On Mar 26, 2005, at 5:10 PM, Dave Vasilevsky wrote:
On Mar 16, 2005, at 2:39 PM, Lars Rosengreen wrote:Yes, I think we do. I'll try to construct a list of packages that may be affected.
Thanks Lars.
Here is a preliminary list. I have only had a chance to verify a few of these, so there are bound to be several false positives in here.
unstable/main -------------------- net/lftp.info GPL Justin F. Hallett
unstable/crypto --------------------- amule.info GPL ASARI Takashi aqbanking.info GPL Peter O'Gorman aqhbci-qt-tools.info GPL Peter O'Gorman aqhbci.info GPL Peter O'Gorman bazaar-ssl.info GPL/GFDL Lars Rosengreen ccvssh.info GPL David Bacher cfengine.info GPL Matthew Flanagan clamav.info GPL Remi Mommsen dods.info GPL Jeffrey Whitaker ejabberd.info GPL Daniel Henninger ekg-ssl.info GPL/LGPL Benjamin Reed elinks-ssl.info GPL Daniel Macks ethereal-ssl.info GPL Max Horn fetchmail-ssl.info GPL Eric Knauel fwbuilder.info GPL Vadim Zaliva gftp-ssl.info GPL Justin F. Hallett gnome-vfs-ssl.info GPL/LGPL None gnome-vfs2-ssl.info GPL/LGPL The Gnome Core Team gnomemeeting.info GPL/LGPL Shawn Hsiao gwenhywfar.info LGPL Peter O'Gorman htmldoc-1.8.23-13.info GPL Thomas Kotzian htmldoc-nox-1.8.23-3.info GPL Thomas Kotzian irssi-ssl.info GPL Max Horn jpilot-ssl.info GPL None jwgc-ssl.info GPL Daniel Henninger kdebase3-ssl.info GPL/LGPL Benjamin Reed kdelibs3-ssl.info GPL/LGPL Benjamin Reed kdenetwork3.info GPL/LGPL Benjamin Reed lftp-ssl.info GPL Justin F. Hallett libnasl3-ssl.info GPL Corey Halpin libnessus-ssl.info GPL None libnessus3-ssl.info GPL Corey Halpin libsoup-ssl.info GPL/LGPL The Gnome Core Team links-ssl.info GPL Finlay Dobbie lynx-ssl.info GPL None msmtp.info GPL Darian Lanx mutt-ssl.info GPL Christian Swinehart neon23-ssl-0.23.9-11.info LGPL Christian Schaffner neon24-ssl.info LGPL Christian Schaffner openhbci.info LGPL Peter O'Gorman proftpd.info GPL Justin F. Hallett pyopenssl-py.info LGPL Daniel Henninger qca.info LGPL Benjamin Reed samba-ldap.info GPL None samba.info GPL None sitecopy-ssl.info GPL Max Horn socat-ssl.info GPL Chris Dolan soup-ssl.info GPL/LGPL None squid-ssl.info GPL Benjamin Reed stunnel4.info GPL Thomas Diemer sylpheed-ssl.info GPL None vtun.info GPL None wget-ssl.info GPL Sylvain Cuaz xchat-ssl.info GPL Max Horn
stable/main ---------------- net/lftp.info GPL Justin F. Hallett
stable/crypto ----------------- clamav.info GPL Remi Mommsen dcgui-qt-ssl.info GPL Hanspeter Niederstrasser dods.info GPL Jeffrey Whitaker ethereal-ssl.info GPL Max Horn fetchmail-ssl.info GPL Eric Knauel gabber-ssl-0.8.7-22.info GPL Max Horn gnome-vfs-ssl.info GPL/LGPL None gnome-vfs2-ssl.info GPL/LGPL The Gnome Core Team gnomemeeting.info GPL/LGPL Shawn Hsiao irssi-ssl.info GPL Max Horn kdebase3-ssl.info GPL/LGPL Benjamin Reed kdelibs3-ssl.info GPL/LGPL Benjamin Reed lftp-ssl.info GPL Justin F. Hallett libnessus-ssl.info GPL None libsoup-ssl.info GPL/LGPL The Gnome Core Team links-ssl.info GPL Finlay Dobbie lynx-ssl-2.8.4-23.info GPL Alexander Strange lynx-ssl.info GPL None mutt-ssl-1.4i-31.info GPL Christian Swinehart neon23-ssl-0.23.9-11.info LGPL Christian Schaffner neon24-ssl.info LGPL Christian Schaffner openhbci.info LGPL Peter O'Gorman samba-ldap-2.2.8a-21.info GPL None samba.info GPL None sitecopy-ssl.info GPL Max Horn soup-ssl.info GPL/LGPL None squid-ssl.info GPL Benjamin Reed stunnel4.info GPL Thomas Diemer wget-ssl.info GPL Sylvain Cuaz xchat-ssl.info GPL Max Horn
dclib0-ssl and valknut-ssl have modified their licenses to allow linking with openssl, but valknut also has a build dep on gt3-dev, which is gpl'd -- probably still not compatible
I guess once we have this, for each package we'll need to:
- Notify the upstream developers that they're sitting on a time bomb. :-)
- Do one of the following, in order of preference:
* Get permission from the upstream devel to link with OpenSSL
* Link the package against OpenTLS
* Link the package against the system OpenSSL (BuildConflict with Fink's version)
* Remove the package from the bindist, possibly from unstable too.
Any other options?
To me the solution seems fairly simple: if a package has gpl (or lgpl) in its license field and has a builddep on fink's openssl, then it should no longer be included in the binary distribution, unless someone can establish that the upstream authors permit linking against openssl. We could change the license field of such packages to restrictive, or better yet, create a new license category for cases like this where fink may distribute source code but not binaries.
-Lars
-- Lars Rosengreen <[EMAIL PROTECTED]> http://www.margay.org/~lars
smime.p7s
Description: S/MIME cryptographic signature