On 3/12/14, 12:13:53PM, Scott Kitterman wrote:
http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/
I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding the
dependency is fine from a technical perspective, but there is, at least
currently, a licensing concern. The OpenSSL license is not GPL compatible and
the policy in Debian/Ubuntu is that OpenSSL is not covered by the GPL system
library exception.
There is a good discussion of it here:
https://people.gnome.org/~markmc/openssl-and-the-gpl.html
This is easy enough to fix. Just make sure when you do the release that adds
the dependency, you also allow an exception to allow it to be linked against
OpenSSL, despite it's license being GPL incompatible. Something like:
Some packagers already don't distribute ClamAV with RAR support for this
reason. I'm one of them. I wonder if the Cisco/Snort/Clamav people know
there's a limit to how far you can go with this before we drop the
product and go with a commercial version. Tongue in cheek - I think that
is the end game.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
