found 508292 1.0-1 thanks On Tue, Dec 09, 2008 at 12:40:14PM -0500, Barry deFreese wrote: > Package: gkrellm-snmp > Version: 1.0-1.1 > Severity: Serious > > Hello, > > While working on an NMU for gkrellm-snmp, I noticed that the package is > linked against Openssl libraries without a license exception. > > Probably need to contact upstream to see if they can use gnutls or > possibly snmpv3 will give the required functionality.
This applies to the lenny version too, so noting that to the BTS. The direct openssl linkage could be easily eliminated because the binary doesn't really need it: dpkg-shlibdeps: warning: dependency on libcrypto.so.0.9.8 could be avoided if "debian/gkrellm-snmp/usr/lib/gkrellm2/plugins/gkrellm_snmp.so" were not uselessly linked against it (they use none of its symbols). However, I understand transitive openssl linkage through libsnmp15 is just as bad. Reading #501145 and http://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html this is quite a big can of worms to open... -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
