoted above is irrelevant,
since compatibility is not transitive: you could have A and B
compatible, A and C compatible, but not B and C compatible.

Nowhere in COPYING.txt it is claimed that Sage (as a whole) is released
under GPLv3.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
William Stein
2012-02-13 16:42:46 UTC
Permalink
Post by Jeroen Demeyer
Post by Dr. David Kirkby
I believe the license of Sage is very dubious at best
I will say it more strongly: Sage *is* violating the GPL by distributing
GPLv3-only packages (such as cvxopt) under a GPLv2+ licence.
1. Distributing GPLv3-only packages would not violate the GPL (as I
explained elsewhere a few minutes ago).

2. cvxopt is *NOT* GPLv3-only licensed. The license is GPLv3+.

-- William
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Dr. David Kirkby
2012-02-11 19:44:51 UTC
Permalink
Post by Jason Grout
So I'd support adding openssl-dev as a requirement of Sage.
That probably means a lot more users would need to be root to install Sage,
since if the development headers are not present, they would have a bit of a
problem.

I believe also OpenSSL does not exactly have a great reputation for backwards
compatibility, with it sometimes being necessary to have specific versions.

See
http://linuxtesting.org/upstream-tracker/versions/openssl.html

or see

http://rs79.vrx.net/interests/computers/sw/openssl/

where it says:

"Openssl 0.96 and 0.97 are not backward compatible. If you have an ancient
version of 0.9.6 you should install the last good version of 0.9.6. Otherwise
you have to recompile things like Apache to know about 0.9.7."


I've never followed the development closely, or had any particular interest in
OpenSSL, but to me at least it would be a bad decision to insist on OpenSSL,
whilst trying to keep other Sage goals (GPL, non-root builds etc).


Dave
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Volker Braun
2012-02-11 20:12:52 UTC
Permalink
If you want to compile the flask notebook then I think we should recommend
installing openssl-dev but not require it. So on machines without ssl it'll
just build without ssl support, easy.

For distributed binaries we don't need ssl headers, only ssl libraries. Its
fine (by most legal opinions) to distribute binaries that link to ssl on
OS'es that ship with openssl.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-11 20:19:17 UTC
Permalink
Post by Volker Braun
If you want to compile the flask notebook then I think we should recommend
installing openssl-dev but not require it. So on machines without ssl it'll
just build without ssl support, easy.
So you are suggesting that the openssl support be automatically
removed if the libssl-dev is missing, when somebody tries to compile?
Or are you suggesting specific instructions in the readme on how to
compile without Openssl support?
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Volker Braun
2012-02-11 21:14:32 UTC
Permalink
Post by Jonathan
So you are suggesting that the openssl support be automatically
removed if the libssl-dev is missing, when somebody tries to compile?
Yes. That is exactly what Python already does, the _ssl module isn't built
if the headers are missing.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 21:18:29 UTC
Permalink
Post by Jonathan
So you are suggesting that the openssl support be automatically
removed if the libssl-dev is missing, when somebody tries to compile?
Yes. That is exactly what Python already does, the _ssl module isn't
built if the headers are missing.
That sounds reasonable. I *think* OpenSSL is also a requirement for
OpenID, so they'd lose that as well.

So exactly what error happens when you try to install sagenb on a system
with the headers? I assume we need to work around that, and then just
check `import ssl` when we try to turn on OpenID or something else that
requires ssl.

