Package: ntop Version: 3:4.99.3+ndpi5517+dfsg1-1 Severity: serious Justification: Policy 2.3
Hello, I noticed that ntop is mainly licensed under the terms of the GNU GPL v2 or later, with only one file (ssl.c) having an OpenSSL linking exception. However, ntop seems to link with libssl (which is notoriously GPL-incompatible) and also seems to link with libgdbm (which [1] is licensed under the GNU GPL v2 or later, with no OpenSSL linking exception). [1] http://packages.debian.org/changelogs/pool/main/g/gdbm/gdbm_1.8.3-11/libgdbm3.copyright I am under the impression that several ntop source GPL-licensed files get compiled into a binary that links with libssl, but do not have any OpenSSL linking exception. Moreover the same binary seems to also link with libgdbm, also GPL-licensed with no exception. This scenario seems to produce an undistributable binary package. Please clarify and/or cooperate with upstream in order to fix this issue. The possible solutions I can think of are: A) ntop is modified so that it can link with GNUTLS, instead of OpenSSL B) an OpenSSL linking exception is granted to all the relevant files by the respective copyright holders and also to the FSF's GNU DBM library by its copyright holders (I don't know how much this is likely to happen, though...) Thanks for your time. Bye. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
