http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/
I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding the dependency is fine from a technical perspective, but there is, at least currently, a licensing concern. The OpenSSL license is not GPL compatible and the policy in Debian/Ubuntu is that OpenSSL is not covered by the GPL system library exception. There is a good discussion of it here: https://people.gnome.org/~markmc/openssl-and-the-gpl.html This is easy enough to fix. Just make sure when you do the release that adds the dependency, you also allow an exception to allow it to be linked against OpenSSL, despite it's license being GPL incompatible. Something like: * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the * OpenSSL library under certain conditions as described in each * individual source file, and distribute linked combinations * including the two. * You must obey the GNU General Public License in all respects * for all of the code used other than OpenSSL. If you modify * file(s) with this exception, you may extend this exception to your * version of the file(s), but you are not obligated to do so. If you * do not wish to do so, delete this exception statement from your * version. If you delete this exception statement from all source * files in the program, then also delete it here. Scott K _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
