This one time, at band camp, peter green said: > I've done some flyby inspection of this bug and come to the following > conclusions. > > * The freeradius build has a check for links with anything in a libssl* > package BUT this check only detects direct links.
Yes, I am (after a conversation with an ftp-master) taking the stance that multi-level transitive links both can't be reliably checked for, and are also not that big an issue. For many libraries in Debian, we ship a version linked to openssl and a version linked to gnutls - if a local admin installs the openssl one of these 3 removes away, there's not much we as packagers can do, so I'm not that worried about it. On the other hand, if we declare a direct relationship between 2 pieces of software that have conflicting licenses, we do have a clear problem. That's why the check is there - I admit it's a bit of a gross hack, but in this case, I'm glad it's there, as it's saved us from accidentally distributing something that's clearly a GPL violation in the current arrangement. > * Freeradius normally ends up with an indirect link to libcrypto (from > the libssl* package) via libsnmp. On the failing mips build a buggy > libtool version was used which I suspect (I can't confirm this due to > being unable to get a copy of the version of libtool in question) meant > it ended with a direct link to libcrypto causing the build to abort. That was my first rough impression. Glad to have a second pair of eyes on it, though. > * My understaning is (and I may be wrong) the debian interpretation of > the GPL is that any link with openssl whether direct or indirect is > unacceptable unless a specific exception is granted by the authors of > all GPL code in or linked to by the binary. This is the stance the project has so far taken, yes. There is work underway in the freeradius project to add that excemption, and then this can go away for at least this codebase. > P.S. the debian/copyright file could do with a bit of clarification, it > states the code is released under GPL v2 and then pastes a license block > that says v2 or later. Agreed. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sg...@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
