Package: libvncclient1
Version: 0.9.14+dfsg-1
Severity: serious
Hi,
libvncclient1 depends on libsasl2-2, which is licensed under CMU's BSD-3-Clause-Attribution license and covered by the
RSA-MD license. They have clauses in place, which are known to be incompatible with GPL (libvncclient1's license).
There are several possible solutions to this problem:
1) Build without SASL support. The affected symbols GetTLSCipherBits, HandleSASLAuth, and ReadFromSASL are not used by
any of the reverse dependencies.
2) Support my request at #996892.
3) Ask upstream to add a license exception for libsasl2-2, similar to the one
that was required by Debian for OpenSSL
for a long time.
Thanks for your consideration,
Bastian