This one time, at band camp, Hilko Bengen said: > Stephen Gran <[EMAIL PROTECTED]> writes: > > > I would love to, believe me. Unfortunately the main code base is GPL > > and the unrar code is licensed incompatibly. > > It doesn't look as if fixing this licensing problem is a top priority > on upstream's list. Which is fine. They apparently operate in a > slightly different value system. > > > The problem is not, as many people seem to believe, that Debian > > doesn't want the unrar code because it's not free. The problem is > > that combining the code bases produces a work that we cannot > > distribute. > > We can't distribute libclamav in main if it is linked to the unrar > code _in a way that constitutes a hard dependency_.
Or _in the same tarball_. Right now I drop the .[ch] files from the libclamunrar subdirectory and retar the result so that we are not creating an unredistributable source tarball. In order to make libclamunrar useful, I'll need to repackage the source and make it build stand alone so that the result can go in non-free. > > Some various solutions have been discussed with upstream, but it is > > up to upstream to implement one of them - I am not going to add the > > code complexity as a Debian specific patch. > > Excuse me? The dlopen() patch I provided in #484670 for 0.94 is just > over 30 lines[1], including comments, and affects only one .c and one > .h file. There is really not _that_ much added complexity. And the > patch has been tested for weeks here in a production setup. How big is your patch to make libclamunrar build standalone? Where is it? > Upstream is more likely to implement a fix for the issue if we provide > working code which is exactly what I have done here. Please, accept > the patch as part of the package so it gets more widely tested and > finally accepted by upstream. > > If we want to provide a solution that is helpful for our users, we'll > have to provide it ourselves. Upstream is not going to do it. Please do some small amount of research before getting bent out of shape. This is on the road map for 0.95, and last I looked, they were using an implementation based largely around your patchset. What I said, and what I mean, is that I am not planning on deviating significantly from upstream in a security sensitive application that is already hard to maintain through a stable release at the best of times. While your patch is small, it introduces complexity that isn't there now and has me maintain a new library in non-free. So no, not just yet. > If we don't want to provide that helpful solution, it would be more > honest to remove clamav from the archive. You're free to think that. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
