Hi,
On 09.05.2014 23:18, Sebastian Andrzej Siewior wrote:
On 2014-05-09 22:41:44 [+0200], Andreas Cadhalpun wrote:
On 09.05.2014 22:01, Andreas Cadhalpun wrote:
I'm currently looking at updating debian/copyright.
I think we have a major problem here: None of clamav's reverse-dependencies
(c-icap-modules, dansguardian, havp, python-clamav) have an OpenSSL
exception.
I have no clue about how to procede, now that clamav depends on openssl.
Any ideas?
Besides COPYING contains:
REGARDING OPENSSL
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
I'm not sure, if this is a wide enough exception, particular as many files
(in the libclamav directory) include OpenSSL headers, but only a few (e.g.
crypto.c and crypto.h) have an OpenSSL exception in the file, as required by
above general notice. And even in those files this exception doesn't explain
the 'certain conditions', but is rather a copy of above notice.
I'm no lawyer, but this seems to be problematic.
This is just great. Why didn't they use gnutls / libgcrypto library?
I've been lookin at reverting that openssl crypto patch, it looks like a
big mess but I think mostly because even those which are unrelated. They
also use the openssl code in 7z for instance. Not sure how much of this is
okay.
Mommy?
Maybe we could replace OpenSSL with gnutls?
From the Changelog:
* Replace in-house crypto code (md5, sha1, sha256 hashing algorithms)
with calls to OpenSSL. This makes OpenSSL a required dependency for the
engine.
I guess gnutls has quite similar functionality?
But I don't know, how difficult it would be to switch.
Best regards,
Andreas
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
