From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Date: Sat, 09 Mar 2019 22:57:21 +0100 Message-ID: <87h8cb4sou.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87k1h9i3gl.fsf@ponder> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:53477) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h2jyl-00075f-2g for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h2jyk-0007P0-CL for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:52168) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h2jyk-0007Op-7u for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h2jyk-0004K0-3V for bug-guix@gnu.org; Sat, 09 Mar 2019 16:58:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87k1h9i3gl.fsf@ponder> (Vagrant Cascadian's message of "Fri, 08 Mar 2019 11:14:02 -0800") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Vagrant Cascadian Cc: 34717@debbugs.gnu.org Vagrant Cascadian skribis: > On 2019-03-08, Ludovic Court=C3=A8s wrote: >> Vagrant Cascadian skribis: >>> I'm not sure where it would be appropriate to add more comments >>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to >>> propose adding one of the u-boot targets that requires it, they might >>> just go ahead and re-add the openssl input... >> >> There=E2=80=99s always a risk. I guess we=E2=80=99ll have to be careful= when doing >> reviews. > > Sure. I was thinking maybe putting a comment in the native-inputs where > "openssl" was removed, but wasn't sure what the conventions might be. Yeah that would have worked I guess. >> In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, = WDYT? > > Does the lint checker have a way to identify a confidence level, > e.g. *maybe* it has this issue vs. *certainly*? Is there a way to > override the lint checker issues for known false positives? Otherwise, > it might just be annoying noise for packagers where it isn't > appropriate. No it doesn=E2=80=99t have that notion of a confidence level. The warning could be triggered only when a package is GPL=E2=80=99d and has= a direct dependency on OpenSSL (we=E2=80=99d forget about indirect dependenci= es in this case.) The noise would be rather limited and justified in this case, I think. WDYT? Thanks, Ludo=E2=80=99.