On Wed, 20 Mar 2019 15:59:40 +0000 Dimitri John Ledkov <dimitri.led...@canonical.com> wrote: > On Wed, 20 Mar 2019 16:31:25 +0100 Ansgar Burchardt <ans...@debian.org> wrote: > > Hi, > > > > the OpenSSL ./. GPL problem (if one sees it as a problem) is larger > > than just libpq5: just looking at a small sample of the direct rdeps of > > libssl1.1, one can find the following GPL-licensed programs linking it: > > > > cryptsetup, wesnoth, mydumper, mupdf, gatling, kopete > > > > Cryptsetup has a linking exception for OpenSSL: > https://tracker.debian.org/media/packages/c/cryptsetup/changelog-22.1.0-2
It has half of an exception. COPYING includes the following: +--- | In addition, as a special exception, the copyright holders give | permission to link the code of portions of this program with the | OpenSSL library under certain conditions as described in each | individual source file, and distribute linked combinations | including the two. +--- But the "certain conditions as described in each individual source file" are nowhere to be found; instead source files only say they are licensed under GPL (without any exception). Also, libcryptsetup12 has GPL-2+ rdeps (w/o any exception). So the problem only gets ever larger... Examples: libcryptsetup12 -> cryptmount (GPL-2+, no exception) libcryptsetup12 -> libvolume-key1 (GPL-2, no exception) -> libblockdev-crypto2 (LGPL-2.1+, no problem) -> udisks2 (GPL-2+, no exception) And indeed: +--- | % ldd /usr/lib/udisks2/udisksd | grep libssl | libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007ff0c6009000) +--- Ansgar
