From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly
	others
Date: Sat, 09 Mar 2019 22:57:21 +0100
Message-ID: <87h8cb4sou.fsf@gnu.org>
References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org>
	<87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder>
	<871s3his1i.fsf@gnu.org> <87k1h9i3gl.fsf@ponder>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:53477)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h2jyl-00075f-2g
	for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h2jyk-0007P0-CL
	for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:52168)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1h2jyk-0007Op-7u
	for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h2jyk-0004K0-3V
	for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:02 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.34717.B34717.155216865316578@debbugs.gnu.org>
In-Reply-To: <87k1h9i3gl.fsf@ponder> (Vagrant Cascadian's message of "Fri, 08
	Mar 2019 11:14:02 -0800")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Vagrant Cascadian <vagrant@debian.org>
Cc: 34717@debbugs.gnu.org

Vagrant Cascadian <vagrant@debian.org> skribis:

> On 2019-03-08, Ludovic Court=C3=A8s wrote:
>> Vagrant Cascadian <vagrant@debian.org> skribis:
>>> I'm not sure where it would be appropriate to add more comments
>>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to
>>> propose adding one of the u-boot targets that requires it, they might
>>> just go ahead and re-add the openssl input...
>>
>> There=E2=80=99s always a risk.  I guess we=E2=80=99ll have to be careful=
 when doing
>> reviews.
>
> Sure. I was thinking maybe putting a comment in the native-inputs where
> "openssl" was removed, but wasn't sure what the conventions might be.

Yeah that would have worked I guess.

>> In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, =
WDYT?
>
> Does the lint checker have a way to identify a confidence level,
> e.g. *maybe* it has this issue vs. *certainly*? Is there a way to
> override the lint checker issues for known false positives? Otherwise,
> it might just be annoying noise for packagers where it isn't
> appropriate.

No it doesn=E2=80=99t have that notion of a confidence level.

The warning could be triggered only when a package is GPL=E2=80=99d and has=
 a
direct dependency on OpenSSL (we=E2=80=99d forget about indirect dependenci=
es in
this case.)  The noise would be rather limited and justified in this
case, I think.  WDYT?

Thanks,
Ludo=E2=80=99.