Hi guys,
My work with Renaud and the Nessus team has led me to be more sensitive
to the OpenSSL situation. (Unfortunately, we still don't have a
resolution yet.)
This is why my eyebrows raised when I looked at snort and found
that it had the same problem! We distributed snort-mysql link
On Wed, 2002-05-29 at 08:11, Simon Law wrote:
> I decided to take a look at what Reverse Depends on OpenSSL:
>
> [EMAIL PROTECTED]:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep
> '^ ' | wc -l
> 165
>
> These 165 packages include such GPLed software as: nessus,
> snort, wget-s
On 29 May 2002, Jeff Licquia wrote:
> On Wed, 2002-05-29 at 08:11, Simon Law wrote:
> > I decided to take a look at what Reverse Depends on OpenSSL:
> >
> > [EMAIL PROTECTED]:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep
> > '^ ' | wc -l
> > 165
> >
> > These 165 packages incl
On Wed, May 29, 2002 at 01:17:42PM -0400, Simon Law wrote:
> On 29 May 2002, Jeff Licquia wrote:
> > On Wed, 2002-05-29 at 08:11, Simon Law wrote:
> > > I decided to take a look at what Reverse Depends on OpenSSL:
> > > [EMAIL PROTECTED]:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep
> >
Steve Langasek <[EMAIL PROTECTED]>:
> > > One "solution" to the problem, assuming that most of the violations are
> > > in non-us, would be to not generate ISOs with non-us on them. This is
> > > practical now that crypto-in-main is done. At least in theory, then,
> > > OpenSSL (which is in main
On Wed, 2002-05-29 at 12:17, Simon Law wrote:
> On 29 May 2002, Jeff Licquia wrote:
> > Out of curiosity, do you have non-us in your sources.list? It would be
> > interesting to find out how much of that software is really in main.
>
> Yes, I do have non-us in my list. Removing it narrow o
On Wed, 2002-05-29 at 13:01, Edmund GRIMLEY EVANS wrote:
> Steve Langasek <[EMAIL PROTECTED]>:
> > In the legal world, wording makes all the difference. The GPL
> > specifically talks about code that's distributed *with* the GPLed
> > binary, not about code distributed *by the same people as* the
On 29 May 2002, Jeff Licquia wrote:
> On Wed, 2002-05-29 at 13:01, Edmund GRIMLEY EVANS wrote:
> > Steve Langasek <[EMAIL PROTECTED]>:
> > > In the legal world, wording makes all the difference. The GPL
> > > specifically talks about code that's distributed *with* the GPLed
> > > binary, not abou
Scripsit Simon Law <[EMAIL PROTECTED]>
> libssl0.9.6 is a standard library in main, so I guess it could
> very well be construed as a standard Debian Operating System library.
> Could we get the FSF to clarify if this would allow us to link GPLed
> software to this library under the OS linki
On Wed, 2002-05-29 at 15:24, Henning Makholm wrote:
> Scripsit Simon Law <[EMAIL PROTECTED]>
>
> > libssl0.9.6 is a standard library in main, so I guess it could
> > very well be construed as a standard Debian Operating System library.
> > Could we get the FSF to clarify if this would allow us
On 29 May 2002, Jeff Licquia wrote:
> In most cases, I think that rebuilding the package with "--no-ssl" or
> some such should do the trick. For others, simply removing the
> offending package may also suffice.
This would seriously cripple most security software. Which is
not something
On Wed, 2002-05-29 at 17:00, Simon Law wrote:
> On 29 May 2002, Jeff Licquia wrote:
>
> > In most cases, I think that rebuilding the package with "--no-ssl" or
> > some such should do the trick. For others, simply removing the
> > offending package may also suffice.
>
> This would seriousl
On Wed, May 29, 2002 at 01:17:42PM -0400, Simon Law wrote:
> As well, libssl0.9.6 isn't automatically
> installed with the system.
Sure it is:
Package: libssl0.9.6
Priority: standard
Section: libs
Source: openssl
Version: 0.9.6c-2
It's depended on by ssh, which is also standard in woody. I think
13 matches
Mail list logo
