Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: devel

[fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")]

  

 
ClamAV devel RSS feed   Index | Next | Previous | View Threaded


steve at lobefin

Jan 23, 2009, 5:21 PM

Post #1 of 11 (1488 views)
Permalink
[fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")]
I've just received the bug report below via the Debian bug tracking
system. There's obviously not a whole lot I can do about it myself, but
I just thought I'd bring it to your attention.

Cheers,
--
--------------------------------------------------------------------------
| Stephen Gran | Your job is being a professor and |
| steve[at]lobefin.net | researcher: That's one hell of a good |
| http://www.lobefin.net/~steve | excuse for some of the brain-damages of |
| | minix. -- Linus Torvalds to Andrew |
| | Tanenbaum |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)


steve at lobefin

Jan 23, 2009, 5:31 PM

Post #2 of 11 (1427 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Sat, Jan 24, 2009 at 01:21:34AM +0000, Stephen Gran said:
> I've just received the bug report below via the Debian bug tracking
> system. There's obviously not a whole lot I can do about it myself, but
> I just thought I'd bring it to your attention.

Oh damn. I forgot how the list strips attachments. Well, it's viewable
here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512776

Sorry about that.
--
--------------------------------------------------------------------------
| Stephen Gran | If you don't have a nasty obituary you |
| steve[at]lobefin.net | probably didn't matter. -- Freeman |
| http://www.lobefin.net/~steve | Dyson |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)


tkojm at clamav

Jan 24, 2009, 2:17 AM

Post #3 of 11 (1429 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Sat, 24 Jan 2009 01:21:34 +0000
Stephen Gran <steve[at]lobefin.net> wrote:

> I've just received the bug report below via the Debian bug tracking
> system. There's obviously not a whole lot I can do about it myself, but
> I just thought I'd bring it to your attention.

Yeah, we got this information as well:

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1366

Thanks,

--
oo ..... Tomasz Kojm <tkojm[at]clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Sat Jan 24 11:16:10 CET 2009
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


steve at lobefin

Jan 24, 2009, 2:41 PM

Post #4 of 11 (1426 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Sat, Jan 24, 2009 at 11:17:02AM +0100, Tomasz Kojm said:
> On Sat, 24 Jan 2009 01:21:34 +0000
> Stephen Gran <steve[at]lobefin.net> wrote:
>
> > I've just received the bug report below via the Debian bug tracking
> > system. There's obviously not a whole lot I can do about it myself, but
> > I just thought I'd bring it to your attention.
>
> Yeah, we got this information as well:
>
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1366

As I understand the issue, the problem is that the GPLv2 does not allow
for the extra restrictions imposed by the LGPLv3, and this is what make
the two licenses incompatible (i.e., the problem is solely in clamav's
court, not GMP's).

So, I think that if the clamav team could make a public license
excemption for this linking, the problems for distributors goes away.
It would be great if it was in the licensing statement in the release,
but failing that, a mail to the mailing list would probably be enough
for me to convince our archive administrators that it's ok. This of
course assumes that the clamav team holds all the copyright for the code
that links GMP, which, given that the #include gmp.h is in the library,
might be slightly difficult.

If you guys don't have the copyright, or can't grant the excemption for
other reasons, distributors like myself will most likely have to build
without gmp going forward, which seem unfortunate.

Cheers,
--
--------------------------------------------------------------------------
| Stephen Gran | Chess tonight. |
| steve[at]lobefin.net | |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)


rurban at x-ray

Jan 26, 2009, 11:47 AM

Post #5 of 11 (1393 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
Stephen Gran schrieb:
> If you guys don't have the copyright, or can't grant the excemption for
> other reasons, distributors like myself will most likely have to build
> without gmp going forward, which seem unfortunate.

Well, we could link against gmp-4.2.1 which has still the old license.
For cygwin we would have to create a gmp-compat package based on gmp-4.2.1
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


tkojm at clamav

Jan 26, 2009, 12:15 PM

Post #6 of 11 (1397 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Mon, 26 Jan 2009 20:47:48 +0100
Reini Urban <rurban[at]x-ray.at> wrote:

> Stephen Gran schrieb:
> > If you guys don't have the copyright, or can't grant the excemption for
> > other reasons, distributors like myself will most likely have to build
> > without gmp going forward, which seem unfortunate.
>
> Well, we could link against gmp-4.2.1 which has still the old license.
> For cygwin we would have to create a gmp-compat package based on gmp-4.2.1

The problem has been fixed in SVN - we're now using LibTomMath (bundled with
ClamAV) instead of libgmp.

