Bug#361954: status update?
Hi folks, this package have been stuck while we were waitting for the OpenSSL exception to be added to the Ossec's legal code. Today this exception haven't been added, but Daniel Cid (upstream) wants to keep his code as GPL, so we can continue working hoping to solve the OpenSSL issue later. There are two ways to avoid the OpenSSL exception: disabling OpenSSL or migrate the code from OpenSSL to GNU/TLS. Now we already know, thanks to Javier Fernandez-Sanguino, that we can disable OpenSSL and make it work pretty easily. But the other question would be, what do you think about the impact of disabling openssl on Ossec? OpenSSL has some interesting features that should be considered. We can disable OpenSSL and make it work, but doing this we could be releasing a dangerous software, so IMHO it would be quite interesting to have an OpenSSL-2-GNUTLS.patch. Now I'm looking for the way to publish the source code of this package as it's developed. Maybe you already know a good place to do this and would like to share? Then please, let us know. I'm thinking in a git repository. Happy hacking, 2011/3/1 Ciarán Handley cia...@linux.ie Jose, Are you having discussions about this with the developer outside of their mailing lists? From what I found on the different lists at http://www.ossec.net/main/support/ there haven't been any updates since '09. It seems to me that for them to add exception/s is a trivial change. Why is this taking so long? What can we do to speed this up a bit? I took the liberty of making the 'suggestion' on their request page ( http://ossec.uservoice.com/forums/18254-general/suggestions/1543503-debian-package), if people would like to vote it up. Cheers, Ciarán -- Jose Antonio Quevedo Muñoz Key fingerprint: C88A AAFA CF91 F556 E1D5 52FC C3D7 3C5D 8224 5822 -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
Bug#361954: status update?
Jose, Are you having discussions about this with the developer outside of their mailing lists? From what I found on the different lists at http://www.ossec.net/main/support/ there haven't been any updates since '09. It seems to me that for them to add exception/s is a trivial change. Why is this taking so long? What can we do to speed this up a bit? I took the liberty of making the 'suggestion' on their request page ( http://ossec.uservoice.com/forums/18254-general/suggestions/1543503-debian-package), if people would like to vote it up. Cheers, Ciarán
Bug#361954: Status update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi everyone, about the last status update report: - - secondary functionality was already included in last upstream code, - - security concerns were overriden, - - the license exception for OpenSSL haven't been included by upstream yet. The OpenSSL exception is needed because Ossec links against the OpenSSL libraries. There are two ways to avoid this issue: the first one is to wait for upstream to include this exception into the legal code, the second one is to patch the code to make it link against GnuTLS instead of OpenSSL. While we keep waitting for upstream to path his legal code, we have recently begun coding this patch so, if you are really interested in having Ossec packaged for Debian, you are invited to code your own patch. If you do so remember to forward it to this bug or to me directly as you prefer. Best regards, -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJMnFf6AAoJEMPXPF2CJFgiZWAP/3c3SGjkyT6NJH5NKW5SWcmJ Tn8YpVKRgLpXlTiepIoUaXHrPTxVdCNdfCP7K3eaP8rr05ur085JvdZR0I7FWYMW mMMP29do0k1SEvX4U8X5FRbpq7NKqP6baM+CZ76paE3jWHViGkALfYdK9vKtRjRg GzJVaU1Z078Nn85GqV4g7N4BBk3c9EpnwBKQvrG2bQPvGJfglXsDvQ4fEij2dqtH ZnnDcfALnbLpVj8nh+HIHpCfm16HnHYb4IeGcqMbYxwFEL/IvA3B/n+I67rt4zDL TF8dzRiSgKO7W7S4S6SiXPHQfIjOaKu8urS+J9YXRwJIMBWTZ0RiWGaCaLgP4nZl D2b2JnE+RDupIEvdrpk+2s8o3NOU3doKc7wGYysdrlVVBUlV2PXNlPS0eNBRJUYR Y9EM6Oio8waMM3FATag8/c7W6BaDq7/LBmyX9+bcOArxD/+qP916SP3Fsvx1m8e/ yxRhUaF/k8xzUmEZNR+1hc5v2nRebv6g4Myce06+ZQ6G7CvQWS1XSEuplzf5FiIH Mg1IgQaiuPfRH8EDs2NMOr2urDLdqv9V2XboB9M58ZqtdEPe1DmCTrMXG/3J0NJ4 Cwgt6h+VGgLGb6mYHw5VODhfprSoJopdzFJhrSGizB+HT367KAx/0IlLmnHzLXW0 wDAEJEnoUWidQ0KG/DGL =tr/p -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c9c57fe.7080...@gmail.com
