Bug#865830: Copyright concerns regarding Seafile
Andrej Shadura writes ("Re: Copyright concerns regarding Seafile"):
> On Wed, 15 May 2019 at 12:10, Moritz Schlarb wrote:
> I fully agree. Since the client doesn’t include the code in question,
> it’s out of scope of the issue, so there is no reason to remove it
> >from Debian.
I am very uncomfortable with having code in Debian whose upstream
authors appear to have plagiarised some other people's software, and
then obfuscated it, in order to evade copyright licensing. Who knows
what other misleading practices they have engaged in, or may do in the
future ?
As a project, we do not have the resources to fully audit all the code
we ingest from upstreams and redistribute to our users. We must rely
on trust. That depends on the upstream being trustworthy.
Ian.
--
Ian JacksonThese opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Bug#865830: Copyright concerns regarding Seafile
Hi, On Wed, 15 May 2019 at 12:10, Moritz Schlarb wrote: > However, all of the database related code is *only* contained in the > Seafile server implementation (https://github.com/haiwen/seafile-server, > RFP at #865830) and not in the Seafile client implementation > (https://github.com/haiwen/seafile) that I have packaged for Debian. > > I disagree that this should serve as a reason for *not* including the > client packages in the next Debian release. I fully agree. Since the client doesn’t include the code in question, it’s out of scope of the issue, so there is no reason to remove it from Debian. -- Cheers, Andrej
Bug#865830: Copyright concerns regarding Seafile
Dear all, as maintainer of the Seafile client packages (libsearpc, seafile and seafile-client), I would like to thank Jan-Henrik for bringing this to our attention. There have already been such findings in the past, regarding some code taken from git, and the discussion regarding libzdb in the past, as you mentioned. I remember discussing the problems regarding linking to OpenSSL, too. However, all of the database related code is *only* contained in the Seafile server implementation (https://github.com/haiwen/seafile-server, RFP at #865830) and not in the Seafile client implementation (https://github.com/haiwen/seafile) that I have packaged for Debian. I disagree that this should serve as a reason for *not* including the client packages in the next Debian release. What do others think about that? I will however forward these findings to the developers at Seafile Ltd and ask them for a proper resolution. Best regards, -- Moritz Schlarb <> signature.asc Description: OpenPGP digital signature