Thanks,

--
oo ..... Tomasz Kojm <tkojm[at]clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Mon Jan 26 21:12:36 CET 2009
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


steve at lobefin

Jan 26, 2009, 12:35 PM

Post #7 of 11 (1393 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Mon, Jan 26, 2009 at 09:15:14PM +0100, Tomasz Kojm said:
> On Mon, 26 Jan 2009 20:47:48 +0100
> Reini Urban <rurban[at]x-ray.at> wrote:
>
> > Stephen Gran schrieb:
> > > If you guys don't have the copyright, or can't grant the excemption for
> > > other reasons, distributors like myself will most likely have to build
> > > without gmp going forward, which seem unfortunate.
> >
> > Well, we could link against gmp-4.2.1 which has still the old license.
> > For cygwin we would have to create a gmp-compat package based on gmp-4.2.1

Distributors like Debian and Redhat generally don't keep old versions of
libraries laying around, so it's not all that great a solution.

> The problem has been fixed in SVN - we're now using LibTomMath (bundled with
> ClamAV) instead of libgmp.

Can we make it a configure option to use the system version of the
library instead? (Debian currently ships 0.39, which appears to have been
around a while and should be reasonably close to whatever version you're
going to pick) I vastly prefer that in the general case; all the usual
arguments about security support and memory footprint and etc. apply -
I'll take it as read that we all know them :)

If you're not interested in that work, or it seems difficult and you
have better things to do, let me know and I'll have a look.

Cheers,
--
--------------------------------------------------------------------------
| Stephen Gran | You know, Callahan's is a peaceable |
| steve[at]lobefin.net | bar, but if you ask that dog what his |
| http://www.lobefin.net/~steve | favorite formatter is, and he says |
| | "roff! roff!", well, I'll just have |
| | to... |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)


rurban at x-ray

Jan 27, 2009, 5:43 AM

Post #8 of 11 (1397 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
Stephen Gran schrieb:
> On Mon, Jan 26, 2009 at 09:15:14PM +0100, Tomasz Kojm said:
>> On Mon, 26 Jan 2009 20:47:48 +0100
>> Reini Urban <rurban[at]x-ray.at> wrote:
>>
>>> Stephen Gran schrieb:
>>>> If you guys don't have the copyright, or can't grant the excemption for
>>>> other reasons, distributors like myself will most likely have to build
>>>> without gmp going forward, which seem unfortunate.
>>> Well, we could link against gmp-4.2.1 which has still the old license.
>>> For cygwin we would have to create a gmp-compat package based on gmp-4.2.1
>
> Distributors like Debian and Redhat generally don't keep old versions of
> libraries laying around, so it's not all that great a solution.

Cygwin neither. So I'm happy with LibTomMath.

I wonder if you can hold against the GPL3 any longer :)

>> The problem has been fixed in SVN - we're now using LibTomMath (bundled with
>> ClamAV) instead of libgmp.
>
> Can we make it a configure option to use the system version of the
> library instead? (Debian currently ships 0.39, which appears to have been
> around a while and should be reasonably close to whatever version you're
> going to pick) I vastly prefer that in the general case; all the usual
> arguments about security support and memory footprint and etc. apply -
> I'll take it as read that we all know them :)
>
> If you're not interested in that work, or it seems difficult and you
> have better things to do, let me know and I'll have a look.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


steve at lobefin

Feb 19, 2009, 5:13 PM

Post #9 of 11 (1298 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Sat, Jan 24, 2009 at 11:17:02AM +0100, Tomasz Kojm said:
> On Sat, 24 Jan 2009 01:21:34 +0000
> Stephen Gran <steve[at]lobefin.net> wrote:
>
> > I've just received the bug report below via the Debian bug tracking
> > system. There's obviously not a whole lot I can do about it myself, but
> > I just thought I'd bring it to your attention.
>
> Yeah, we got this information as well:
>
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1366

Now that I've been doing some looking, I see that there is also a
bundled -ltdl in the source tree. I'm not aware of any license issues
with libtool (although as it's an FSF project, I wouldn't be surprised
to see it move to v3 in the future). Is this just a convenience copy,
or is because of a license problem I'm unaware of?

If it's just a convenience copy, can we give it the same treatment, and
preferentially use the system copy? It'll probably mean patching the
version of the ltdl m4 that you have in favor of something that doesn't
produce totally broken make targets when you try to get it to use the
system libtool.

