[clamav-users] Planned Addition Of OpenSSL Dependency

Scott Kitterman ubuntu at kitterman.com
Wed Mar 12 15:13:53 EDT 2014


http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/

I just noticed this.  I do the clamav packages for Debian/Ubuntu.  Adding the 
dependency is fine from a technical perspective, but there is, at least 
currently, a licensing concern.  The OpenSSL license is not GPL compatible and 
the policy in Debian/Ubuntu is that OpenSSL is not covered by the GPL system 
library exception.

There is a good discussion of it here:

https://people.gnome.org/~markmc/openssl-and-the-gpl.html


This is easy enough to fix.  Just make sure when you do the release that adds 
the dependency, you also allow an exception to allow it to be linked against 
OpenSSL, despite it's license being GPL incompatible.  Something like:

 * In addition, as a special exception, the copyright holders give
 * permission to link the code of portions of this program with the
 * OpenSSL library under certain conditions as described in each
 * individual source file, and distribute linked combinations
 * including the two.
 * You must obey the GNU General Public License in all respects
 * for all of the code used other than OpenSSL.  If you modify
 * file(s) with this exception, you may extend this exception to your
 * version of the file(s), but you are not obligated to do so.  If you
 * do not wish to do so, delete this exception statement from your
 * version.  If you delete this exception statement from all source
 * files in the program, then also delete it here.

Scott K



More information about the clamav-users mailing list