Bug#349279: tailor: _process.py seems under non-GPL license
Package: tailor
Version: 0.9.19-2
Severity: important
Justification: DFSG 1 violation etc. by including _process.py
Please do not panic, it is easy to fix. :-)
Proposed fix: (in /usr/lib/python2.4/site-packages/vcpx)
* remove _process.py which cause useless license concern
* possibly eliminate line 13-15 of shwrap.py for code clean.
* ask upstream to change _process.py with the newer subprocess.py in
2.4 python package which has GPL compatible license.
Explanation of fix:
_process.py was included to address shortcomings of pre-python2.4 but it
is not used in python2.4 environment. Currenty "tailor" package uses
python2.4 due to bzr support inclusion. Thus, this package will
function fine without _process.py and removal of _process.py will
eliminate license issue :-)
Explanation of license issue:
_process.py found in tha package has following license:
-----------------------------------------------------------------
## From http://svn.red-bean.com/restedit/trunk/source/process.py
# process - Subprocesses with accessible I/O streams
#
# Copyright (c) 2003-2004 by Peter Astrand <astrand@lysator.liu.se>
#
# By obtaining, using, and/or copying this software and/or its
# associated documentation, you agree that you have read, understood,
# and will comply with the following terms and conditions:
#
# Permission to use, copy, modify, and distribute this software and
# its associated documentation for any purpose and without fee is
# hereby granted, provided that the above copyright notice appears in
# all copies, and that both that copyright notice and this permission
# notice appear in supporting documentation, and that the name of the
# author not be used in advertising or publicity pertaining to
# distribution of the software without specific, written prior
# permission.
#
# THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR
# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-----------------------------------------------------------------
Although /usr/share/doc/tailor/copyright states GPL for tailor package,
this is not GPL for sure. --> problem.
This license only gives permission when fee is not charged. That seems
to be DSFG1 violation. Also mixing code of GPL and this seems to be
incompatible.
I looked further and found practically the same code is licensed under
# Licensed to PSF under a Contributor Agreement.
# See http://www.python.org/2.4/license for licensing details.
for python2.4. (subprocess.py) So no real issue should exist. Thus
marked this as "important" instead of "serious".
Cheers,
Osamu
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages tailor depends on:
ii python2.4 2.4.2-2 An interactive high-level object-o
tailor recommends no packages.
-- no debconf information
Reply to: