[clamav-users] Planned Addition Of OpenSSL Dependency
Scott Kitterman
ubuntu at kitterman.com
Sun Mar 16 22:00:09 UTC 2014
On Saturday, March 15, 2014 17:17:09 Dennis Peterson wrote:
> On 3/12/14, 12:13:53PM, Scott Kitterman wrote:
> > http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependen
> > cy-to-clamav/
> >
> > I just noticed this. I do the clamav packages for Debian/Ubuntu. Adding
> > the dependency is fine from a technical perspective, but there is, at
> > least currently, a licensing concern. The OpenSSL license is not GPL
> > compatible and the policy in Debian/Ubuntu is that OpenSSL is not covered
> > by the GPL system library exception.
> >
> > There is a good discussion of it here:
> >
> > https://people.gnome.org/~markmc/openssl-and-the-gpl.html
> >
> >
> > This is easy enough to fix. Just make sure when you do the release that
> > adds the dependency, you also allow an exception to allow it to be linked
> > against
> > OpenSSL, despite it's license being GPL incompatible. Something like:
> Some packagers already don't distribute ClamAV with RAR support for this
> reason. I'm one of them. I wonder if the Cisco/Snort/Clamav people know
> there's a limit to how far you can go with this before we drop the
> product and go with a commercial version. Tongue in cheek - I think that
> is the end game.
Debian/Ubuntu do not have RAR support built in. The code for RAR checking is
separately distributed through the associated non-free repositories. That's
less of a problem than GPL + OpenSSL without the exception. Without the GPL
exception, then the resulting binary isn't distributable (Based on our
interpretation of the system library exception for the GPL). As I understand
it, Fedora has a different interpretation, so it might not disappear from all
distros, but getting the exception included is essential for us.
Scott K
More information about the clamav-users
mailing list