[squid-users] Are there any distros with SSL Bump compiled by default?

Tim Bates tin at new-life.org.au
Fri May 20 10:35:52 UTC 2016

I'd seen this licensing issue mentioned briefly before, but now I 
actually understand what's going on. Thanks for explaining it in detail.

Good to know there's 2 paths moving along to solve the distro problem. I 
feel more confident in moving forward with my little project now that I 
know it's only going to be a temporary annoyance to recompile.

Thanks everyone who answered.


On 16/05/2016 7:25 PM, Amos Jeffries wrote:
> What is being attempted above is not a GPL violation AFAIK. So long as
> the Squid ./configure && make system is used to construct the binary and
> Squid source is not altered in any way by the builder.
> * GPL permits linking against OpenSSL because both softwares sources are
> available publicly.
> * It is GPL violation to distribute the OpenSSL and Squid sources
> together as parts of someting else. In source form.
> Thus distributors like Diladele can provide binary-only formats with no
> source changes to Squid or OpenSSL.
>    Each component of the offering is publicly available (GPL compliant)
> and the pieces of OpenSSL, Squid and the packaging source code are
> distributed via separate channels (OpenSSL compliant).
> Debian and Ubuntu distribute sources of all binaries as part of their OS
> repository. The very act of adding package install scripts causes the
> issue here. The repository would contain all of Squid + OpenSSL +
> packaging scripts source code.
> But, but, but....
> * It is OpenSSL violation to distribute any binary that does not
> advertise OpenSSL usage. In the binary outputs, even those not using
> OpenSSL logic (Ouch!). Unless the OS provides the library as part of its
> core system.
> Debian and Ubuntu use GnuTLS as the system preferrd library. OpenSSL
> license not being GPL compliant also makes it not DFSG compliant and so
> not part of the core OS repository. It and anything using it are in the
> non-free optional extras repository instead.
>   There are some suggestions to build and put a version of Squid in
> there. But that still collides with the previous GPL issue about sources
> being together in the repo.
> Adding advertising clauses in the way required by OpenSSL would make
> Squid binaries no longer be GPL compliant unless we got explicit written
> permission from everyone who contributed patches. A lot of contributors
> have long-dead emails, requested anonimity or some in fact are now
> physically deceased. So we are stuck at our end as well even with that.
> I am working on GnuTLS support as a side project, and the OpenSSL people
> are apparently working on fixing their license to be GPL compliant. It
> is a lot of work and going quite slow on both fronts. You can see some
> of my work reflected in the squid.conf changes of Squid-4, and the
> latest Debian/Ubuntu squidclient packages :-)
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list