Hi Jon, Am Dienstag, den 12.05.2015, 14:17 +0100 schrieb Jonathan Dowland: > Chocolate-doom includes code taken from GnuPG, which is GPLv3, whereas > chocolate-doom is GPLv2 (or later). Upstream have fixed this by replacing > the AES implementation with one from the kernel. See
doesn't mixing GPlv2-or-later code with GPLv3 code result in code that is GPLv3 only? I fail to see why this would be of RC severity. I mean, there is no GPLv2-only code involved. > https://github.com/chocolate-doom/chocolate-doom/commit/b3678129fd7bed6c3287ab682819b075e8bf495a I have seen this commit but decided to wait for the GPLv3 licensed sha1 implementation to get replaced as well before I take action on the Debian package. Cheers, Fabian
signature.asc
Description: This is a digitally signed message part