[clamav-users] Planned Addition Of OpenSSL Dependency

Scott Kitterman ubuntu at kitterman.com
Wed Mar 19 00:25:52 EDT 2014


On Tuesday, March 18, 2014 13:51:46 Lawrence K. Chen, P.Eng. wrote:
> On 03/12/14 14:13, Scott Kitterman wrote:
> > http://www.clamav.net/lang/en/2014/02/22/introducing-openssl-as-a-dependen
> > cy-to-clamav/
> > 
> > I just noticed this.  I do the clamav packages for Debian/Ubuntu.  Adding
> > the dependency is fine from a technical perspective, but there is, at
> > least currently, a licensing concern.  The OpenSSL license is not GPL
> > compatible and the policy in Debian/Ubuntu is that OpenSSL is not covered
> > by the GPL system library exception.
> > 
> > There is a good discussion of it here:
> > 
> > https://people.gnome.org/~markmc/openssl-and-the-gpl.html
> 
> Sounds funny to me that it says "A much safer option is to use either the
> GNU TLS or Mozilla NSS library."
> 
> Recently there was an update to gnutls3, which has a new dependency for
> libunbound.so. Where to install the unbound package, there is a dependency
> for OpenSSL-1.0.1f.  Which I don't want getting installed on my system, so
> I deleted the (one) package that had introduced gnutls3....
> 
> All the other packages that want gnutls use the 2.x version.

Safer legally maybe, but just adding the exception is easy enough for 
avoidance of doubt about intent.  I hope they'll do it here.

Scott K



More information about the clamav-users mailing list