On Tue, 30 Jun 2020 13:17:25 -0700 Felix Lechner <felix.lech...@lease-up.com> wrote: > Hi Florian, > > On Tue, Jun 30, 2020 at 12:15 PM Florian Weimer <f...@deneb.enyo.de> wrote: > > > > >> The other issue (WolfSSL GPL violation due to linking against > > >> GPL-incompatible applications via libpq) unfortunately remains. > > Can we figure out which packages in Debian are so affected?
You could search all reverse dependencies for OpenSSL, BSD-4-clause, MPL1, CDDL licensed packages or packages (transitively) linking with such projects. These would be the most common affected packages. Additionally, all the non-free packages which depend on libpq are in conflict with wolfSSL, which seems to be only tinyows right now. I do not think you end up with less packages than with the OpenSSL license "pollution", which will be milder in a few months with the license change to Apache license. A far better way to deal with the situation would be using a replacement that does not impose any more restrictions than libpq itself. I can find one such project that has an OpenSSL compatibility layer: MesaLink (BSD-3-clause). Most of its dependencies seem to be in Debian already, so I will give it a try in the next few weeks. I am going to report the results on this thread.