On Wed, 2002-05-29 at 08:11, Simon Law wrote: > I decided to take a look at what Reverse Depends on OpenSSL: > > [EMAIL PROTECTED]:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep > '^ ' | wc -l > 165 > > These 165 packages include such GPLed software as: nessus, > snort, wget-ssl, proftpd, kdelibs3-crypto, postgresql, gnustep-ssl, > etc... I'm very disturbed by this discovery, as we would be doing > something illegal by distributing these packages in the upcoming > release. What should we do?
Out of curiosity, do you have non-us in your sources.list? It would be interesting to find out how much of that software is really in main. One "solution" to the problem, assuming that most of the violations are in non-us, would be to not generate ISOs with non-us on them. This is practical now that crypto-in-main is done. At least in theory, then, OpenSSL (which is in main) would be "normally distributed" with Debian, and these components would not "accompan[y] the executable". I don't like it much, but it would at least have a veneer of respectability. As for GPLed stuff in main linked against OpenSSL: I don't know. It really should be pulled. OTOH, we're already nearly a month behind on releasing woody, and pulling some of that stuff would be a bit harsh. I'd also be careful, though, and check your licenses. At least one that you mention (postgresql) is BSD. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
