[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

GPLed software and OpenSSL

Hi guys,

My work with Renaud and the Nessus team has led me to be more sensitive
to the OpenSSL situation.  (Unfortunately, we still don't have a
resolution yet.)

	This is why my eyebrows raised when I looked at snort and found
that it had the same problem!  We distributed snort-mysql linked with
OpenSSL which we are not allowed to do!

	I think it is indicative that there is a huge flaw in the
OpenSSL licensing; specifically, that thrice damned advertising clause.
I decided to take a look at what Reverse Depends on OpenSSL:

sfllaw@SAL9000:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep
'^  ' | wc -l

	These 165 packages include such GPLed software as: nessus,
snort, wget-ssl, proftpd, kdelibs3-crypto, postgresql, gnustep-ssl,
etc...  I'm very disturbed by this discovery, as we would be doing
something illegal by distributing these packages in the upcoming
release.  What should we do?


To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: