bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others

[Ludovic Courtès]

Vagrant Cascadian <address@hidden> skribis:

> On 2019-03-08, Ludovic Courtès wrote:
>> Vagrant Cascadian <address@hidden> skribis:
>>> I'm not sure where it would be appropriate to add more comments
>>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to
>>> propose adding one of the u-boot targets that requires it, they might
>>> just go ahead and re-add the openssl input...
>>
>> There’s always a risk.  I guess we’ll have to be careful when doing
>> reviews.
>
> Sure. I was thinking maybe putting a comment in the native-inputs where
> "openssl" was removed, but wasn't sure what the conventions might be.

Yeah that would have worked I guess.

>> In addition, we can add a ‘lint’ checker for this case, WDYT?
>
> Does the lint checker have a way to identify a confidence level,
> e.g. *maybe* it has this issue vs. *certainly*? Is there a way to
> override the lint checker issues for known false positives? Otherwise,
> it might just be annoying noise for packagers where it isn't
> appropriate.

No it doesn’t have that notion of a confidence level.

The warning could be triggered only when a package is GPL’d and has a
direct dependency on OpenSSL (we’d forget about indirect dependencies in
this case.)  The noise would be rather limited and justified in this
case, I think.  WDYT?

Thanks,
Ludo’.