[Pkg-iscsi-maintainers] open-iscsi vs. open-isns vs. openssl licensing issues
Ritesh Raj Sarraf
rrs at debian.org
Tue Jul 26 08:53:41 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello Christian,
On Mon, 2016-07-25 at 21:08 +0200, Christian Seiler wrote:
> Hi Ritesh,
>
> I was just working on updating open-iscsi to the newest upstream git
> snapshot. During an initial test build, lintian gave me
>
Thanks. This will be good because I just noticed that Mike has cleaned-up isns
from open-iscsi repo.
> E: possible-gpl-code-linked-with-openssl
>
> After checking this, there's the following problem:
>
> - libisns.so.0 (package libisns0, libisns-dev) links against
> -lcrypto of OpenSSL
>
> open-isns is LGPL -> linking against OpenSSL is OK
>
> - newer open-iscsi wants to link against external libisns0
>
> open-iscsi is GPL -> linking against OpenSSL is _not_ OK
> (even indirectly)
>
> So yeah, lintian is correct here. Unfortunately, I didn't notice that
> before packaging open-isns. (open-isns can link against OpenSSL just
> fine, so lintian didn't complain.) :-(
>
> Funnily enough, open-iscsi doesn't use libisns for anything related
> to OpenSSL (the functionality is not used, open-iscsi's iSNS
> discovery is always unauthenticated), so this isn't really a technical
> problem.
>
Great. So no functionality should break
> From what I can tell, the simplest solution would probably be:
>
> - update open-isns to create a new library libisns-nocrypto.so.0
> that doesn't link against -lcrypto
> (there's a configure flag in open-isns to build that, so one
> could easily build the library twice when building open-isns,
> once regularily with -lcrypto, once without; I'd simply put it
> in the same package libisns0 for simplicity)
>
> - locally patch open-iscsi to build against -lisns-nocrypto
> instead of -lisns -lcrypto
>
> Before I go and do that I'd like to ask you if you agree with
> that solution? (While the change itself is not complicated, it
> is not just some packaging change or some porting fix that I'd
> simply do without asking, but rather some more fundamental change
> I'd like a second opinion on.)
>
This is good. In the past we had disabled ssl in isns, when it was in the open-
iscsi repo. But this is a much cleaner approach.
Thanks,
Ritesh
- --
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXlyUVAAoJEKY6WKPy4XVpdN4QAIf3uSn2HLi6VriLzA8d16h1
QpNhOofJo+VPVn1E9PS+janV5ONnw7GMyAzY0vpHmWwbUZshkoqw2Vc68UzMgFtk
eOtFeA7ra4IJ2txHrEKO6qaiirm8MSd01DLCX4bMBrqqjAa9H5Q6ZXK/LdSqOdoK
C9HAPg700XXthCztCZ/+Y/OmokIk/Or0Gfp7nHesRY/6KT9+Hqqz1wUk3OeOx1rw
c/MIdUBf0Q7X782m9GpNpXAMZ9xkBjTLPXMunpi3uT7cX2dlibOiqFOa1ug7vCu0
pV/sEJGLBchYO638OU2td5QKpn1BdKd+kH1Xv6G1C+O3ZcbMpksB/Fu7nXvEtUhT
2j6jMtJ/88acU4V6TO9oRxe6JvmuIXP4cmgecHFKLn/QeVYeDlcPAADN4tCiwUcR
sQrvqAtQTiYOfVctlERLENVZGRlInHZO7YnF86idrvHsshDwmoCFxAZamvmL4Zqh
/R5Pdf+XY0H1PdCOUnv+4vwRsjPACV6e+WY0bB1JoVu/XTr4elIvWjLMm84RvXEJ
kVou/xX/p/1wRXlXxM2Ar/oHCYLmn+kwkGG5FwxWfLGSJGtj8OcC5G1F1D1HOcP2
BYo4moXpeGrxp02Fu07vNCyt3gWEJBWcaXZNQtGaLoKyeHoSMeUYFc6jSiD/hfTz
+VzL6SD2El6Axq9q8iUR
=ggQ0
-----END PGP SIGNATURE-----
More information about the Pkg-iscsi-maintainers
mailing list