From: Jason Zaman <jason@perfinion.com>
To: Joshua Brindle <brindle@quarksecurity.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
"selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Subject: Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
Date: Wed, 21 Oct 2015 02:45:45 +0800 [thread overview]
Message-ID: <20151020184545.GA5255@meriadoc> (raw)
In-Reply-To: <56264829.5040609@quarksecurity.com>
On Tue, Oct 20, 2015 at 09:56:57AM -0400, Joshua Brindle wrote:
> Stephen Smalley wrote:
> > On 10/20/2015 09:42 AM, Joshua Brindle wrote:
> >> Stephen Smalley wrote:
> >> <snip>
> >>>
> >>> Wondering if dependency on openssl might be a license issue for Debian
> >>> or others. Apparently openssl license is considered GPL-incompatible [1]
> >>> [2], and obviously libselinux is linked by a variety of GPL-licensed
> >>> programs. Fedora seems to view this as falling under the system library
> >>> exception [3] but not clear that other distributions would view it that
> >>> way. On the other hand, using gnutls would be subject to the reverse
> >>> problem; it would make libselinux depend on a LGPL library, and that
> >>> could create issues for non-GPL programs that statically link
> >>> libselinux. We might need to revert this change and revisit how to solve
> >>> this in a manner that avoids such issues.
> >>
> >> LGPL explicitly allows non-GPL programs to link against an LGPL licensed
> >> library without tainting the non-GPL program, which is the whole point
> >> of the LGPL. Is there some other issue with static linking or something?
> >
> > Yes, that's the concern.
>
> So, not static linking but a fully static binary that would pull gnutls
> into the binary?
>
> What static binaries exist like that? It is not a great idea to carry
> around system level libraries statically.
>From a quick look through Gentoo, we have a USE-flag to build busybox
and LVM and a few other core tools statically which requres libselinux.a
too.
-- Jason
prev parent reply other threads:[~2015-10-20 18:45 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-17 10:53 did libselinux grow a new build dependency? (openssl-devel: openssl.h) Dominick Grift
2015-10-18 12:48 ` Richard Haines
2015-10-18 14:07 ` Dominick Grift
2015-10-18 15:00 ` Richard Haines
2015-10-19 18:09 ` Stephen Smalley
2015-10-19 19:18 ` Stephen Smalley
2015-10-20 12:27 ` Richard Haines
2015-10-20 13:43 ` Stephen Smalley
2015-10-20 14:00 ` William Roberts
2015-10-20 14:39 ` Richard Haines
2015-10-20 14:49 ` William Roberts
2015-10-21 14:43 ` Richard Haines
2015-10-20 13:42 ` Joshua Brindle
2015-10-20 13:44 ` Stephen Smalley
2015-10-20 13:56 ` Joshua Brindle
2015-10-20 18:45 ` Jason Zaman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151020184545.GA5255@meriadoc \
--to=jason@perfinion.com \
--cc=brindle@quarksecurity.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.