[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#979095: Legally problematic GPL-3+ readline dependency

Thank you for filing this bug report.

Adding debian-legal to see if there's anyone with a good recommendation
to this mess.

On Sat, 2021-01-02 at 18:36 +0100, Bastian Germann wrote:
> Package: multipath-tools
> Severity: important
> This package depends on libreadline8 which is GPL-3+ licensed.
> According 
> to debian/copyright parts of your package are GPL-2-only licensed. If
> that is also (transitively) the case for the binaries that link with 
> libreadline.so.8 it might be legally problematic (see 
> https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility).

multipath-tools is mixed bag of licenses. The last time I checked on
it, the results weren't optimum.


> There is an easy solution to the problem: Replacing the build
> dependency 
> libreadline-dev with libeditreadline-dev links with the BSD-licensed 
> libedit library which is a readline replacement.

Thanks for the input. Lets see what best way to handle this.

I personally would prefer to stick with the GNU Readline library but
that is just a personal preference and not a strong opinion.

I see there's a GPL2 variant of the library but under the Debian QA
Group. And the last upload to the package is from 2015

Fedora (not that I treat their judgment as the right thing) is linking
to GNU Readline 8. Not sure if Ubuntu is doing anything different.

Please do feel free to raise the severity, in case you do not see any
progress on this bug report, over time.


Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: