Your message dated Wed, 15 Jun 2016 10:58:05 +0000
with message-id <[email protected]>
and subject line Bug#826379: fixed in codeblocks 16.01+dfsg-2
has caused the Debian Bug report #826379,
regarding codeblocks: incompatibility between GPL and RSA md5 license makes
package non-distributable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
826379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826379
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: codeblocks
Version: 16.01+dfsg-1
Severity: serious
X-Debbugs-CC: [email protected]
Codeblocks is licensed under GPL v3, but some files in the source
tarball contain code that is licensed as per the terms of RSA Data
Security, Inc.'s MD5 Message Digest Algorithm; this license is as
follows:
src/plugins/contrib/source_exporter/wxPdfDocument/src/pdfencrypt.cpp
src/plugins/contrib/source_exporter/wxPdfDocument/src/pdfxml.cpp
/*
**********************************************************************
** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
** **
** License to copy and use this software is granted provided that **
** it is identified as the "RSA Data Security, Inc. MD5 Message **
** Digest Algorithm" in all material mentioning or referencing this **
** software or this function. **
** **
** License is also granted to make and use derivative works **
** provided that such works are identified as "derived from the RSA **
** Data Security, Inc. MD5 Message Digest Algorithm" in all **
** material mentioning or referencing the derived work. **
** **
** RSA Data Security, Inc. makes no representations concerning **
** either the merchantability of this software or the suitability **
** of this software for any particular purpose. It is provided "as **
** is" without express or implied warranty of any kind. **
** **
** These notices must be retained in any copies of any part of this **
** documentation and/or software. **
**********************************************************************
*/
This license is problematic for codeblocks because while it is free /
DFSG-compatible, it contains an advertising clause akin to the
original / 4-clause BSD license that renders it incompatible with the
GPL, which is what the majority of codeblocks' codebase is licensed
under. The GNU project has documented this incompatibility at [1].
There's also some discussion of this issue on debian-legal [2].
The RSA md5 license only applies to code used by the exporter plugin
in codeblocks, so we can avoid shipping a non-distributable codeblocks
package merely by not including that plugin (no DFSG violation here,
no need to repack source tarball). This is what I plan to do until
upstream replaces the current md5 implementation with one that does
not happen to be GPL-incompatible.
Regards,
Vincent
[1] http://www.gnu.org/licenses/license-list.html#OriginalBSD
[2] https://lists.debian.org/debian-legal/2016/05/msg00011.html
--- End Message ---
--- Begin Message ---
Source: codeblocks
Source-Version: 16.01+dfsg-2
We believe that the bug you reported is fixed in the latest version of
codeblocks, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Cheng <[email protected]> (supplier of updated codeblocks package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 15 Jun 2016 01:41:09 PDT
Source: codeblocks
Binary: codeblocks codeblocks-common libcodeblocks0 codeblocks-dbg
codeblocks-contrib codeblocks-dev libwxsmithlib0 libwxsmithlib-dev
Architecture: source all
Version: 16.01+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: David Paleino <[email protected]>
Changed-By: Vincent Cheng <[email protected]>
Description:
codeblocks - Code::Blocks integrated development environment (IDE)
codeblocks-common - common files for Code::Blocks IDE
libcodeblocks0 - Code::Blocks shared library
codeblocks-dbg - Code::Blocks debugging libraries
codeblocks-contrib - contrib plugins for Code::Blocks IDE
codeblocks-dev - Code::Blocks development files (SDK)
libwxsmithlib0 - wxSmith shared library (Code::Blocks plugin for RAD GUI
editing)
libwxsmithlib-dev - wxSmith development files (Code::Blocks plugin for RAD GUI
editin
Closes: 826379
Changes:
codeblocks (16.01+dfsg-2) unstable; urgency=medium
.
* Drop debian/patches/05-fix-boost-system-1.60.patch; obsolete.
