Hi folks, this package have been stuck while we were waitting for the OpenSSL exception to be added to the Ossec's legal code. Today this exception haven't been added, but Daniel Cid (upstream) wants to keep his code as GPL, so we can continue working hoping to solve the OpenSSL issue later. There are two ways to avoid the OpenSSL exception: disabling OpenSSL or migrate the code from OpenSSL to GNU/TLS.
Now we already know, thanks to Javier Fernandez-Sanguino, that we can disable OpenSSL and make it work pretty easily. But the other question would be, what do you think about the impact of disabling openssl on Ossec? OpenSSL has some interesting features that should be considered. We can disable OpenSSL and make it work, but doing this we could be releasing a dangerous software, so IMHO it would be quite interesting to have an OpenSSL-2-GNUTLS.patch. Now I'm looking for the way to publish the source code of this package as it's developed. Maybe you already know a good place to do this and would like to share? Then please, let us know. I'm thinking in a git repository. Happy hacking, 2011/3/1 Ciarán Handley <cia...@linux.ie> > Jose, > > Are you having discussions about this with the developer outside of their > mailing lists? From what I found on the different lists at > http://www.ossec.net/main/support/ there haven't been any updates since > '09. It seems to me that for them to add exception/s is a trivial change. > Why is this taking so long? What can we do to speed this up a bit? I took > the liberty of making the 'suggestion' on their request page ( > http://ossec.uservoice.com/forums/18254-general/suggestions/1543503-debian-package), > if people would like to vote it up. > > Cheers, > Ciarán > -- Jose Antonio Quevedo Muñoz Key fingerprint: C88A AAFA CF91 F556 E1D5 52FC C3D7 3C5D 8224 5822 -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
