[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#34717: GPL and Openssl incompatibilities in u-boot and possibly othe
|
From: |
Ludovic Courtès |
|
Subject: |
bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others |
|
Date: |
Sun, 10 Mar 2019 18:12:54 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hi,
Vagrant Cascadian <address@hidden> skribis:
> On 2019-03-09, Ludovic Courtès wrote:
>> Vagrant Cascadian <address@hidden> skribis:
>>> On 2019-03-08, Ludovic Courtès wrote:
>>>> Vagrant Cascadian <address@hidden> skribis:
>>>> In addition, we can add a ‘lint’ checker for this case, WDYT?
>>>
>>> Does the lint checker have a way to identify a confidence level,
>>> e.g. *maybe* it has this issue vs. *certainly*? Is there a way to
>>> override the lint checker issues for known false positives? Otherwise,
>>> it might just be annoying noise for packagers where it isn't
>>> appropriate.
>>
>> No it doesn’t have that notion of a confidence level.
>
> And I presume no overrides either, given no comment about that?
We could arrange for this lint “checker” to honor some per-package
property that would silence it. We do that with the ‘cve’ checker and
the ‘lint-hidden-cve’ property.
>> The warning could be triggered only when a package is GPL’d and has a
>> direct dependency on OpenSSL (we’d forget about indirect dependencies in
>> this case.) The noise would be rather limited and justified in this
>> case, I think. WDYT?
>
> The openssl package currently ships the "openssl" binary, as well as the
> libraries. I suspect there are at least three potential cases where a
> package might depend on it:
>
> * Calls the "openssl" binary as part of test suite or run-time. No
> licensing compatibility issue, no worries!
>
> * Using include files from the openssl headers; I guess you could search
> for "include .* openssl/*.h" in the source code. Might get some false
> positives. Can be run without actually even building it.
>
> * Linking against the library which should actually be easy to detect
> with ldd or other tools. Would need to build and then run the checks to
> be sure.
So for the 1st case we’d definitely need that property to tell ‘lint’
that everything is known-good.
‘guix lint’ does very inexpensive tests, so unpacking the tarball and
grepping it would be beyond its scope. However, if we can provide the
warning and people have a way to silence it, I guess we’re fine?
Thanks,
Ludo’.
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, (continued)
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Ludovic Courtès, 2019/03/06
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Danny Milosavljevic, 2019/03/06
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Vagrant Cascadian, 2019/03/06
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Vagrant Cascadian, 2019/03/07
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Ludovic Courtès, 2019/03/08
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Vagrant Cascadian, 2019/03/08
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Ludovic Courtès, 2019/03/09
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Vagrant Cascadian, 2019/03/09
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Jack Hill, 2019/03/09
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others,
Ludovic Courtès <=
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Ludovic Courtès, 2019/03/08
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Ludovic Courtès, 2019/03/08
- bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others, Adonay Felipe Nogueira, 2019/03/15