Your message dated Tue, 17 Aug 2021 11:08:29 +0200
with message-id <[email protected]>
and subject line Re: Bug#963699: Fwd: PostgreSQL: WolfSSL support
has caused the Debian Bug report #963699,
regarding PostgreSQL: WolfSSL support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
963699: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963699
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpq5
Version: 11.2-2
Severity: serious
Affects: bandwidthd-pgsql dballe inspircd libnss-pgsql2 libodb-pgsql-2.4 pmacct
r-cran-rpostgresql saga sphinxsearch tora ulogd2-pgsql yubikey-server-c
Justification: renders many Debian packages undistributable
Hello,
It's come to my attention that in buster and unstable, packages which
build-depend on libpq-dev wind up linked against libpq5, which in turn
links against OpenSSL (libssl1.1).
This includes software which is licensed under the GPL and uses the
PostgreSQL APIs.
It is well understood that the OpenSSL license is not "compatible" with
the GPL (either version 2 or 3); and furthermore, Debian has long taken
the position that, unless a license exception is granted by the
copyright holders, a package which is distributed under the GPL must
only link to libraries whose licenses are also GPL-compatible in order
for it to be included in Debian.
I am opening this as a serious bug, since I believe this makes a large
and indeterminate number of packages non-distributable in buster.
See also bug 921488 which was the same situation but with MariaDB.
Based on a quick glance through the debian/copyright files of reverse
dependencies, I found the following packages that appear to generally be
licensed GPL-2 (only) for example and list no OpenSSL linking exception.
If I've accurately understood which licence applies in these cases, this
situation certainly cannot be resolved even with the upcoming OpenSSL
upstream relicense to Apache-2.0. Note that this is an indicative
non-exhaustive list only, based on some approximations and only sampling
to check accuracy; I haven't verified each one in detail.
bandwidthd-pgsql
dballe
inspircd
libnss-pgsql2
libodb-pgsql-2.4
pmacct
r-cran-rpostgresql
saga
sphinxsearch
tora
ulogd2-pgsql
yubikey-server-c
There are many more reverse dependencies licensed with GPL-2+, GPL-3,
etc, which suffer this redistributability until the relicensed OpenSSL
arrives in Debian.
Thanks,
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Re: Stephen Frost
> * Felix Lechner ([email protected]) wrote:
> > Attached please find a WIP patch for wolfSSL support in postgresql-12.
>
> Would really be best to have this off of HEAD if we're going to be
> looking at it rather than v12. We certainly aren't going to add new
> support for something new into the back-branches.
I'm closing the Debian part of this bug since this really needs to go
through pgsql-hackers.
Christoph
--- End Message ---