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-11 21:41:18 UTC
Permalink
That sounds reasonable.  I *think* OpenSSL is also a requirement for
OpenID, so they'd lose that as well.
So exactly what error happens when you try to install sagenb on a system
with the headers?  I assume we need to work around that, and then just
check `import ssl` when we try to turn on OpenID or something else that
requires ssl.
Processing pyOpenSSL-0.13.tar.gz
Running pyOpenSSL-0.13/setup.py -q bdist_egg --dist-dir /tmp/
easy_install-pWFAnl/pyOpenSSL-0.13/egg-dist-tmp-4xiQaN
warning: no previously-included files matching '*.pyc' found anywhere
in distribution
In file included from OpenSSL/crypto/crypto.h:30:0,
from OpenSSL/crypto/crypto.c:16:
OpenSSL/crypto/x509.h:17:25: fatal error: openssl/ssl.h: No such file
or directory
compilation terminated.
error: Setup script exited with error: command 'gcc' failed with exit
status 1
Error installing pyOpenSSL-0.13.tar.gz.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 21:46:14 UTC
Permalink
Post by Jonathan
Post by Jason Grout
That sounds reasonable. I *think* OpenSSL is also a requirement for
OpenID, so they'd lose that as well.
So exactly what error happens when you try to install sagenb on a system
with the headers? I assume we need to work around that, and then just
check `import ssl` when we try to turn on OpenID or something else that
requires ssl.
Processing pyOpenSSL-0.13.tar.gz
Running pyOpenSSL-0.13/setup.py -q bdist_egg --dist-dir /tmp/
easy_install-pWFAnl/pyOpenSSL-0.13/egg-dist-tmp-4xiQaN
warning: no previously-included files matching '*.pyc' found anywhere
in distribution
In file included from OpenSSL/crypto/crypto.h:30:0,
OpenSSL/crypto/x509.h:17:25: fatal error: openssl/ssl.h: No such file
or directory
compilation terminated.
error: Setup script exited with error: command 'gcc' failed with exit
status 1
Error installing pyOpenSSL-0.13.tar.gz.
Okay, so it's a dependency of pyOpenSSL. I believe that is needed for
the OpenID stuff as well as twisted. So we'll just need to catch those
installation failures and print appropriate explanatory messages
('install the OpenSSL headers and reinstall the spkg').

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 20:27:41 UTC
Permalink
Post by Volker Braun
If you want to compile the flask notebook then I think we should
recommend installing openssl-dev but not require it. So on machines
without ssl it'll just build without ssl support, easy.
For distributed binaries we don't need ssl headers, only ssl libraries.
Its fine (by most legal opinions) to distribute binaries that link to
ssl on OS'es that ship with openssl.
(Disclaimer: I have never used the notebook.)

When ruby became popular for web apps, there was a similar problem. All
of the existing application servers sucked, so new ones popped up just
to run rails.

Rather than build SSL support into the application servers, everyone
deployed apache or nginx as an SSL proxy in front of them. Could this
work for the sage notebook?

The notebook would always run on e.g. localhost:8080 unencrypted,
without linking to OpenSSL. If someone wants to make his notebook server
public, he downloads nginx/apache and a tiny config file that proxies
0.0.0.0:8080 to localhost:8080, possibly using SSL.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-11 20:48:15 UTC
Permalink
Post by Michael Orlitzky
Rather than build SSL support into the application servers, everyone
deployed apache or nginx as an SSL proxy in front of them. Could this work
for the sage notebook?
The notebook would always run on e.g. localhost:8080 unencrypted, without
linking to OpenSSL. If someone wants to make his notebook server public, he
downloads nginx/apache and a tiny config file that proxies 0.0.0.0:8080 to
localhost:8080, possibly using SSL.
This sounds good to me. William was also musing about whether
out-of-the-box SSL support in the notebook was really that important,
a while ago: https://groups.google.com/d/topic/sage-devel/Jl11JxIb2E8/discussion
. IMO we can extend that reasoning to whether SSL support in the
notebook is really that important at all, out-of-the-box or otherwise.
As long as we provide instructions on how to use nginx as a backend to
provide SSL, we're not really losing functionality, just increasing
inconvenience a bit for those who want to use SSL.

-Keshav

----
Join us in #sagemath on irc.freenode.net !
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 21:05:26 UTC
Permalink
Post by Keshav Kini
As long as we provide instructions on how to use nginx as a backend to
provide SSL, we're not really losing functionality, just increasing
inconvenience a bit for those who want to use SSL.
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 21:11:44 UTC
Permalink
Post by Michael Orlitzky
Post by Keshav Kini
As long as we provide instructions on how to use nginx as a backend to
provide SSL, we're not really losing functionality, just increasing
inconvenience a bit for those who want to use SSL.
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
The sage tarball is licensed GPLv3(+?), so I think the same problem is
there.

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 21:36:33 UTC
Permalink
Post by Jason Grout
Post by Michael Orlitzky
Post by Keshav Kini
As long as we provide instructions on how to use nginx as a backend to
provide SSL, we're not really losing functionality, just increasing
inconvenience a bit for those who want to use SSL.
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
The sage tarball is licensed GPLv3(+?), so I think the same problem is
there.
A tarball isn't really licensed, the code is. Is shipping
sage+apache.tar really different than sage.tar and apache.tar when they
contain exactly the same files?
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jason Grout
2012-02-11 21:39:25 UTC
Permalink
Post by Michael Orlitzky
Post by Jason Grout
Post by Michael Orlitzky
Post by Keshav Kini
As long as we provide instructions on how to use nginx as a backend to
provide SSL, we're not really losing functionality, just increasing
inconvenience a bit for those who want to use SSL.
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
The sage tarball is licensed GPLv3(+?), so I think the same problem is
there.
A tarball isn't really licensed, the code is. Is shipping
sage+apache.tar really different than sage.tar and apache.tar when they
contain exactly the same files?
The GPL extends to cover all code shipped together, IIRC. So it is
different, in my understanding.

Jason
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 21:42:10 UTC
Permalink
Post by Jason Grout
The GPL extends to cover all code shipped together, IIRC. So it is
different, in my understanding.
That's fine. I don't think any of us are lawyers, thank god, so like I
said in my response to Jeroen we could make it a separate tarball and
still accomplishing the goal.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-11 21:12:00 UTC
Permalink
Post by Michael Orlitzky
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
Why not directly link to OpenSSL then? If you require people to have
OpenSSL for apache/nginx, you might as well skip the extra step of
apache/nginx.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Julien Puydt
2012-02-11 21:21:10 UTC
Permalink
Post by Jeroen Demeyer
Post by Michael Orlitzky
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage
tarball.
Why not directly link to OpenSSL then? If you require people to have
OpenSSL for apache/nginx, you might as well skip the extra step of
apache/nginx.
This isn't the same situation at all!

If you link to it, you need to have compatible licences -- and they're
not compatible.

If you make them just work together if they happen to be on the same
box, you're using them as intended, and there is no licence issue since
the notebook works independantly of openssl!

Snark on #sagemath
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-11 21:25:02 UTC
Permalink
Post by Julien Puydt
Post by Michael Orlitzky
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
Why not directly link to OpenSSL then?  If you require people to have
OpenSSL for apache/nginx, you might as well skip the extra step of
apache/nginx.
This isn't the same situation at all!
If you link to it, you need to have compatible licences -- and they're
not compatible.
If you make them just work together if they happen to be on the same
box, you're using them as intended, and there is no licence issue since
the notebook works independantly of openssl!
Yes, but Michael said "distributing apache/nginx linked against
OpenSSL in the sage tarball", which is what Jeroen was responding to.

-Keshav

----
Join us in #sagemath on irc.freenode.net !
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Julien Puydt
2012-02-11 21:55:00 UTC
Permalink
Post by Keshav Kini
Yes, but Michael said "distributing apache/nginx linked against
OpenSSL in the sage tarball", which is what Jeroen was responding to.
Putting them in the same archive isn't a problem, or distributions
would have problem.

The licences cover derived works as far as I know, which isn't the case
by just putting together.

