Vagrant Cascadian <vagr...@debian.org> skribis: > On 2019-03-08, Ludovic Courtès wrote: >> Vagrant Cascadian <vagr...@debian.org> skribis: >>> I'm not sure where it would be appropriate to add more comments >>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to >>> propose adding one of the u-boot targets that requires it, they might >>> just go ahead and re-add the openssl input... >> >> There’s always a risk. I guess we’ll have to be careful when doing >> reviews. > > Sure. I was thinking maybe putting a comment in the native-inputs where > "openssl" was removed, but wasn't sure what the conventions might be.
Yeah that would have worked I guess. >> In addition, we can add a ‘lint’ checker for this case, WDYT? > > Does the lint checker have a way to identify a confidence level, > e.g. *maybe* it has this issue vs. *certainly*? Is there a way to > override the lint checker issues for known false positives? Otherwise, > it might just be annoying noise for packagers where it isn't > appropriate. No it doesn’t have that notion of a confidence level. The warning could be triggered only when a package is GPL’d and has a direct dependency on OpenSSL (we’d forget about indirect dependencies in this case.) The noise would be rather limited and justified in this case, I think. WDYT? Thanks, Ludo’.