Bug#361954: Status update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Any news about the first 2 improvement ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyaRPMACgkQfwer1QPZVNIhjQCfXMxJofk98XZUhp38XlicltxL SsYAoKx5dYuCt205+cC7T3H/UKKTAIxU =8wwA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c9a44f4.7090...@free.fr
Bug#361954: Status update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all again, an improvements list about ossec v2.3 was uploaded to upstream on April 13th, 2010. This improvements are about license issues, how this software works (security issues), and secondary functionality. Now we are waiting for the first 2 improvements to be done to continue working on this package. Best regards, - - -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA - - -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCAAGBQJMAnFjAAoJEBwLEnROdHjalo0P/RI+EJQT5cUtCBLqs+kIkZn0 B1KlWj/CqGnqUnco88GEZhdE0/HI16X9ZxkC6S2eBkrFETPtbVrzo6gW4MhKlZOo S/wuOXcN49ahy3pZKBzudyu08ojdR8ozRdGGRJIon8AqPtIdbFgXRcXinPivB2I8 PgSfESAtn0N8RdQ0sbPwduHYfvSbhGvbL4SBryys3Q2S1McK+zOctJbNTyPt7urL +gQomPQygMGnlavQawyGzznp3fP1DkfNZkaAI0dbNcy26NzVG4WToS2XVwJW8vtd xh0Nkz+1klKrJy7/pm/qKCyvOJ2xAi/yRktD3KoX6wx+ZBRb8yz6vddvmUYbqSx6 ZijNtlUJTzeF6ttmOZU90XHw8cEc8j88GkZSCveKEwOZkdAJjWsp9WDZEtTgpiW7 ntYiZEOm4osdRr0PyPpMHXHkDBbet9e7qstVyMcA2t+3n8OOwMyjWvGjXWDKWaeK Qvwzw5mrMpRPuA57iHNozQRsdnaQ/izGe7Tj8oy7BmkwttAOMkwHfm87Gm+1TQjH yWul1m80go6+MDBZFqqRtFUvfyx0hAWn9ZqMNo80CF8/WUp/4z5fyJv1pgu+p7JH 9PXqDm8ubpQ59E8yapE//4AGG9zHnHhkYRDYH4h7vbtSNJi3hg+hx+PgUW5lwxsJ cyjDAkybnyM22kAYTAeE =dnFk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c027165.9030...@gmail.com
Bug#361954: Status update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all, first of all, I'd like to thank Matej Vela for his last notes in this thread, it was a very good place to start analyzing the package. Today Ossec cannot be distributed by Debian because of a license issue that was notified to the upstream around 2 months ago. They have to add an OpenSSL exception to the license and they are discussing this issue. We are now waiting for news about this, Daniel B. Cid (upstream) said that he doesn't think that this issue would be a problem, so we can continue working on it hoping this change will happen, but we cannot distribute this code with the current license. So now I'm looking for all those changes that would be nice to be done on the upstream code. I'll thank any advise about any aspect relative to this package. Thanks for all. Best regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCAAGBQJLXov0AAoJEBwLEnROdHjaaC0P+wUOHZaqLTKHaGgm7ImGRhq3 PHM3A5qh/eGG6qCZ68KFfeJ/29bSQc2Cm/EYJrpJ51WnCTaDxFiaOgWmxK+MdXaY 7yCMk+AxmBxjrhALMf/Rl0GtnqSFol/WG4O07t5C7k2DkGp6K3jxu0KOoRPZzyN6 HX5N8oDKRM5Osd+BXDGR2DipWx0ZAA/2O2g23qABUNAuuHcB10ARgyid/uy7hrwH To38xzBSvgH+fjQHOFWlhpSbwi/rEOvaCOWXf+Iq+l/xvRtYbyrMHNm7Og0bfH42 T7xlSYYqEGnl1gQ3JdRU/ox54JA4C26P9ftum19aaciGy8g+cErTzi2mf1W0Mj/5 1bp574J4IJVuAEsRul5ORnDG7TU70JQmcCR/boOt3G0CbesSUAHgoM+Q/l9P2uF6 ZbYFdO4CxppAPK6spe7wte2DJQ/O5xyuXnTICXLBMTBXh1f167Qc0511du7EQ6jI nKu2WgDKkK/pnIX3j6Ltq86vowKp2YVjZpLhajwrPyKQUGpzLFoSsYtx22nyZqJB KFV16WJnkSeKPZfSq2G0F0H0yt0CHDAgQyEkxU7PsA/JcqVpiLkhuZIIbA1GZRAW FSVHCwp8axiKu1sF53r2zRaWMeSwHGuoQlmLNhdTDJlxDA0tn3XjMr6xq/nyODbv C/sm5n6/+CJy2cUpaDMe =jN2Z -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org