Snark on #sagemath
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-11 23:10:19 UTC
Permalink
Post by Julien Puydt
Post by Jeroen Demeyer
Post by Michael Orlitzky
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage
tarball.
Why not directly link to OpenSSL then? If you require people to have
OpenSSL for apache/nginx, you might as well skip the extra step of
apache/nginx.
This isn't the same situation at all!
I think it pretty much *is* the same situation license-wise. You are
just replacing the non-GPL openSSL by the non-GPL apache. But I am not
a lawyer, so I won't bother discussing this further.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Volker Braun
2012-02-11 23:21:58 UTC
Permalink
Post by Jeroen Demeyer
You are
just replacing the non-GPL openSSL by the non-GPL apache. But I am not
a lawyer, so I won't bother discussing this further.
Apache licence v2 is compatible with GPL v3, so its very different (and not
a problem).
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-11 23:27:40 UTC
Permalink
Post by Jeroen Demeyer
You are
just replacing the non-GPL openSSL by the non-GPL apache. But I am not
a lawyer, so I won't bother discussing this further.
Apache licence v2 is compatible with GPL v3, so its very different (and
not a problem).
Surely, mod_ssl can't be GPL licensed, given all the discussion we had here.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 23:27:15 UTC
Permalink
Post by Jeroen Demeyer
I think it pretty much *is* the same situation license-wise. You are
just replacing the non-GPL openSSL by the non-GPL apache.
Precisely. We would have to link to OpenSSL though, whereas we
communicate with apache over a TCP/IP connection.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Julien Puydt
2012-02-11 23:28:31 UTC
Permalink
Post by Jeroen Demeyer
Post by Julien Puydt
Post by Jeroen Demeyer
Post by Michael Orlitzky
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
Why not directly link to OpenSSL then? If you require people to
have OpenSSL for apache/nginx, you might as well skip the extra
step of apache/nginx.
This isn't the same situation at all!
I think it pretty much *is* the same situation license-wise. You are
just replacing the non-GPL openSSL by the non-GPL apache. But I am
not a lawyer, so I won't bother discussing this further.
I'm not a lawyer either, but as far as I know it isn't a problem to
connect a browser under any licence to a server under any licence...

Snark on #sagemath
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 21:38:54 UTC
Permalink
Post by Jeroen Demeyer
Post by Michael Orlitzky
It could even work out of the box. There shouldn't be a problem
distributing apache/nginx linked against OpenSSL in the sage tarball.
Why not directly link to OpenSSL then? If you require people to have
OpenSSL for apache/nginx, you might as well skip the extra step of
apache/nginx.
I'm saying we'd build a static apache/nginx, and bundle that with
sage-x.x.tar.

If that makes people uneasy, we could make it a separate tarball.

We don't want any of the sage stuff linked with OpenSSL, but we don't
care if apache/nginx are linked to it, since that doesn't affect sage.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-11 21:37:16 UTC
Permalink
Making Sage work well with a proxy is no simple matter. I run a
number of web sites where we proxy through Apache to get SSL and
generally more robust web services facing the outside world. For this
to work well your backend needs to be proxy aware, or the proxy has to
know a lot about the backend and do deep rewriting of js and css. The
backend that is probably most applicable to Sage is the Plone CMS,
which is written in python and uses a package called
VirtualHostMonster to handle getting proper URLs in things that go
through a proxy. This does work well, but might be difficult to get
working in the Sage notebook. There is also a significant learning
curve associated with setting up these proxys even with
VirtualHostMonster.

This is not easy. I put Sage behind an SSL proxy and had significant
problems. I found it better to serve SSL directly from Sage.

