GNU bug report logs - #34717
GPL and Openssl incompatibilities in u-boot and possibly others

Previous Next

Full log

Message #35 received at 34717 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: Danny Milosavljevic <dannym <at> scratchpost.org>, 34717 <at> debbugs.gnu.org
Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and
 possibly others
Date: Sat, 09 Mar 2019 22:57:21 +0100

Vagrant Cascadian <vagrant <at> debian.org> skribis:

> On 2019-03-08, Ludovic Courtès wrote:
>> Vagrant Cascadian <vagrant <at> debian.org> skribis:
>>> I'm not sure where it would be appropriate to add more comments
>>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to
>>> propose adding one of the u-boot targets that requires it, they might
>>> just go ahead and re-add the openssl input...
>>
>> There’s always a risk.  I guess we’ll have to be careful when doing
>> reviews.
>
> Sure. I was thinking maybe putting a comment in the native-inputs where
> "openssl" was removed, but wasn't sure what the conventions might be.

Yeah that would have worked I guess.

>> In addition, we can add a ‘lint’ checker for this case, WDYT?
>
> Does the lint checker have a way to identify a confidence level,
> e.g. *maybe* it has this issue vs. *certainly*? Is there a way to
> override the lint checker issues for known false positives? Otherwise,
> it might just be annoying noise for packagers where it isn't
> appropriate.

No it doesn’t have that notion of a confidence level.

The warning could be triggered only when a package is GPL’d and has a
direct dependency on OpenSSL (we’d forget about indirect dependencies in
this case.)  The noise would be rather limited and justified in this
case, I think.  WDYT?

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.