Source: dwarf-fortress
Version: 0.44.12-1
Severity: serious
The source tarballs for both amd64 and i386 contain the following
shared libraries:
$ ls {amd64,i386}/libs/lib{gcc_s.so.1,stdc++.so.6}
amd64/libs/libgcc_s.so.1
amd64/libs/libstdc++.so.6
i386/libs/libgcc_s.so.1
i386/libs/libstdc++.so.6
These files are presumably compiled from GCC runtime components and
licensed under a GPL. But upstream does not publish or point to source
code for these files or give any licensing information for them.
This is clearly a violation of the licenses of these files and we can
not distribute them.
Since these files aren't shipped in any binary packages, we can just
repack the source tarball to exclude them, to sidestep the problem.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-security
APT policy: (990, 'testing-security'), (990, 'testing-debug'), (990,
'testing'), (102, 'unstable-debug'), (102, 'unstable'), (101,
'experimental-debug'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-5-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-- no debconf information
