On Mon, 18 Mar 2019 16:58:01 + Robie Basak
wrote:
> Package: libpq5
> Version: 11.2-2
> Severity: serious
> Affects: bandwidthd-pgsql dballe inspircd libnss-pgsql2 libodb-pgsql-2.4
> pmacct r-cran-rpostgresql saga sphinxsearch tora ulogd2-pgsql yubikey-server-c
> Justification: renders many Debian packages undistributable
>
> Hello,
>
> It's come to my attention that in buster and unstable, packages which
> build-depend on libpq-dev wind up linked against libpq5, which in turn
> links against OpenSSL (libssl1.1).
>
> This includes software which is licensed under the GPL and uses the
> PostgreSQL APIs.
>
> It is well understood that the OpenSSL license is not "compatible" with
> the GPL (either version 2 or 3); and furthermore, Debian has long taken
> the position that, unless a license exception is granted by the
> copyright holders, a package which is distributed under the GPL must
> only link to libraries whose licenses are also GPL-compatible in order
> for it to be included in Debian.
OpenSSL is now considered a system library in Debian, see
http://meetbot.debian.net/debian-ftp/2020/debian-ftp.2020-03-13-20.02.html
i.e. now such license exception is needed anymore.
Given that OpenSSL is much more battle tested then WolfSSL, I'd say
Postgresql should stick with it and not switch.
Regards,
Michael
signature.asc
Description: OpenPGP digital signature