* Add debian/patches/05-remove-rsa-md5-impl.patch to fix non-distributability
of codeblocks package due to GPL and RSA md5 license conflict. Thanks to
Alexander for the initial version of the patch! (Closes: #826379)
* Drop build-dep on libboost-system-dev.
* Drop obsolete dh_install files.
* Update debian/copyright.
Checksums-Sha256:
51840c73c0bf42bd0e25baee123bdb75c02c29042e0e04ce8ae29662e8e6d97a 2535
codeblocks_16.01+dfsg-2.dsc
9bffc133bff4de31f61683fa5a01b9d3103503f461c9b2db95ffe1eff15c7311 19964879
codeblocks_16.01+dfsg.orig.tar.gz
3111e2cf3a779f1985a709abb544f365ceba0863c3e0052e06719159c3072f75 33632
codeblocks_16.01+dfsg-2.debian.tar.xz
6ef5f57519ffcb3daca77bc81aeccefdc36d3583db70189f74d14cd296f527d3 3237848
codeblocks-common_16.01+dfsg-2_all.deb
Checksums-Sha1:
396155fb3cb4f57591b6f81d0ec110b1d8c81f52 2535 codeblocks_16.01+dfsg-2.dsc
c91ecc3631f8cd7f45e6332e2254139d3da01d5f 19964879
codeblocks_16.01+dfsg.orig.tar.gz
5420ec63074d879404040d105a279fa2bba7ee01 33632
codeblocks_16.01+dfsg-2.debian.tar.xz
4747fa5719cdb213915a361cb2933f20623b6b78 3237848
codeblocks-common_16.01+dfsg-2_all.deb
Files:
67a737bc854e6ff998dc0d71e7e2c2f6 2535 x11 optional codeblocks_16.01+dfsg-2.dsc
cc7d0b2c8a29e2da3dbb694deab08df9 19964879 x11 optional
codeblocks_16.01+dfsg.orig.tar.gz
66994cc195695d1217650090e8b6033e 33632 x11 optional
codeblocks_16.01+dfsg-2.debian.tar.xz
2b4f5225d3a03883c6bc5d1750c040da 3237848 x11 optional
codeblocks-common_16.01+dfsg-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXYRStAAoJEI7tzBuqHzL/kk4P/AyZKRn9j+91giZ6qE+oseGB
QSEYJ+YQyJZrplzQ36UortxMKEVdQVXS1mYGGuFvlUALoejZBPFVfZ0lTKj7hjYI
dc85fdkLrqgofIDnR6jbbJVR+qVwAA0o1XrcYG5kQn3uVAxlbyCKfMuwgg6rKbNG
hAYMNjdTgzR157KK3fLR92j5dxO5pvraqfRlRt0Gzpq6fKBmPIzHkaF/yMzU6qZV
BZi6O8puanlGQIad3m16c+y/pT8seq5v/2FsBa06R8qytbmyE2q0ZtgKCSbis1/t
OdIjdEldeMvJPhPXc5DpH0Tmka2jbTn0JGt1OM4BTXoaHM87zjMmLXNOakqTmpSI
R5a4roA95Kde3KmwDHT+W3l4QE1W7/J5EmOCVSrQBUlUV8gm6wUO6p/n0kUCm3qr
+PrIfErxu7Cfmr28hPVJUcEizmkuuwWIjILrwewciy5VjhA+ExRWzbOW8qK01RCe
W0HxpdtUicpY1vXr0WWzgLZoaVn94mmrkgDVoBviOdfEzppbXQ9Oa1jG3M64ZTEG
njdwqUA5TEtpeDT5ahq/8t3AbCB7l/+uEO21J5m9zz+QSCbi3SO4fVMnz2nN+Hv2
fRhPE9uKnauE0mPD38srdttdhbf09+TNDvKMC+o5ryIhSY/iNoOmHJoXSVB3Z6W8
cNYPVDfE4epJl2XV3XFm
=huK/
-----END PGP SIGNATURE-----
--- End Message ---