Jonathan
Post by Keshav Kini
Post by Michael Orlitzky
Rather than build SSL support into the application servers, everyone
deployed apache or nginx as an SSL proxy in front of them. Could this work
for the sage notebook?
The notebook would always run on e.g. localhost:8080 unencrypted, without
linking to OpenSSL. If someone wants to make his notebook server public, he
downloads nginx/apache and a tiny config file that proxies 0.0.0.0:8080 to
localhost:8080, possibly using SSL.
This sounds good to me. William was also musing about whether
out-of-the-box SSL support in the notebook was really that important,
a while ago:https://groups.google.com/d/topic/sage-devel/Jl11JxIb2E8/discussion
. IMO we can extend that reasoning to whether SSL support in the
notebook is really that important at all, out-of-the-box or otherwise.
As long as we provide instructions on how to use nginx as a backend to
provide SSL, we're not really losing functionality, just increasing
inconvenience a bit for those who want to use SSL.
-Keshav
----
Join us in #sagemath on irc.freenode.net !
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-11 22:04:47 UTC
Permalink
Post by Jonathan
Making Sage work well with a proxy is no simple matter. I run a
number of web sites where we proxy through Apache to get SSL and
generally more robust web services facing the outside world. For this
to work well your backend needs to be proxy aware, or the proxy has to
know a lot about the backend and do deep rewriting of js and css. The
backend that is probably most applicable to Sage is the Plone CMS,
which is written in python and uses a package called
VirtualHostMonster to handle getting proper URLs in things that go
through a proxy. This does work well, but might be difficult to get
working in the Sage notebook. There is also a significant learning
curve associated with setting up these proxys even with
VirtualHostMonster.
I was being loose with the terminology; the type of proxy I was
referring to is called a reverse proxy.

You can do fancier stuff (like load balancing) with them, but
essentially, *this* reverse proxy would just send data back and forth
unaltered between the sage notebook and a web browser.

Forward proxies are another beast.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-12 02:30:21 UTC
Permalink
This does not work cleanly with Sage because the css and js refer to
each other and the paths aren't just simple relative paths. You need
to run mod_proxy_html and rewrite css, js and some of the html pages
on the fly. At least that was my experience when trying to have ssl
in front. I never tried using it for straight unencrypted reverse
proxy, which in my experience is a little easier.
Post by Michael Orlitzky
Making Sage work well with a proxy is no simple matter.  I run a
number of web sites where we proxy through Apache to get SSL and
generally more robust web services facing the outside world.  For this
to work well your backend needs to be proxy aware, or the proxy has to
know a lot about the backend and do deep rewriting of js and css.  The
backend that is probably most applicable to Sage is the Plone CMS,
which is written in python and uses a package called
VirtualHostMonster to handle getting proper URLs in things that go
through a proxy.  This does work well, but might be difficult to get
working in the Sage notebook.  There is also a significant learning
curve associated with setting up these proxys even with
VirtualHostMonster.
I was being loose with the terminology; the type of proxy I was
referring to is called a reverse proxy.
You can do fancier stuff (like load balancing) with them, but
essentially, *this* reverse proxy would just send data back and forth
unaltered between the sage notebook and a web browser.
Forward proxies are another beast.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-12 09:00:43 UTC
Permalink
Post by Jonathan
This does not work cleanly with Sage because the css and js refer to
each other and the paths aren't just simple relative paths. You need
to run mod_proxy_html and rewrite css, js and some of the html pages
on the fly.
No, you don't. I am currently doing this on our UGent Sage server:
serving Sage though a reverse proxy using Apache, and didn't encounter
any of these problems. I am not using SSL, but I don't see how that
could matter.

The *only* problem I found was the URL displayed when you publish a
worksheet which is wrong.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-12 14:49:07 UTC
Permalink
On 2012-02-12 03:30, Jonathan wrote:> This does not work cleanly with Sage because the css and js
The *only* problem I found was the URL displayed when you publish a
worksheet which is wrong.
I also found problems with URLs necessary for Jmol to work and css
related to some of the jquery-ui tools. I haven't tried this in a
while, but I seem to recall issues with the administration settings
pages as well. For the most part https to http and http to http
proxies work the same, but there are issues with some header
encryption and stuff like that. I don't recall whether I got as far
as checking those things when trying to proxy Sage. I think I ran
into trouble with the stuff that didn't work with a simple http to
http proxy and stopped.

