Bug#340538: apache2: includes non-free and possibly undistributable files
Justification: Policy 2.2.1
By reviewing the copyright file, I found out that apache2 includes
code that does not seem to comply with the DFSG.
What is worse, I even found some code that does not seem to be
distributable at all...
Quoting from the copyright file itself:
For the test\zb.c component:
| /* ZeusBench V1.01
| This program is Copyright (C) Zeus Technology Limited 1996.
| This program may be used and copied freely providing this copyright notice
| is not removed.
| This software is provided "as is" and any express or implied waranties,
| including but not limited to, the implied warranties of merchantability and
| fitness for a particular purpose are disclaimed. In no event shall
| Zeus Technology Ltd. be liable for any direct, indirect, incidental, special,
| exemplary, or consequential damaged (including, but not limited to,
| procurement of substitute good or services; loss of use, data, or profits;
| or business interruption) however caused and on theory of liability. Whether
| in contract, strict liability or tort (including negligence or otherwise)
| arising in any way out of the use of this software, even if advised of the
| possibility of such damage.
| Written by Adam Twiss (email@example.com). March 1996
| Thanks to the following people for their input:
| Mike Belshe (firstname.lastname@example.org)
| Michael Campanella (email@example.com)
This license does not grant any permission to modify and to distribute
modifications and derivative works (fails DFSG#3).
Upstream copyright holders should be contacted and asked to relicense
the file: I would suggest the Expat license
| For the srclib\apr-util\test\testmd4.c component:
| * This is derived from material copyright RSA Data Security, Inc.
| * Their notice is reproduced below in its entirety.
| * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
| * rights reserved.
| * RSA Data Security, Inc. makes no representations concerning either
| * the merchantability of this software or the suitability of this
| * software for any particular purpose. It is provided "as is"
| * without express or implied warranty of any kind.
| * These notices must be retained in any copies of any part of this
| * documentation and/or software.
This does not even grant *any* permissions.
It seems to be undistributable (fails DFSG#1 and DFSG#3).
If this is the case, distributing it is also a copyright violation
and should stop ASAP.
Again upstream copyright holders should be contacted and asked to relicense
the file: a good choice could be the Expat license.
| For the srclib\apr\include\apr_md5.h component:
| * This is work is derived from material Copyright RSA Data Security, Inc.
| * The RSA copyright statement and Licence for that original material is
| * included below. This is followed by the Apache copyright statement and
| * licence for the modifications made to that material.
| /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
| rights reserved.
| License to copy and use this software is granted provided that it
| is identified as the "RSA Data Security, Inc. MD5 Message-Digest
| Algorithm" in all material mentioning or referencing this software
| or this function.
| License is also granted to make and use derivative works provided
| that such works are identified as "derived from the RSA Data
| Security, Inc. MD5 Message-Digest Algorithm" in all material
| mentioning or referencing the derived work.
| RSA Data Security, Inc. makes no representations concerning either
| the merchantability of this software or the suitability of this
| software for any particular purpose. It is provided "as is"
| without express or implied warranty of any kind.
| These notices must be retained in any copies of any part of this
| documentation and/or software.
An identical license holds for the following files:
This license grants permission to to "copy and use" and to "make and
use derivative works", but no explicit permission to distribute the
derivative works (fails DFSG#3).
Upstream copyright holders should be got in touch with and asked
for a license change: I would again suggest to recommend the Expat
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.32
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages apache2 depends on:
ii apache2-mpm-worker 2.0.54-5 high speed threaded model for Apac
-- no debconf information