On Tuesday, March 18, 2014 13:51:46 Lawrence K. Chen, P.Eng. wrote: > On 03/12/14 14:13, Scott Kitterman wrote: > > http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependen > > cy-to-clamav/ > > > > I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding > > the dependency is fine from a technical perspective, but there is, at > > least currently, a licensing concern. The OpenSSL license is not GPL > > compatible and the policy in Debian/Ubuntu is that OpenSSL is not covered > > by the GPL system library exception. > > > > There is a good discussion of it here: > > > > https://people.gnome.org/~markmc/openssl-and-the-gpl.html > > Sounds funny to me that it says "A much safer option is to use either the > GNU TLS or Mozilla NSS library." > > Recently there was an update to gnutls3, which has a new dependency for > libunbound.so. Where to install the unbound package, there is a dependency > for OpenSSL-1.0.1f. Which I don't want getting installed on my system, so > I deleted the (one) package that had introduced gnutls3.... > > All the other packages that want gnutls use the 2.x version.
Safer legally maybe, but just adding the exception is easy enough for avoidance of doubt about intent. I hope they'll do it here. Scott K _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
