View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0015574||CentOS-7||git||public||2018-12-13 00:22||2018-12-13 00:22|
|Target Version||Fixed in Version|
|Summary||0015574: Git is linked indirectly against OpenSSL|
|Description||Git is subject to the GNU General Public License, version 2. That license requires that the source code for all components linked into the binary be available under its terms; however, OpenSSL is not compatibly licensed and can't be distributed under those terms. The Git HTTP binaries are linked to libcurl, which is linked to libssh2, which is linked to libssl, which is part of OpenSSL. The provision which normally allows private parties to link their custom Git binaries against the system OpenSSL, the system library exception, does not apply to CentOS because CentOS distributes OpenSSL on the same mirrors alongside Git. Other distributors, such as Debian, refrain from even indirect linking against OpenSSL for the same reason.|
This issue affects the rh-git29 package in Software Collections as well; however, I was unable to find a suitable entry in the bug tracking system for that package.
Could you please adjust the linking of Git such that it no longer links to OpenSSL?
|Steps To Reproduce||1. Spawn a CentOS 7 Docker container.|
2. yum install git
3. ldd /usr/libexec/git-core/git-http-push | grep libssl.so
4. Note that the following line is listed:
libssl.so.10 => /lib64/libssl.so.10 (0x00007f85875d2000)
|Tags||No tags attached.|