Cleaning up the team's packages?

Reinhard Tartler siretart at gmail.com
Mon Apr 28 16:30:44 UTC 2014 

On Mon, Apr 28, 2014 at 12:10 PM, Jaromír Mikeš <mira.mikes at gmail.com> wrote:
>
>
>
> 2014-04-28 17:55 GMT+02:00 Jaromír Mikeš <mira.mikes at gmail.com>:
>
>> 2014-04-28 17:33 GMT+02:00 Alessio Treglia <alessio at debian.org>:
>>
>>> On Mon, Apr 28, 2014 at 4:05 PM, Jaromír Mikeš <mira.mikes at gmail.com>
>>> wrote:
>>> > E: petri-foo: possible-gpl-code-linked-with-openssl
>>> > N:
>>> > N:    This package appears to be covered by the GNU GPL but depends on
>>> > the
>>> > N:    OpenSSL libssl package and does not mention a license exemption
>>> > or
>>> > N:    exception for OpenSSL in its copyright file. The GPL (including
>>> > version
>>> > N:    3) is incompatible with some terms of the OpenSSL license, and
>>> > therefore
>>> > N:    Debian does not allow GPL-licensed code linked with OpenSSL
>>> > libraries
>>> > N:    unless there is a license exception explicitly permitting this.
>>> > N:
>>> > N:    If only the Debian packaging, or some other part of the package
>>> > not
>>> > N:    linked with OpenSSL, is covered by the GNU GPL, please add a
>>> > lintian
>>> > N:    override for this tag. Lintian currently has no good way of
>>> > N:    distinguishing between that case and problematic packages.
>>> > N:
>>> > N:    Severity: serious, Certainty: wild-guess
>>> > N:
>>> > N:    Check: copyright-file, Type: binary
>>>
>>> The warning is self-explanatory. Remove the build-dep on libssl, then
>>> either:
>>>
>>> 1. Try to build it with libgnutls-dev instead
>>> 2. Ask upstream to avoid linking against it directly; he could use dlopen
>>> for it
>>>
>>> Cheers!
>>>
>>
>>
>> Build with libgnutls-dev doesn't work so I asked upstream for using
>> dlopen.
>
>
> I guess we have to wait for upstream fix now?
>

I guess upstream would appreciate a patch that fixes this issue, so no
need to wait.

BTW, I find suggesting dlopen() a pretty slippery slope, not everyone
agrees that using dlopen() avoids the OpenSSL/GPL incompatibility.
Further options would include to a) disable the functionality that
uses openssl (may not work if it is essential for regular operation or
b) port to something else like nettle or gnutls.

a) might be the least amount of work.

-- 
regards,
    Reinhard

More information about the pkg-multimedia-maintainers mailing list