From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id gJgZIysqc2GUQgAAgWs5BA (envelope-from ) for ; Fri, 22 Oct 2021 23:16:27 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id EFe7Hisqc2EWGQAA1q6Kng (envelope-from ) for ; Fri, 22 Oct 2021 21:16:27 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1D2948AC6 for ; Fri, 22 Oct 2021 23:16:27 +0200 (CEST) Received: from localhost ([::1]:59850 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1me1tq-0004ap-2h for larch@yhetil.org; Fri, 22 Oct 2021 17:16:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36932) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1me1sh-0004aB-Pn for guix-devel@gnu.org; Fri, 22 Oct 2021 17:15:16 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:58266) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1me1sf-0005dr-Jh for guix-devel@gnu.org; Fri, 22 Oct 2021 17:15:15 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 64C741AA2C; Fri, 22 Oct 2021 14:15:04 -0700 (PDT) From: Vagrant Cascadian To: Leo Famulari Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> Date: Fri, 22 Oct 2021 14:15:00 -0700 Message-ID: <87fsssoj6z.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@debian.org; helo=cascadia.aikidev.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, 34717@debbugs.gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634937387; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=c62PW6aShvqPYNZu8g1MGdNx6wyY/D7xTSmnIEoBqP0=; b=eYlb5W5Rr8Ol3Mwj3X5XAoOO3AdIQR1NiZihli+4wa8IfmqFxFIjrdcDWcVdhX+b2XYuC1 6M2Nofaj3MEDZPuk+nAGF4jqaHZTHP+glS7t1+z4pr2ruRkQUmyB16xC+eUM1rwiqPIz7D oFGOc1GzNFy3lp7KMYTiqpjY89iLfKJCsQwjWhIJ9YnDnfMuM0MO6L+rchXoW6rbVHKHdq 22U/WMXkQGSfuxrjy8MisgeCdtmwYdSYVlRf331vV1H4GKSEV8I1Rod4xpcA9055OmtuOM poAK+9lQyAkxlJKwjUhbnu82Wp+m4xIsPRJa1LTtDh4cHN70By5zoI8azY4nIQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634937387; a=rsa-sha256; cv=none; b=BZCxM2RQEKcGX+t/dZEUoeFvAjtn43uxJEFviOfdB1rrfgXkOiW8+khRgKLPJcR0wEulj+ MDCTm2iQhNA8rCKeQG0Wq7hlpTLb5sh0I3HKg4wF1bw0T8Z9J0IDiKK5v4MQOl6PbSU0gY uF1Vp71SywUFfSbKkQy7aMEYZ8uxrMDeMyadwqiED2wiHUVucUhNv137xAACw/VpXuxqll 95F/0IFHEZ4lzg1qMyJsDFb0DJ1eHq/k7nxCPYwcisquhsBOhVWxwCtGliWs8qRDyjdgcY aoRfbm/5V6v38Dmawqtfw/uMY8h4tQC4eNN68NAH6GxfB96EURZ8J8jw//Ur3Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.53 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 1D2948AC6 X-Spam-Score: -2.53 X-Migadu-Scanner: scn0.migadu.com X-TUID: 6WtI2DfviCHG --=-=-= Content-Type: text/plain On 2021-10-22, Leo Famulari wrote: > On Thu, Oct 21, 2021 at 11:17:03PM -0700, Vagrant Cascadian wrote: >> While openssl 3.0 is licensed compatibly with GPLv3, u-boot has portions >> which are GPLv2-only, so that's not as attractive of a way forward as >> one might hope for... > > What are other distros doing? Surely we can't be the only group > distributing u-boot? Both fedora and (recently) debian have openssl declared as a system library, invoking the GPL's system library exception... which I personally find at best to be a grey area workaround. I wouldn't be surprised if most distros simply ignore the issue entirely. Interestingly, today I was called in on a relevent discussion on the u-boot mailing list: https://lists.denx.de/pipermail/u-boot/2021-October/464529.html Though, it is *possible* that various u-boot-BOARD in some cases doesn't include any openssl code at all in the resulting binaries, but builds some tools used during the build process, that are then used to produce various cryptographic signatures in the build: https://lists.denx.de/pipermail/u-boot/2021-October/464533.html If that's true, it should be ok for various boards (though the possibility of openssl code getting linked in would be hard to catch). u-boot-tools would still need a viable workaround, though. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYXMp1QAKCRDcUY/If5cW qu0wAP9qDXN8FxaMiOU6E/dilauNpVEPnvqtYhi1pxXb7Z2z4AD5AVhfL9squoCc XofEkqgqQEIlUdOZMN3DLHt7yIJjwQE= =05U9 -----END PGP SIGNATURE----- --=-=-=--