On Saturday, March 15, 2014 17:17:09 Dennis Peterson wrote: > On 3/12/14, 12:13:53PM, Scott Kitterman wrote: > > http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependen > > cy-to-clamav/ > > > > I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding > > the dependency is fine from a technical perspective, but there is, at > > least currently, a licensing concern. The OpenSSL license is not GPL > > compatible and the policy in Debian/Ubuntu is that OpenSSL is not covered > > by the GPL system library exception. > > > > There is a good discussion of it here: > > > > https://people.gnome.org/~markmc/openssl-and-the-gpl.html > > > > > > This is easy enough to fix. Just make sure when you do the release that > > adds the dependency, you also allow an exception to allow it to be linked > > against > > OpenSSL, despite it's license being GPL incompatible. Something like:
> Some packagers already don't distribute ClamAV with RAR support for this > reason. I'm one of them. I wonder if the Cisco/Snort/Clamav people know > there's a limit to how far you can go with this before we drop the > product and go with a commercial version. Tongue in cheek - I think that > is the end game. Debian/Ubuntu do not have RAR support built in. The code for RAR checking is separately distributed through the associated non-free repositories. That's less of a problem than GPL + OpenSSL without the exception. Without the GPL exception, then the resulting binary isn't distributable (Based on our interpretation of the system library exception for the GPL). As I understand it, Fedora has a different interpretation, so it might not disappear from all distros, but getting the exception included is essential for us. Scott K _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
