Hi, Le mercredi 26 novembre 2008 à 15:09 -0600, Paul Gevers a écrit : > Dear FTP-masters, > > Please have a look at bug 506977 (of which the last and most explaining > comment is below this email). The issue involved is a copyright > infringement in the source of fpc before version 2.2.2 (i.e. everything > version except for the one in unstable). I fear that we should either > update or remove the sources of fpc on all but unstable releases. > > In Ubuntu I checked that the following packages builddepend on FPC: > lazarus > imapcopy > hedgewars > libhdate > gearhead > m-tx > python-soappy > poker-network > I assume, but have not check yet, that the same goes for Debian. > > With kind regards, > Paul > > Marco van de Voort wrote: > > Hello, > > > > Note: I'm the FPC core developer that also features in the Ubuntu > > correspondence. Carlos (the maintainer of this port) can confirm that, or > > have a look here: http://www.freepascal.org/aboutus.var > > > > The probable infringement was brought to our attention in early 2007. > > The infringement was made amenable mostly due to trivial means (variable > > names, fairly small procedures that were the same). > > > > The other side was really cooperative, and gave us time to clean up > > massively, without having to immediately pull all sources, and we employed > > at tool to identify potential problem sources, and found a lot more. > > > > So we cut real wide, and reengineered all potentially infringing code. (all > > in all a nontrivial amount). > > > > However because the infringement was so trivial, and relicensing > > counterproductive and confusion, it was decided to pull all releases. > > > > So in august, after 2.2.2 came out, we removed all older releases from our > > site, and assumed the mentioning of the copyright problems in our release > > manifest would be enough to warrant a swift upgrade. > > > > I hope it need no explanation that that was a pretty painful step, removing > > 10 years of history of our project. > > > > However, here we are now, 3-4 months after the release and the heads up, and > > the infringing code is still served from Debian servers. We are not happy > > with this. Note that it is also not fair to the other party who has been > > patient, and now could see the code still floating around. > > > > In short: please remove the old versions as soon as possible, or upgrade. > > > > Marco.
Please note that removing FPC 2.2.0 from Lenny should also lead to removing Lazarus 0.9.24. Beond the package dependency, Lazarus statically links to the infringed code. The Lazarus IDE is not an issue as it is GPL, but the LCL not, and thus have the same issue as RTL. In clear, either FPC + Lazarus should get out of Lenny or should be updated. Please not that in answer to http://www.mail-archive.com/[EMAIL PROTECTED]/msg27208.html the backports.org was proposed as an alternative http://www.mail-archive.com/[EMAIL PROTECTED]/msg27826.html but I feels it can confuse users producing non GPL code. Cheers, Mazen, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
