subject:"\[OE\-core\] gnutls\/nettle\/gmp licensing and versions"

Re: [OE-core] gnutls/nettle/gmp licensing and versions

2015-08-21 Thread Jussi Kukkonen

On 18 August 2015 at 11:35, Martin Jansa martin.ja...@gmail.com wrote:
 On Thu, Aug 13, 2015 at 03:42:45PM +0300, Jussi Kukkonen wrote:
 On 12 August 2015 at 17:14, Jussi Kukkonen jussi.kukko...@intel.com wrote:
  Hi,
 
  I realise I'm a bit late (with the commit in master already) but I'm
  looking at upgrading this recipe and had some questions on this patch
  and the recipe in general.
 
  On 9 August 2015 at 08:28, Armin Kuster akuster...@gmail.com wrote:
  adding the license definitions on the few packages that
  deviate from the overall package license.
 
  based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
  and spot checking files.
 
  Signed-off-by: Armin Kuster akuster...@gmail.com
  ---
   meta/recipes-support/nettle/nettle_2.7.1.bb | 9 +
   1 file changed, 9 insertions(+)
 
  diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb 
  b/meta/recipes-support/nettle/nettle_2.7.1.bb
  index f53afcc..f9d331f 100644
  --- a/meta/recipes-support/nettle/nettle_2.7.1.bb
  +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb
  @@ -2,6 +2,15 @@ SUMMARY = A low level cryptographic library
   HOMEPAGE = http://www.lysator.liu.se/~nisse/nettle/;
   SECTION = libs
   LICENSE = LGPLv2.1  GPLv2
 
  I think this is wrong, whichever version you look at -- our current
  version is just LGPLv2.1+, the current upstream release is LGPLv3+
  | GPLv2+
 
  I'm going to send a patch upgrading the recipe to the current upstream
  release (and setting license to LGPLv3+ | GPLv2+): it might seem
  like this makes gnutls effectively LGPLv3 but that actually happened
  last year with the gmp upgrade. Comments on this welcome.

 Alexander just pointed out to me that there was a discussion on gnutls
 and nettle already in July (which I missed in my
 back-from-holiday-email-binge). It seems that the consensus was to
 preserve LGPLv2 versions.

 This is what the current situation looks to me -- please correct if I'm 
 wrong:
 * gmp is GPLv2+ | LGPLv3+
 * nettle is LGPLv2.1+ but depends on gmp
 * gnutls LGPLv2.1+ but depends on nettle

 This effectively makes gnutls GPLv2+ | LGPLv3+ as far as I can see.
 If we want to preserve a LGPLv2 gnutls, we need to bring back an older
 version of gmp (I think 4.2.1).

 I agree, recently we had to downgrade gmp to 4.2.1 in our layer to pass
 our license check. Similarly we had to check that all nettle libraries
 used in our image are LGPLv2.1 not GPLv2.0 - that's why I've suggested
 to package them separately, so that we'll see only LGPLv2.1 nettle
 package in our image.

Reading the commit log, it looks like gmp 4.2.1 was removed by
accident (the license problem was not understood at the time).
I've filed https://bugzilla.yoctoproject.org/show_bug.cgi?id=8197 for
this issue: we can continue there.

Bringing back 4.2.1 seems like the least worst option: if you have a
useful patch (other than just a revert of the removal), please let me
know.

Cheers,
 Jussi


 Regards,

  +LICENSE_${PN}-cast = CC0
  +LICENSE_${PN}-gosthash = MIT
  +
  +# both public and GPL license listed
  +LICENSE_${PN}-md2 = CC0  LGPLv2.1+
  +LICENSE_${PN}-md4 = CC0  LGPLv2.1+
 
  From the reference I had the impression this LICENSE_something
  construct would imply there is a package something. But the nettle
  recipe does not produce nettle-cast or any of these. What is the
  purpose here?
 
  Thanks,
   Jussi
 
  +
  +
   LIC_FILES_CHKSUM = 
  file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
   
  file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d
   \
   
  file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d
  --
  2.3.5
 
  --
  ___
  Openembedded-core mailing list
  Openembedded-core@lists.openembedded.org
  http://lists.openembedded.org/mailman/listinfo/openembedded-core
 --
 ___
 Openembedded-core mailing list
 Openembedded-core@lists.openembedded.org
 http://lists.openembedded.org/mailman/listinfo/openembedded-core

 --
 Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] gnutls/nettle/gmp licensing and versions

2015-08-18 Thread Martin Jansa

On Thu, Aug 13, 2015 at 03:42:45PM +0300, Jussi Kukkonen wrote:
 On 12 August 2015 at 17:14, Jussi Kukkonen jussi.kukko...@intel.com wrote:
  Hi,
 
  I realise I'm a bit late (with the commit in master already) but I'm
  looking at upgrading this recipe and had some questions on this patch
  and the recipe in general.
 
  On 9 August 2015 at 08:28, Armin Kuster akuster...@gmail.com wrote:
  adding the license definitions on the few packages that
  deviate from the overall package license.
 
  based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
  and spot checking files.
 
  Signed-off-by: Armin Kuster akuster...@gmail.com
  ---
   meta/recipes-support/nettle/nettle_2.7.1.bb | 9 +
   1 file changed, 9 insertions(+)
 
  diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb 
  b/meta/recipes-support/nettle/nettle_2.7.1.bb
  index f53afcc..f9d331f 100644
  --- a/meta/recipes-support/nettle/nettle_2.7.1.bb
  +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb
  @@ -2,6 +2,15 @@ SUMMARY = A low level cryptographic library
   HOMEPAGE = http://www.lysator.liu.se/~nisse/nettle/;
   SECTION = libs
   LICENSE = LGPLv2.1  GPLv2
 
  I think this is wrong, whichever version you look at -- our current
  version is just LGPLv2.1+, the current upstream release is LGPLv3+
  | GPLv2+
 
  I'm going to send a patch upgrading the recipe to the current upstream
  release (and setting license to LGPLv3+ | GPLv2+): it might seem
  like this makes gnutls effectively LGPLv3 but that actually happened
  last year with the gmp upgrade. Comments on this welcome.
 
