Hi, Reprising this old bug, it's a shame that a good security hardening extension for PHP was kept out of Debian for two releases.
I think this turns out to be a different situation than other packages (where things unrelated to PHP code had been put under the PHP license, therefore not being able to satisfy the license terms). On 2014-06-26, Ondřej Surý wrote: | I did have a quite long and extensive chat with FTP Masters | and our conclusion was that PHP License (any version) is | suitable only for software that comes directly from "PHP Group", | that basically means only PHP (src:php5) itself. In the upstream bug[0] it is claimed by the author: "Suhosin incorporates some PHP Code directly" and that they can't relicense Suhosin because of that. But does that mean Suhosin has fully complied with the license? | 1. Redistributions of source code must retain the above copyright | notice, this list of conditions and the following disclaimer. | 2. Redistributions in binary form must reproduce the above copyright | notice, this list of conditions and the following disclaimer in | the documentation and/or other materials provided with the | distribution. Suhosin retains the same license. | 3. The name "PHP" must not be used to endorse or promote products | derived from this software without prior written permission. For | written permission, please contact [email protected]. | 4. Products derived from this software may not be called "PHP", nor | may "PHP" appear in their name, without prior written permission | from [email protected]. You may indicate that your software works in | conjunction with PHP by saying "Foo for PHP" instead of calling | it "PHP Foo" or "phpfoo" I don't think that was at issue, if the product is called "Suhosin". | 5. The PHP Group may publish revised and/or new versions of the | license from time to time. Each version will be given a | distinguishing version number. | Once covered code has been published under a particular version | of the license, you may always continue to use it under the terms | of that version. You may also choose to use such covered code | under the terms of any subsequent version of the license | published by the PHP Group. No one other than the PHP Group has | the right to modify the terms applicable to covered code created | under this License. Suhosin hasn't modified the license terms. | 6. Redistributions of any form whatsoever must retain the following | acknowledgment: | "This product includes PHP software, freely available from | <http://www.php.net/software/>". The statement is reproduced in the Debian copyright file, and it seems valid, if it really does include PHP software as claimed by upstream. [0]: https://github.com/stefanesser/suhosin/issues/48 Thanks, Regards, -- Steven Chamberlain [email protected]
signature.asc
Description: Digital signature
