Stephen Smalley wrote:
On 10/20/2015 09:42 AM, Joshua Brindle wrote:
Stephen Smalley wrote:
<snip>
Wondering if dependency on openssl might be a license issue for Debian
or others. Apparently openssl license is considered GPL-incompatible [1]
[2], and obviously libselinux is linked by a variety of GPL-licensed
programs. Fedora seems to view this as falling under the system library
exception [3] but not clear that other distributions would view it that
way. On the other hand, using gnutls would be subject to the reverse
problem; it would make libselinux depend on a LGPL library, and that
could create issues for non-GPL programs that statically link
libselinux. We might need to revert this change and revisit how to solve
this in a manner that avoids such issues.
LGPL explicitly allows non-GPL programs to link against an LGPL licensed
library without tainting the non-GPL program, which is the whole point
of the LGPL. Is there some other issue with static linking or something?
Yes, that's the concern.
So, not static linking but a fully static binary that would pull gnutls
into the binary?
What static binaries exist like that? It is not a great idea to carry
around system level libraries statically.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
