severity 636148 serious found 636148 3.0~rc1-1 thanks On Sun, Jul 31, 2011 at 07:49:11PM +0200, Thue Janus Kristensen wrote: > Package: smarty3 > Version: 3.0.8-1 > Severity: normal > > As far as I can tell, the Smarty3 source package does not actually > contain the smarty3 source code.
That's a violation of policy and release-critical. It also applies to the version ins stable. The problem here is that upstream is distributing created code without corresponding source code on their website. In short, given that Smarty does not require copyright assignment, they are violating the license of 3rd party contributions, and cause all redistributors to be in violation as well, which formally speaking, terminates the rights to distribute Smarty 3 of everyone distributing it, as per Section 8 of the license. -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
pgpDfgdNg2aYC.pgp
Description: PGP signature
