Your message dated Tue, 12 Feb 2019 10:39:08 +0000
with message-id <1637429.ihVJye5Aa2@merkaba>
and subject line Re: Bug#922112: fio: hash.h is not DFSG compliant
has caused the Debian Bug report #922112,
regarding fio: hash.h is not DFSG compliant
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
922112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922112
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fio
Severity: grave
According to debian/copyright, hash.h is licensed as GPL-2+ but this
is not true. There is not any mention of license attribution in its
verifiable history, not by its copyright holder or anybody else on
their behalf.
Thanks to Ulrich Mueller for the relevant research [0].
Similar bug is reported to package dwarves [1], which includes on older
copy of this same file.
Regards,
Domenico
[0] https://lkml.org/lkml/2019/2/11/773
[1] https://bugs.debian.org/919356
--
3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Closing bug report for now as Jens, upstream maintainer of fio, claims that the
file is GPL2. Feel free to reopen in case you have evidence that it is not
*after* or *with* but not *before* you provided that evidence.
Jens, I cc'd you cause this bug report has the potential to remove fio package
from Debian, so… in case you could elaborate a bit more on the source of
hash.c so that those who doubt it is GPL-2 can see that it is, it would be
helpful.
Dear Domenico.
It would have been nice to at least give one or two days to clear up the issue
before filing a bug report of grave severity. It is not that the file in fio has
been there for *years* without anyone complaining or that Debian Buster would
have been released today without the bug report in place.
I am currently holding a training, thus there may be delays in replying.
Domenico Andreoli - 12.02.19, 09:26:
> Package: fio
> Severity: grave
>
> According to debian/copyright, hash.h is licensed as GPL-2+ but this
> is not true. There is not any mention of license attribution in its
> verifiable history, not by its copyright holder or anybody else on
> their behalf.
I attach a mail from Jens Axboe, upstream maintainer of fio, where he claims
that like any other files that have no special license information this file
also is GPL-2.
I do have the original mail complete with headers available. I also cc'd Jens.
As I did not see any evidence that contradicts what Jens claims here I have no
reason not to believe him. Of course feel free to provide such evidence and
raise the severity of the bug again in case you do so.
Mit freundlichen Grüßen / With kind regards
Martin Steigerwald •
Proact Deutschland GmbH
Trainer
Telefon: +49 911 30999 0 •
Fax: +49 911 30999 99
Südwestpark 43 •
90449 Nürnberg •
Germany
martin.steigerw...@proact.de •
www.proact.de
Amtsgericht Nürnberg
•
HRB 18320
Geschäftsführer:
Oliver Kügow •
Richard Müller •
Jakob Høholdt
•
Peter Mikael Javestad
– Delivering Business Agility –
---------- Forwarded Message ----------
Betreff: Re: Licensing of include/linux/hash.h
Datum: Montag, 11. Februar 2019, 23:55:22 CET
Von: Jens Axboe <ax...@kernel.dk>
An: Martin Steigerwald <martin.steigerw...@proact.de>, Domenico Andreoli
<ca...@debian.org>
Kopie: Kristian Fiskerstrand <k...@gentoo.org>, Ben Finney
<bign...@debian.org>, Nadia Yvette Chambers <n...@holomorphy.com>, Arnaldo
Carvalho de Melo <a...@redhat.com>, 919...@bugs.debian.org
<919...@bugs.debian.org>, debian-le...@lists.debian.org <debian-
le...@lists.debian.org>, linux-ker...@vger.kernel.org <linux-
ker...@vger.kernel.org>, Jens Axboe <jens.ax...@oracle.com>
On 2/11/19 3:50 AM, Martin Steigerwald wrote:
> Adding in ax...@kernel.dk, as I am not sure whether the oracle.com address
> from Jens is actually valid / up to date.
>
> Domenico Andreoli - 11.02.19, 08:22:
>> On Mon, Feb 11, 2019 at 12:08:32AM +0100, Kristian Fiskerstrand wrote:
>> >
> Mit freundlichen Grüßen / With kind regards
>
> Martin Steigerwald •
> Proact Deutschland GmbH
[… mail signature …]
> On 1/23/19 9:50 AM, Domenico Andreoli wrote:
>> > > Ben Finney <bign...@debian.org> writes:
>> > >> Domenico Andreoli <ca...@debian.org> writes:
>> [...]
>>
>> > >>> the only knot left is now the license of hash.h
>> > >>>
>> > >>> This file is also present in the kernel [0] with an updated copyright
>> > >>> but still without license.
>>
>> [...]
>>
>> > >> To know that work (that file) is free software, we need a clear grant
>> > >> of
>> > >> some specific license, for that work.
>> > >>
>> > >> If the work is not free, it would be incorrect to have the work in
>> > >> Debian.
>> > >
>> > > Is it possible that for the kernel it is instead correct because it is,
>> > > as whole, covered by its COPYING?
>> > >
>> > >> Alternatives, for complying with the Debian Free Software Guidelines
>> > >> with
>> > >> this package, include:
>> > >>
>> > >> * Find a credible grant of license under some GPL-compatible free
>> > >>
>> > >> license to that exact file. Document that explicit grant in the
>> > >> Debian
>> > >> package. This demonstrates the work is DFSG-free.
>> > >>
>> > >> * Convince ???dwarves-dfsg??? upstream to replace that file with a
>> > >> different> >>
>> > >> implementation (I don't know whether such an implementation exists)
>> > >> under a license compatible with the same version of GNU GPL. Document
>> > >> that explicit grant in the Debian package. This demonstrates the
>> > >> modified work is DFSG-free.
>> > >>
>> > >> * Replace that file in Debian only, with a different implementation as
>> > >>
>> > >> above. Document that explicit grant in the Debian package. This
>> > >> demonstrates the modified Debian package is DFSG-free.
>> > >>
>> > >> * Move the work to the ???non-free??? area.
>> > >>
>> > >> * Remove the work altogether.
>> > >>
>> > >> Those are in descending order of (my recommended) preference.
>>
>> [...]
>>
>> > It was [pointed out] by one of our license group that [hash.h] is the
>> > same that has a GPL-2+ in [fio] which has a signed-off-by.
>> >
>> > References:
>> > [pointed out]
>> > https://bugs.gentoo.org/677586#c1
>> >
>> > [hash.h]
>> > https://git.kernel.org/pub/scm/linux/kernel/git/axboe/fio.git/commit/hash.
>> > h?id=bdc7211e190482f0c17c109a0d90834a6611be1c
>> Yes, the Signed-off-by is from Jens Axboe (in CC) but he's not the
>> original author, I guess he just copied the file as Arnaldo did. The
>> file he committed has not any reference to the license.
>>
>> > [fio]
>> > https://metadata.ftp-master.debian.org/changelogs/main/f/fio/fio_3.12-2_co
>> > pyright
>> I'm afraid that this entry in wrong. I'll seek confirmation with Martin
>> Steigerwald.
>
> Which entry to you refer to? I assume the one about hash.h.
>
> Well the file has in its header:
>
> /* Fast hashing routine for a long.
> (C) 2002 William Lee Irwin III, IBM */
>
> /*
> * Knuth recommends primes in approximately golden ratio to the maximum
> * integer representable by a machine word for multiplicative hashing.
> * Chuck Lever verified the effectiveness of this technique:
> * http://www.citi.umich.edu/techreports/reports/citi-tr-00-1.pdf
> *
> * These primes are chosen to be bit-sparse, that is operations on
> * them can use shifts and additions instead of multiplications for
> * machines where multiplications are slow.
> */
>
> It has been quite a while ago. I bet back then I did not regard this as
> license information since it does not specify a license. Thus I assumed it
> to
> be GPL-2 as the other files which have no license boiler plate. I.e.: Check
> file
> is it has different license, if not, then assume it has license as specified
> in
> COPYING.
>
> Not specifying a license can however also mean in this context that it has
> no
> license as the file contains copyright information from another author.
>
> Of course I can update copyright file in case my conclusion from a long time
> ago was wrong.
>
> Jens?
Right, if nothing else is noted, it's GPL v2.
--
Jens Axboe
-------------------------------------------------------------
> Thanks to Ulrich Mueller for the relevant research [0].
>
> Similar bug is reported to package dwarves [1], which includes on older
> copy of this same file.
>
> Regards,
> Domenico
>
> [0] https://lkml.org/lkml/2019/2/11/773
I do not see how this proves that hash.c is not GPL-2.
> [1] https://bugs.debian.org/919356
Ciao,
--
Martin
--- End Message ---
