Package: linm Severity: serious While looking at this package to do a QA upload I noticed several possible issues:
- GPLed, yet links against OpenSSL. While the only code that uses OpenSSL is licensed under a less restrictive license and on itself is proably ok to be linked with it, in the end all is meshed together in one library. - Said code is a copy of libssh2, so it probably should be using the seperate version in the archive instead. - Said code is also not mentioned in debian/copyright at all. - Parts of this package consist of static libraries that e.g. link parts of OpenSSL in. This is probably a bad idea from a security point of view. Together with the facts that this package is orphaned, laggs several version behind upstream, and has really low popcon numbers I think it would be better to keep it out of lenny for now and remove it soon unless someone wants to clean it up. Gruesse, Frank Lichtenheld -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]