[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: poco (updated package) [4th try]

"Krzysztof Burghardt" <krzysztof@burghardt.pl> writes:
> 2008/1/19, Aníbal Monsalve Salazar <anibal@debian.org>:
>> On Sat, Jan 19, 2008 at 09:38:39AM +0100, Krzysztof Burghardt wrote:
>> >The package appears to be lintian clean.
>> lintian -i --show-overrides poco_1.2.9-3_i386.changes
>> W: libpoco2: possible-gpl-code-linked-with-openssl
>> N:
>> N:   This package appears to be covered by the GNU GPL but depends on the
>> N:   OpenSSL libssl package and does not mention a license exemption or
>> N:   exception for OpenSSL in its copyright file. The GPL (including
>> N:   version 3) is incompatible with some terms of the OpenSSL license, and
>> N:   therefore Debian does not allow GPL-licensed code linked with OpenSSL
>> N:   libraries unless there is a license exception explicitly permitting
>> N:   this.
> False positive. Using grep on debian/copyright is not sufficient to
> judge on what license POCO is. Its lintian fault. Lets try...
> $ grep GPL debian/copyright
> is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
> $ tail -n 2 debian/copyright
> The Debian packaging is (C) 2007, Krzysztof Burghardt
> <krzysztof@burghardt.pl> and
> is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
> POCO is available on BOOST license (3BSDL).

If you are licensing your packaging work under the GPL, and any of that
packaging work goes into the final binaries linked with OpenSSL, you've
created a work that isn't redistributable due to the conflict of licenses.
Even if that isn't the case now, it may be in the future (if, for example,
you add Debian-specific patches).

I believe that you should either license your packaging work under the
same license as the upstream source or add an exception to the licensing
on your packaging work to allow it to be linked with OpenSSL.

>> O: libpoco2: package-name-doesnt-match-sonames libPocoFoundation2 libPocoFoundationd2 libPocoNet2 libPocoNetSSL2 libPocoNetSSLd2 libPocoNetd2 libPocoUtil2 libPocoUtild2 libPocoXML2 libPocoXMLd2
>> N:
>> N:   The package name of a library package should usually reflect the
>> N:   soname of the included library. The package name can determined from
>> N:   the library file name with the following code snippet:
>> N:
>> N:    $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n -e's/^[[:space:]]*SONAME[[:space:]]*//p' | sed -e's/\([0-9]\)\.so\./\1-/; s/\.so\.//'
>> N:
>> N:   Refer to Library Packaging guide 5 for details.
> Also false positive. Check shlibs. (If I remember well there was a bug
> in lintian.)

I didn't build this package to double-check, but I expect this lintian tag
is correct as far as it goes and isn't a bug.  It looks like you have a
package named libpoco2 which doesn't contain a shared library named

It is a place where an override is probably justified, however.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: