Your message dated Mon, 08 Nov 2021 23:33:59 +0000
with message-id <[email protected]>
and subject line Bug#996866: fixed in cyrus-sasl2 2.1.27+dfsg-2.3
has caused the Debian Bug report #996866,
regarding cyrus-sasl2: Reconsider package license
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
996866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996866
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cyrus-sasl2
Priority: important
Hi,
Considering helping you with the package (you RFHed it), I had a look at it.
Please reconsider the package license, at least for the patches. Currently you have
debian/* licensed under GPL-3+, which means that all the debian/patches/* files are
GPL-3+. This has two problems:
1) cyrus-sasl2 is a basic package that is used by many packages that might not expect to
have GPL-3+ in their dependency trees. Especially GPL-2-only licensed packages are not
compatible with GPL-3+.
2) Supposedly, GPL (any version) itself is incompatible with the advertisement clause in
BSD-4-clause. While the University of California has issued an official statement that
this clause can be ignored for their software, I do not know of any such statement from
Carnegie Mellon University. So it should be fairly controversial if Debian's patched
cyrus-sasl2 binaries are legally distributable.
Maybe, some of the patches are not copyrightable, but a clarification would be very
appreciated. I am also copying Dima as he is not listed on the current Uploaders list but
is one of the copyright holders.
Thanks,
Bastian
--- End Message ---
--- Begin Message ---
Source: cyrus-sasl2
Source-Version: 2.1.27+dfsg-2.3
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cyrus-sasl2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated cyrus-sasl2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Nov 2021 21:58:22 +0100
Source: cyrus-sasl2
Architecture: source
Version: 2.1.27+dfsg-2.3
Distribution: unstable
Urgency: medium
Maintainer: Debian Cyrus Team <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 722611 996866
Changes:
cyrus-sasl2 (2.1.27+dfsg-2.3) unstable; urgency=medium
.
* Non-maintainer upload.
* d/watch: Check the github releases page
* Get rid of a patch's patch
* Recover upstream-compatible patch license (Closes: #996866)
+ Relicense libobj patch
* Fix lintian: unused-override
* Patch: Prevent double free of RC4 context (Closes: #722611)
* Rename double-prefix patches
.
[ Debian Janitor ]
* Trim trailing whitespace.
* Use secure copyright file specification URI.
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Re-export upstream signing key without extra signatures.
* Set upstream metadata fields: Bug-Database, Bug-Submit (from ./configure),
Repository, Repository-Browse.
* Fix day-of-week for changelog entry 2.1.7-1.
* Avoid explicitly specifying -Wl,--as-needed linker flag.
Checksums-Sha1:
b704c3701d3381706ac9597116a1f8e4179af501 3227 cyrus-sasl2_2.1.27+dfsg-2.3.dsc
43ef0bcdc643605c7ff52ba451113da6dbd26439 95964
cyrus-sasl2_2.1.27+dfsg-2.3.debian.tar.xz
5cacce74586b3e008a71c89643942e33d2b245c9 8963
cyrus-sasl2_2.1.27+dfsg-2.3_source.buildinfo
Checksums-Sha256:
ac81af7047f7b87b34fd30a612b0cf815084c76e1d5f9498222af31933ea3d0a 3227
cyrus-sasl2_2.1.27+dfsg-2.3.dsc
718b9666a7f469da6a9ffe2967a52417170831ffdff953148610d800903ce30b 95964
cyrus-sasl2_2.1.27+dfsg-2.3.debian.tar.xz
982909153baf3ea96e6e3441368c95f3a35354bcd522499daa583facfcaea4fc 8963
cyrus-sasl2_2.1.27+dfsg-2.3_source.buildinfo
Files:
405f4b774d7e2ab4ff92954db2d25fe3 3227 libs standard
cyrus-sasl2_2.1.27+dfsg-2.3.dsc
9b406a7f953862c586fd50b386086d08 95964 libs standard
cyrus-sasl2_2.1.27+dfsg-2.3.debian.tar.xz
5dc6344fb22932b0f3bf101ac7f907f3 8963 libs standard
cyrus-sasl2_2.1.27+dfsg-2.3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmGFuWEACgkQH1x6i0VW
QxRqqAv7BNeuipPM8nW6zRSg+HyLLIOmJ+akMLqm2NNEfIJdTkRswOLl+ln8vy/u
xSNISFXHH0GYB43cws7EOnJr5al1l1/0fVbqC/Ees/V/VUI7FVTaKpW56QsaF/u1
MCUWGnC8cg8xtYCnZiJfdE1e4o04RYfReT4yF7XWVhwRqIyBbfBUv46ndk5RscLr
y0iB90mKvu45pKHc+DdG235OT9NEodD3CAe/HvxIQjfkIEkqFvuRzqVTtaUML2rk
ldbiNo3F98Ra+szGCEEFQAWaliy5z3Cbja+fjGLRWlFbH5DHiiYr0uk3rXz45/S1
zk4iXmN6kZYYeP8RyM+XO74BRh+8dG3OnL8LWMFBuNnY9QQeZpvOJ5/DNeeSMr2S
kdO0q2QOrp85D3ikHxSPUXc74ITltr6NdgoaLb8KbdczUbKjgxy7XCztwIrH2f7d
mYTddUATR6lNp2+w+BAjGAdN2P2QZmhsxf0jlbAcBx1Bi0G5RmtDHuCQl/WolZJ2
MotsmdWL
=eiq8
-----END PGP SIGNATURE-----
--- End Message ---
