View Issue Details

IDProjectCategoryView StatusLast Update
0015574CentOS-7gitpublic2018-12-13 00:22
Reporterbk2204 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0015574: Git is linked indirectly against OpenSSL
DescriptionGit is subject to the GNU General Public License, version 2. That license requires that the source code for all components linked into the binary be available under its terms; however, OpenSSL is not compatibly licensed and can't be distributed under those terms. The Git HTTP binaries are linked to libcurl, which is linked to libssh2, which is linked to libssl, which is part of OpenSSL. The provision which normally allows private parties to link their custom Git binaries against the system OpenSSL, the system library exception, does not apply to CentOS because CentOS distributes OpenSSL on the same mirrors alongside Git. Other distributors, such as Debian, refrain from even indirect linking against OpenSSL for the same reason.

This issue affects the rh-git29 package in Software Collections as well; however, I was unable to find a suitable entry in the bug tracking system for that package.

Could you please adjust the linking of Git such that it no longer links to OpenSSL?
Steps To Reproduce1. Spawn a CentOS 7 Docker container.
2. yum install git
3. ldd /usr/libexec/git-core/git-http-push | grep libssl.so
4. Note that the following line is listed:
        libssl.so.10 => /lib64/libssl.so.10 (0x00007f85875d2000)
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-12-13 00:22 bk2204 New Issue