[debian-mysql] Bug#971367: Bug#971367: mariadb-10.5 should not embed wolfssl
Helmut Grohne
helmut at subdivi.de
Tue Sep 29 19:43:31 BST 2020
On Tue, Sep 29, 2020 at 03:24:52PM +0100, Robie Basak wrote:
> The relevant previous bug is
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921488 where the
> packaging switched from "system" to "bundled". Switching back to
> "system" would regress that licensing problem.
>
> Also relevant is
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924937 which is the
> same situation but for Postgres.
>
> I don't know how to resolve this conflict between Debian's security
> position and Debian's licensing position, but hopefully the above
> references provide some background to help someone else figure this out.
Thank you for the background. Let me detail on the security side. The
issue is not with using wolfssl. The issue is with using a bundled ssl
library. Doing so means that a single bug in wolfssl must be uploaded
several times in order to fix it. I think it would be ok to use the
system copy of wolfssl. However, that's not what happens when you
specifcy -DWITH_SSL=system it seems. Would
-DWITH_SSL=/usr/include/wolfssl be an option?
Does that look resolvable now?
Helmut
More information about the pkg-mysql-maint
mailing list