Bug#940700: dvisvgm: Please link with libgs (not ghostscript)

To: Hilmar Preusse <hille42@web.de>
Cc: 940700@bugs.debian.org
Subject: Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
From: Jonas Smedegaard <js@debian.org>
Date: Sat, 21 Sep 2019 18:13:16 +0200
Message-id: <[🔎] 156908239619.6451.10169192834138254234@auryn.jones.dk>
Reply-to: Jonas Smedegaard <js@debian.org>, 940700@bugs.debian.org
In-reply-to: <[🔎] 57910730-425d-5ef7-9ba0-c4631608f37f@web.de>
References: <[🔎] 156887886354.11240.16822380251150418308.reportbug@auryn.jones.dk> <[🔎] b412f80b-248a-f773-6790-66009dc02a38@web.de> <[🔎] 156887886354.11240.16822380251150418308.reportbug@auryn.jones.dk> <[🔎] 156891221692.6451.3042325391383977968@auryn.jones.dk> <[🔎] 57910730-425d-5ef7-9ba0-c4631608f37f@web.de> <[🔎] 156887886354.11240.16822380251150418308.reportbug@auryn.jones.dk>

Quoting Hilmar Preuße (2019-09-20 11:34:33)
> Am 19.09.2019 um 18:56 teilte Jonas Smedegaard mit:
> > [ sent again - Debian mail servers dislike UTF-8 mail headers from me ]
> > 
> > [ ...and added an additional note at bottom! ]
> > 
> > Quoting Hilmar Preuße (2019-09-19 11:14:03)
> 
> Hi Jonas,
> 
> >> Am 19.09.2019 um 09:41 teilte Jonas Smedegaard mit:
> >> Depends: libbrotli1 (>= 0.6.0), libc6 (>= 2.29), libfreetype6 (>=
> >> 2.3.9), libgcc1 (>= 1:3.4), libgs9 (>= 8.61.dfsg.1), libkpathsea6,
> >> libpotrace0, libssl1.1 (>= 1.1.0), libstdc++6 (>= 9), libwoff1 (>=
> >> 1.0.0), libxxhash0 (>= 0.6.5), zlib1g (>= 1:1.2.0)
> >>
> >> Is that sufficient to close this bug?
> > 
> > Yes. Thanks.
> > 
> > ...but wait: If you _only_ added then I suspect you now have a 
> > superfluous build-dependency on ghostscript.  Not exactly harmful but... 
> > messy.
> > 
> OK, I've replaced the BD on ghostscript by libgs-dev. Now I get an
> lintian error:
> 
> E: dvisvgm: possible-gpl-code-linked-with-openssl
> 
> Is that a false positive and I should override?

The _possibility_ of a licensing problem is real, and you should 
definitely inspect it closer: Ghostscript 9.x is licensed 
AGPL-3-or-newer and anything linked with it must comply with those 
terms.

>From a quick look (only skimming debian/copyright of dvisvgm) it seems 
there is no licensing problem, as it seems relevant code is licensed 
GPL-3-or-newer which in my understanding is upgradeable to 
AGPL-3-or-newer, and I guess there is no obstacles in doing such 
upgrade.

I recommend to do the following:

0) Double-check if you come to same conclusion as me above.

1) add a "Comment:" field to the initial section of debian/copyright 
mentioning that even though dvisvgm is generally licensed 
GPL-3-or-newer, due to linking with libgs9 which is licensed AGPL-3 the 
effective license is AGPL-3-or-newer.

2) override lintian, referencing that AGPL is considered fine and is 
explicilty noted in debian/copyright.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature

Reply to:

References:
- Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
  - From: Jonas Smedegaard <dr@jones.dk>
- Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
  - From: Hilmar Preuße <hille42@web.de>
- Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
  - From: Jonas Smedegaard <dr@jones.dk>
- Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
  - From: Hilmar Preuße <hille42@web.de>

Prev by Date: Bug#940788: marked as done (please drop transitional package luasseq from src:texlive-base)
Next by Date: Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
Previous by thread: Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
Next by thread: Bug#940700: dvisvgm: Please link with libgs (not ghostscript)
Index(es):
- Date
- Thread