Currently, if you pass --with-ltdl-dir=/usr/lib, it add -L/usr/lib as
a preprequisite, and if you pass --with-ltdl-dir=/usr/lib/libltdl.la,
configure goes off and looks for /usr/lib/libltdl.la/libltdl.la and
doesn't find it and exits.

Grrr.
--
--------------------------------------------------------------------------
| Stephen Gran | Look before you leap. -- Samuel |
| steve[at]lobefin.net | Butler |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)


edwintorok at gmail

Feb 20, 2009, 1:52 AM

Post #10 of 11 (1295 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On 2009-02-20 03:13, Stephen Gran wrote:
> Now that I've been doing some looking, I see that there is also a
> bundled -ltdl in the source tree. I'm not aware of any license issues
> with libtool (although as it's an FSF project, I wouldn't be surprised
> to see it move to v3 in the future). Is this just a convenience copy,
> or is because of a license problem I'm unaware of?
>
> If it's just a convenience copy, can we give it the same treatment, and
> preferentially use the system copy? It'll probably mean patching the
> version of the ltdl m4 that you have in favor of something that doesn't
> produce totally broken make targets when you try to get it to use the
> system libtool.
>
> Currently, if you pass --with-ltdl-dir=/usr/lib, it add -L/usr/lib as
> a preprequisite, and if you pass --with-ltdl-dir=/usr/lib/libltdl.la,
> configure goes off and looks for /usr/lib/libltdl.la/libltdl.la and
> doesn't find it and exits.
>

It already picks the system ltdl, *IF* you have libltdl7-dev installed
(which is currently in experimental, waiting to be uploaded in sid).
It won't work with an older ltdl, and I don't think it would be wise to
downgrade libtool.

ldd clamscan/.libs/clamscan
linux-vdso.so.1 => (0x00007fff0c5fe000)
libclamav.so.5 => /usr/local/lib/libclamav.so.5 (0x0000003ed4200000)
libltdl.so.7 => /usr/lib/libltdl.so.7 (0x00007f78041a9000)
libbz2.so.1.0 => /lib/libbz2.so.1.0 (0x0000003ee7800000)
libz.so.1 => /usr/lib/libz.so.1 (0x0000003ed6000000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f7803fa5000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f7803d8a000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f7803b73000)
libc.so.6 => /lib/libc.so.6 (0x00007f7803820000)
/lib64/ld-linux-x86-64.so.2 (0x00007f78043b2000

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


steve at lobefin

Feb 20, 2009, 3:02 AM

Post #11 of 11 (1291 views)
Permalink
Re: [fabio.ped@libero.it: [Pkg-clamav-devel] Bug#512776: License incompatibility with libgmp ("GPLv2 only" linking to "LGPLv3 or later")] [In reply to]
On Fri, Feb 20, 2009 at 11:52:17AM +0200, Török Edwin said:
> On 2009-02-20 03:13, Stephen Gran wrote:
> > Now that I've been doing some looking, I see that there is also a
> > bundled -ltdl in the source tree. I'm not aware of any license issues
> > with libtool (although as it's an FSF project, I wouldn't be surprised
> > to see it move to v3 in the future). Is this just a convenience copy,
> > or is because of a license problem I'm unaware of?
> >
> > If it's just a convenience copy, can we give it the same treatment, and
> > preferentially use the system copy? It'll probably mean patching the
> > version of the ltdl m4 that you have in favor of something that doesn't
> > produce totally broken make targets when you try to get it to use the
> > system libtool.
> >
> > Currently, if you pass --with-ltdl-dir=/usr/lib, it add -L/usr/lib as
> > a preprequisite, and if you pass --with-ltdl-dir=/usr/lib/libltdl.la,
> > configure goes off and looks for /usr/lib/libltdl.la/libltdl.la and
> > doesn't find it and exits.
> >
>
> It already picks the system ltdl, *IF* you have libltdl7-dev installed
> (which is currently in experimental, waiting to be uploaded in sid).
> It won't work with an older ltdl, and I don't think it would be wise to
> downgrade libtool.

Ah, that's all right then - I can just wait on that making it to
unstable to develop against it.

Cheers,
--
--------------------------------------------------------------------------
| Stephen Gran | "I'd love to go out with you, but I'm |
| steve[at]lobefin.net | taking punk totem pole carving." |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)

ClamAV devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.