On 16-Mar-2014, Jamie Nguyen wrote: > ledger bundles an SHA-1 C++ implementation by Paul E. Jones which is > licensed under a "Freeware Public License". This license does not allow > modification and therefore does not adhere to the DFSG.
The upstream source for ‘ledger’ contains separate files for each license: * doc/LICENSE.rtf * doc/LICENSE-utfcpp * doc/LICENSE-sha1 * doc/LICENSE Each of these need to be described in ‘debian/copyright’. As Jamie says, the ‘doc/LICENSE-sha1’ contains a copyright notice and license text; the license terms are non-free (permission is not granted to redistribute modified versions, failing DFSG §3). > There was a similar issue with the "orthanc" package. This was resolved > when the upstream author switched to a different library with a license > compatible with the DFSG: In the case of SHA-1, there are numerous implementations; some of them (e.g. <URL:http://www.tamale.net/sha1/>) are licensed under free software terms. The package maintainer could replace the non-free files with a free equivalent, and changing any relevant function calls to match, thereby resolving this bug. Then, provide the patch to the ‘ledger’ upstream maintainer, helping them to resolve the issue in a future version. -- \ “Always code as if the guy who ends up maintaining your code | `\ will be a violent psychopath who knows where you live.” —John | _o__) F. Woods | Ben Finney <[email protected]>
signature.asc
Description: Digital signature
