[clamav-users] Planned Addition Of OpenSSL Dependency
Dennis Peterson
dennispe at inetnw.com
Sun Mar 16 00:17:09 UTC 2014
On 3/12/14, 12:13:53PM, Scott Kitterman wrote:
> http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependency-to-clamav/
>
> I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding the
> dependency is fine from a technical perspective, but there is, at least
> currently, a licensing concern. The OpenSSL license is not GPL compatible and
> the policy in Debian/Ubuntu is that OpenSSL is not covered by the GPL system
> library exception.
>
> There is a good discussion of it here:
>
> https://people.gnome.org/~markmc/openssl-and-the-gpl.html
>
>
> This is easy enough to fix. Just make sure when you do the release that adds
> the dependency, you also allow an exception to allow it to be linked against
> OpenSSL, despite it's license being GPL incompatible. Something like:
>
Some packagers already don't distribute ClamAV with RAR support for this
reason. I'm one of them. I wonder if the Cisco/Snort/Clamav people know
there's a limit to how far you can go with this before we drop the
product and go with a commercial version. Tongue in cheek - I think that
is the end game.
dp
More information about the clamav-users
mailing list