clone 519684 -1 reassign -1 raptor retitle -1 raptor links against openssl, makes a lot of packages undistributable block 519684 -1 thanks
Adrian Bunk wrote: > Package: tracker > Version: 0.6.90-4+b1 > Severity: serious > > $ ldd /usr/lib/tracker/trackerd | grep ssl > libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8d7dec1000) > $ > > /usr/share/doc/tracker/copyright says: > > <-- snip --> > > .... > License: > > All files if not specified otherwise are licensed under the GPL v2 or later. > .... > > <-- snip --> > > > I didn't find any statement that all copyright holders of GPL'ed code > in tracker have given extra permission to link with OpenSSL. > > > See also question 28 at > http://people.debian.org/~bap/dfsg-faq > > > -- System Information: > Debian Release: squeeze/sid > APT prefers unstable > APT policy: (500, 'unstable'), (500, 'testing') > Architecture: amd64 (x86_64) > .... > Versions of packages tracker depends on: > .... > ii libcurl3 7.18.2-8.1 Multi-protocol file transfer > libra > ^^^^^^^^ > .... To clarify this: the dependency on libssl is created by libraptor, which links against libcurl-openssl instead of libcurl-gnutls. I checked the list of packages which link against libraptor, and most of them don't have such an openssl exemption, are thus not distributable (withing Debian). Imho the only sane thing to do here, is to link libraptor against libcurl-gnutls. A trivial patch for raptor is attached (haven't done any further testing though). A recompilation of tracker should then be sufficient. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
diff --git a/debian/control b/debian/control
index 44ae41a..1ed185c 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: raptor
Section: devel
Priority: optional
Maintainer: Dave Beckett <daj...@debian.org>
-Build-Depends: debhelper (>> 5), autotools-dev, cdbs, libtool (>= 1.5), libxml2-dev (>= 2.5.10), libcurl4-openssl-dev, libxslt1-dev (>= 1.0.18)
+Build-Depends: debhelper (>> 5), autotools-dev, cdbs, libtool (>= 1.5), libxml2-dev (>= 2.5.10), libcurl4-gnutls-dev, libxslt1-dev (>= 1.0.18)
Standards-Version: 3.8.0
Package: libraptor1-dev
@@ -12,7 +12,7 @@ Conflicts: libraptor-dev, libraptor0 (<= 0.9.12-2), libraptor1 (<=1.0.0-4)
Suggests: libraptor1-doc
Section: libdevel
Architecture: any
-Depends: libraptor1 (= ${binary:Version}), libxml2-dev (>= 2.5.10), libcurl4-openssl-dev, libxslt1-dev (>= 1.0.18), pkg-config (>= 0.18)
+Depends: libraptor1 (= ${binary:Version}), libxml2-dev (>= 2.5.10), libcurl4-gnutls-dev, libxslt1-dev (>= 1.0.18), pkg-config (>= 0.18)
Description: Raptor RDF parser and serializer development libraries and headers
Raptor Resource Description Framework (RDF) parser and serializer
development libraries, header files and documentation needed by
signature.asc
Description: OpenPGP digital signature
