[clamav-users] Planned Addition Of OpenSSL Dependency

Dennis Peterson dennispe at inetnw.com
Sat Mar 15 20:17:09 EDT 2014


On 3/12/14, 12:13:53PM, Scott Kitterman wrote:
> http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/
>
> I just noticed this.  I do the clamav packages for Debian/Ubuntu.  Adding the
> dependency is fine from a technical perspective, but there is, at least
> currently, a licensing concern.  The OpenSSL license is not GPL compatible and
> the policy in Debian/Ubuntu is that OpenSSL is not covered by the GPL system
> library exception.
>
> There is a good discussion of it here:
>
> https://people.gnome.org/~markmc/openssl-and-the-gpl.html
>
>
> This is easy enough to fix.  Just make sure when you do the release that adds
> the dependency, you also allow an exception to allow it to be linked against
> OpenSSL, despite it's license being GPL incompatible.  Something like:
>


Some packagers already don't distribute ClamAV with RAR support for this 
reason. I'm one of them. I wonder if the Cisco/Snort/Clamav people know 
there's a limit to how far you can go with this before we drop the 
product and go with a commercial version. Tongue in cheek - I think that 
is the end game.

dp



More information about the clamav-users mailing list