On 12/17/2013 10:06 PM, Florian Weimer wrote:
On 12/17/2013 02:57 PM, Tom Callaway wrote:
> On 12/16/2013 01:00 PM, Florian Weimer wrote:
>> On 11/21/2013 04:59 PM, Tom Callaway wrote:
>>> On 11/21/2013 03:42 AM, Florian Weimer wrote:
>>>> What's the procedure for resolving such potential issues? Post it
>>>> and ask for advice?
>> Okay, my concern is with the jbigkit (GPLv2+) dependency of libtiff
>> (under its own, MIT-like license). The GPLed code is used to decode
>> JBIG1 parts of TIFF images.
> Okay. Is there a specific libtiff consumer that is GPLv2+ incompatible?
graphviz (EPL), hylafax+ (libtiff and BSD with advertising), gnuplot.
InsightToolkit (ASL 2.0) might qualify as well, depending on whether the
GPLv3 upgrade can heal the original GPlv2 vs ASL 2.0 conflict. Same for
ghostscript (AGPLv3+ and Redistributable, no modification permitted).
These are only direct dependencies. Indirect dependencies will need
some coding before I can come up with a list.
Are there any final comments on this matter?
Florian Weimer / Red Hat Product Security Team