Package: krb5 Version: 1.15~beta1-1 Severity: serious Hi, we were made aware of a license violation in krb5 - but the issue applies to Debian just as well so I wanted to report to you as well
In the file src/ccapi/common/win/OldCC/autolock.hxx is a reference to the Alladin license. There is no actual copy of the license file included and no other mentioning of it, just the hxx files boilerplate mentioning. The License is listed to be a reason to make a package part of "non-free" at https://www.debian.org/legal/licenses/. Be careful when checking for it, while the Licence really is "Aladin" the code references it as "Alladin". As a matter of fact it seems that this file is not shipped in the Binaries, nor used to build them - it only is part of the source that is used. Yet I think it is a violation that should be fixed. Reference to the Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1644595 -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd