Re: libapache2-mod-security2

Hi Gary,

On Friday 15 February 2008, Gary Koskenmaki wrote:
> Why was the subject of this email completely dropped from the
> Debian archives? This is an extremely useful tool. I understand
> why it isn't in main, but why couldn't it just have been moved to
> non-free rather than being dropped? Debian carries completely
> proprietary packages such as flash, ati drivers, nvidia drivers,
> etc... so why the complete dropping of such an excellent security
> tool?

The problem that modsecurity is licensed under GPL v2 which is not compatible with the Apache license 2.0. It is not allowed to distribute Apache 2 and modsecurity together, and (AIUI) Debian thinks that even if modsecurity were put into non-free, it would still be distributed together with Debian main which includes Apache 2. From
http://www.thinkingstone.com/about/legal/licensing-clarifications.html:

"However, it is not possible to combine ModSecurity licensed under GPLv2 with the Apache web server and distribute the combination. There is an incompatibility between GPLv2 and the Apache licences that is triggered when distribution takes place."

>From

https://bugs.launchpad.net/ubuntu/+source/libapache-mod-security/+bug/19832:

"Actually, Alberto González did contact upstream, who stated he isn't willing to change the licence, and the conflict between them is on purpose (business decision)."

> I don't really understand the logic of the decision in the context
> of non-free repositories being available.

It's the decision of the modsecurity authors.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

Also, Debian non-free does not have security support. Distributing a security tool that might need security updates in non-free would be suboptimal anyway.

Cheers,
Stefan Received on Sat Feb 16 05:38:27 2008