Jonathan
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-12 15:54:34 UTC
Permalink
I found my notes on proxying Sage. If you set up Sage as the root of
your server (ie proxy "/" to Sage) most of the paths are correct (not
all, but most). If you have a server like mine that has legacy pages
at "/" you have to proxy something else to Sage (for example "/
Sage"). Anyway, this does not work because paths in Sage to icons,
css and js were (and I believe still are) all relative to "/". This
means almost nothing works without deep rewriting. Relative paths are
much easier to proxy, but are more of a security risk. I think the
ideal would be to make Sage proxy aware using VirtualHostMonster.
Then all pages would be served with all links being complete well
formed http or https addresses. I'm still not sure about proxying
applets, but think that could be worked out.

In the meantime as the SSL directly from Sage works, I think people
can use that and just have to link to OpenSSL as a system service.

Jonathan
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jeroen Demeyer
2012-02-12 20:40:46 UTC
Permalink
Post by Jonathan
I found my notes on proxying Sage. If you set up Sage as the root of
your server (ie proxy "/" to Sage) most of the paths are correct (not
all, but most).
Yes, this is my situation.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-13 01:04:04 UTC
Permalink
Post by Jonathan
I found my notes on proxying Sage. If you set up Sage as the root of
your server (ie proxy "/" to Sage) most of the paths are correct (not
all, but most). If you have a server like mine that has legacy pages
at "/" you have to proxy something else to Sage (for example "/
Sage").
I see what you mean now. The notebook assumes it's running in the
virtual host's document root. This isn't too hard to fix; you could set
up a subdomain (sagenb.math.example.edu) or just use another port.

The problem is that these,

return RedirectResponse('/home/' + W.filename())

should really be,

return RedirectResponse(basepath + 'home/' + W.filename())

This is a valid issue for sure, but there's a notebook rewrite coming
Real Soon Now, so I don't know the best place to report it.

If anyone is seriously interested in the reverse proxy solution, I can
make sure that it works with the new notebook.
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Keshav Kini
2012-02-13 01:39:12 UTC
Permalink
Please report issues for the new notebook at
http://github.com/sagemath/sagenb ! Thanks :)

achtung: sent from phone, possibly unduly terse

On Feb 13, 2012 9:04 AM, "Michael Orlitzky" <***@orlitzky.com> wrote:

On 02/12/2012 10:54 AM, Jonathan wrote: > > I found my notes on proxying
Sage. If you set up Sage a...
I see what you mean now. The notebook assumes it's running in the virtual
host's document root. This isn't too hard to fix; you could set up a
subdomain (sagenb.math.example.edu) or just use another port.

The problem is that these,

return RedirectResponse('/home/' + W.filename())

should really be,

return RedirectResponse(basepath + 'home/' + W.filename())

This is a valid issue for sure, but there's a notebook rewrite coming Real
Soon Now, so I don't know the best place to report it.

If anyone is seriously interested in the reverse proxy solution, I can make
sure that it works with the new notebook.

-- To post to this group, send an email to sage-***@googlegroups.com To
unsubscribe from this g...
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Michael Orlitzky
2012-02-13 15:41:05 UTC
Permalink
Post by Keshav Kini
Please report issues for the new notebook at
http://github.com/sagemath/sagenb ! Thanks :)
Thanks, I made this issue #38:

https://github.com/sagemath/sagenb/issues/38
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Jonathan
2012-02-14 04:26:42 UTC
Permalink
Post by Michael Orlitzky
If anyone is seriously interested in the reverse proxy solution, I can
make sure that it works with the new notebook.
Yes please! A reverse proxy would be by far the best way to run Sage
securely and would integrate better on machines serving other stuff as
well.

Jonathan
--
To post to this group, send an email to sage-***@googlegroups.com
To unsubscribe from this group, send an email to sage-devel+***@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
Continue reading on narkive:
Loading...