 Alexander just pointed out to me that there was a discussion on gnutls
 and nettle already in July (which I missed in my
 back-from-holiday-email-binge). It seems that the consensus was to
 preserve LGPLv2 versions.
 
 This is what the current situation looks to me -- please correct if I'm wrong:
 * gmp is GPLv2+ | LGPLv3+
 * nettle is LGPLv2.1+ but depends on gmp
 * gnutls LGPLv2.1+ but depends on nettle
 
 This effectively makes gnutls GPLv2+ | LGPLv3+ as far as I can see.
 If we want to preserve a LGPLv2 gnutls, we need to bring back an older
 version of gmp (I think 4.2.1).

I agree, recently we had to downgrade gmp to 4.2.1 in our layer to pass
our license check. Similarly we had to check that all nettle libraries
used in our image are LGPLv2.1 not GPLv2.0 - that's why I've suggested
to package them separately, so that we'll see only LGPLv2.1 nettle
package in our image.

Regards,

  +LICENSE_${PN}-cast = CC0
  +LICENSE_${PN}-gosthash = MIT
  +
  +# both public and GPL license listed
  +LICENSE_${PN}-md2 = CC0  LGPLv2.1+
  +LICENSE_${PN}-md4 = CC0  LGPLv2.1+
 
  From the reference I had the impression this LICENSE_something
  construct would imply there is a package something. But the nettle
  recipe does not produce nettle-cast or any of these. What is the
  purpose here?
 
  Thanks,
   Jussi
 
  +
  +
   LIC_FILES_CHKSUM = 
  file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
   
  file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d
   \
   
  file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d
  --
  2.3.5
 
  --
  ___
  Openembedded-core mailing list
  Openembedded-core@lists.openembedded.org
  http://lists.openembedded.org/mailman/listinfo/openembedded-core
 -- 
 ___
 Openembedded-core mailing list
 Openembedded-core@lists.openembedded.org
 http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com


signature.asc
Description: Digital signature
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] gnutls/nettle/gmp licensing and versions

2015-08-13 Thread Jussi Kukkonen

On 12 August 2015 at 17:14, Jussi Kukkonen jussi.kukko...@intel.com wrote:
 Hi,

 I realise I'm a bit late (with the commit in master already) but I'm
 looking at upgrading this recipe and had some questions on this patch
 and the recipe in general.

 On 9 August 2015 at 08:28, Armin Kuster akuster...@gmail.com wrote:
 adding the license definitions on the few packages that
 deviate from the overall package license.

 based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
 and spot checking files.

 Signed-off-by: Armin Kuster akuster...@gmail.com
 ---
  meta/recipes-support/nettle/nettle_2.7.1.bb | 9 +
  1 file changed, 9 insertions(+)

 diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb 
 b/meta/recipes-support/nettle/nettle_2.7.1.bb
 index f53afcc..f9d331f 100644
 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb
 +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb
 @@ -2,6 +2,15 @@ SUMMARY = A low level cryptographic library
  HOMEPAGE = http://www.lysator.liu.se/~nisse/nettle/;
  SECTION = libs
  LICENSE = LGPLv2.1  GPLv2

 I think this is wrong, whichever version you look at -- our current
 version is just LGPLv2.1+, the current upstream release is LGPLv3+
 | GPLv2+

 I'm going to send a patch upgrading the recipe to the current upstream
 release (and setting license to LGPLv3+ | GPLv2+): it might seem
 like this makes gnutls effectively LGPLv3 but that actually happened
 last year with the gmp upgrade. Comments on this welcome.

Alexander just pointed out to me that there was a discussion on gnutls
and nettle already in July (which I missed in my
back-from-holiday-email-binge). It seems that the consensus was to
preserve LGPLv2 versions.

This is what the current situation looks to me -- please correct if I'm wrong:
* gmp is GPLv2+ | LGPLv3+
* nettle is LGPLv2.1+ but depends on gmp
* gnutls LGPLv2.1+ but depends on nettle

This effectively makes gnutls GPLv2+ | LGPLv3+ as far as I can see.
If we want to preserve a LGPLv2 gnutls, we need to bring back an older
version of gmp (I think 4.2.1).


 +LICENSE_${PN}-cast = CC0
 +LICENSE_${PN}-gosthash = MIT
 +
 +# both public and GPL license listed
 +LICENSE_${PN}-md2 = CC0  LGPLv2.1+
 +LICENSE_${PN}-md4 = CC0  LGPLv2.1+

 From the reference I had the impression this LICENSE_something
 construct would imply there is a package something. But the nettle
 recipe does not produce nettle-cast or any of these. What is the
 purpose here?

 Thanks,
  Jussi

 +
 +
  LIC_FILES_CHKSUM = file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 
 \
  
 file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d
  \
  
 file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d
 --
 2.3.5

 --
 ___
 Openembedded-core mailing list
 Openembedded-core@lists.openembedded.org
 http://lists.openembedded.org/mailman/listinfo/openembedded-core
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] gnutls/nettle/gmp licensing and versions

Re: [OE-core] gnutls/nettle/gmp licensing and versions

[OE-core] gnutls/nettle/gmp licensing and versions

3 matches

Site Navigation

Mail list logo

Footer information