On Fri, 10 Sep 2010 10:48:25 -0400 jor...@linuxgen.com wrote: [...] > Luca, > > It seems I forgot to CC the bug report as well as Ola on this email. I will > be including debina-legal > on this one as well, as IANAL. > > Thank you for including the exception in your license. There is still a > problem however. [...] > Do you mind re-releasing this tarball provided that debian-legal does not > chime in and > tell us it is not required?
I am not sure a re-release is really needed, but I'll leave that for other debian-legal regulars to comment on. It seems to me that there's another problem, though! It looks like ntop links with other libraries, some of which appear to be released under the terms of the GNU GPL. At a first glance (by looking at the package dependencies only, an ldd check is encouraged), I spotted http://packages.debian.org/sid/libgdbm3 and maybe http://packages.debian.org/sid/libfreetype6 (which is dual-licensed under the GPL and a custom license, I still have to check the latter license and see if it is compatible with OpenSSL...) If all this is confirmed, I would say that adding an OpenSSL linking exception to ntop is not enough to solve the compatibility issue between ntop and OpenSSL. It seems to me that the same linking exception is needed for the linked GPL'ed libraries, as well, and should obviously be asked to their copyright holders. As a side note, libgdbm3 is copyrighted by the FSF: I guess an OpenSSL linking exception will be difficult to obtain for that library... In summary, I think the best way to solve this issue is porting ntop to GNUTLS. -- http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html Need some pdebuild hook scripts? ..................................................... Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgp6nILfBkJJq.pgp
Description: PGP signature
