On Fri, Sep 10, 2010 at 10:55:16PM +0200, Francesco Poli wrote: > I am not sure a re-release is really needed, but I'll leave that for > other debian-legal regulars to comment on. > > It seems to me that there's another problem, though! > > It looks like ntop links with other libraries, some of which appear to > be released under the terms of the GNU GPL. > At a first glance (by looking at the package dependencies only, an ldd > check is encouraged), I spotted > http://packages.debian.org/sid/libgdbm3 > and maybe > http://packages.debian.org/sid/libfreetype6 > (which is dual-licensed under the GPL and a custom license, I still > have to check the latter license and see if it is compatible with > OpenSSL...) > > If all this is confirmed, I would say that adding an OpenSSL linking > exception to ntop is not enough to solve the compatibility issue > between ntop and OpenSSL. > It seems to me that the same linking exception is needed for the linked > GPL'ed libraries, as well, and should obviously be asked to their > copyright holders. > > As a side note, libgdbm3 is copyrighted by the FSF: I guess an OpenSSL > linking exception will be difficult to obtain for that library... > > > In summary, I think the best way to solve this issue is porting ntop to > GNUTLS.
At this point I am inclined to aggree. I think that SSL support should be removed from squeeze's version of ntop. I will work on porting GNUTLS for squeeze+1. Thank you for your insight Francesco. Regards, Jordan Metzmeier
signature.asc
Description: Digital signature
