Thank you for filing this bug report. Adding debian-legal to see if there's anyone with a good recommendation to this mess. On Sat, 2021-01-02 at 18:36 +0100, Bastian Germann wrote: > Package: multipath-tools > Severity: important > > This package depends on libreadline8 which is GPL-3+ licensed. > According > to debian/copyright parts of your package are GPL-2-only licensed. If > that is also (transitively) the case for the binaries that link with > libreadline.so.8 it might be legally problematic (see > https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility). > multipath-tools is mixed bag of licenses. The last time I checked on it, the results weren't optimum. https://www.redhat.com/archives/dm-devel/2016-July/msg00508.html > There is an easy solution to the problem: Replacing the build > dependency > libreadline-dev with libeditreadline-dev links with the BSD-licensed > libedit library which is a readline replacement. Thanks for the input. Lets see what best way to handle this. I personally would prefer to stick with the GNU Readline library but that is just a personal preference and not a strong opinion. I see there's a GPL2 variant of the library but under the Debian QA Group. And the last upload to the package is from 2015 Fedora (not that I treat their judgment as the right thing) is linking to GNU Readline 8. Not sure if Ubuntu is doing anything different. https://koji.fedoraproject.org/koji/rpminfo?rpmID=23332353 Please do feel free to raise the severity, in case you do not see any progress on this bug report, over time. Thanks, Ritesh -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
Attachment:
signature.asc
Description: This is a digitally signed message part