Since 673655b40733 ("dropbear: clean up the rule file and add bugfix") it's explicitly stated, bundled libtomcrypt and libtommath are used in the ptxdist dropbear package. Before very likely also the bundled libs were used, because no separate packages exist in ptxdist. So the dropbear package should consider the licenses of the bundled libs.
As of dropbear 2019.78, dropbear itself states in its 'LICENSE' file those libs are public domain, but in fact those libs are dual licensed public_domain and WTFPL, as their license files state. Adding hashes for the bundled libs will help detect future changes, as long as the dropbear package uses the bundled variant of that libs. Signed-off-by: Alexander Dahl <a...@thorsis.com> --- rules/dropbear.make | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rules/dropbear.make b/rules/dropbear.make index d52efa396..acd9ef5f9 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -23,9 +23,12 @@ DROPBEAR_SUFFIX := tar.bz2 DROPBEAR_URL := http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX) DROPBEAR_SOURCE := $(SRCDIR)/$(DROPBEAR).$(DROPBEAR_SUFFIX) DROPBEAR_DIR := $(BUILDDIR)/$(DROPBEAR) -DROPBEAR_LICENSE := MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short +DROPBEAR_LICENSE := \ + MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short AND (public_domain OR WTFPL) DROPBEAR_LICENSE_FILES := \ file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01 \ + file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \ + file://libtommath/LICENSE;md5=f72771f4af5e8c382974750f9f8701ad \ file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1 # ---------------------------------------------------------------------------- -- 2.27.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-requ...@pengutronix.de