[OpenIndiana-discuss] ghostscript / ImageMagick security problems
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Wed Aug 29 18:37:27 UTC 2018
This Debian discussion thread reveals why the introduction of AGPL
since Ghostscript 9.07 causes some concern for distributions:
https://lists.debian.org/debian-devel/2014/05/msg00144.html
The concern is that any program linking with an AGPL library becomes
itself AGPL licensed. The license for every program/library linking
with the Ghostscript library then needs to be examined to make sure
that it is compatible with it, and to assure that the terms are
honored.
If there is any modification (even one patch!), then it is required
that a remote user be able to download the modified source code from
the server where the modified "program" runs, including all source
code linked with it.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the openindiana-discuss
mailing list