[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#681327: unblock: modsecurity-apache/2.6.6-2

On Thu, Jul 12, 2012 at 12:48:04PM +0200, Niels Thykier wrote:
> On 2012-07-12 12:21, Alberto Gonzalez Iniesta wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > 
> > Please unblock package modsecurity-apache
> > 
> > A change in the license went unnoticed. Just debian/copyright was
> > updated.
> > 
> > debdiff attached.
> > 
> > unblock modsecurity-apache/2.6.6-2
> > 
> > -- System Information:
> > Debian Release: wheezy/sid
> >   APT prefers unstable
> >   APT policy: (500, 'unstable')
> > Architecture: i386 (i686)
> > 
> > Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
> > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> """
> + [...]; either version 2 of the License.
> """
> Did you mean "either version 2 or (at your choice any) later version of
> the License"? (or however it is written...)
> According to your copyright file, any Debian patches will be under GPL-2
> and cannot be applied.  However, the Apache2 license is not compatible
> with GPL-2 (it seems to be with GPL-3)[1].
> [1] http://www.apache.org/licenses/GPL-compatibility.html
> """
> Despite our best efforts, the FSF has never considered the Apache
> License to be compatible with GPL version 2, citing the patent
> termination and indemnification provisions as restrictions not present
> in the older GPL license.
> """

Hi Niels,

Thanks for noticing. I just uploaded 2.6.6-3 with debian/* files
licensed as ASLv2. Hope that's enough.
Attached debdiff.



Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3
diff -Nru modsecurity-apache-2.6.6/debian/changelog modsecurity-apache-2.6.6/debian/changelog
--- modsecurity-apache-2.6.6/debian/changelog	2012-06-15 13:22:03.000000000 +0200
+++ modsecurity-apache-2.6.6/debian/changelog	2012-07-12 13:06:12.000000000 +0200
@@ -1,3 +1,16 @@
+modsecurity-apache (2.6.6-3) unstable; urgency=low
+  * Relicense debian/* files to ASLv2 to avoid conflicts with upstream
+    license.
+ -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 12 Jul 2012 13:05:20 +0200
+modsecurity-apache (2.6.6-2) unstable; urgency=low
+  * Updated debian/copyright with right license.
+ -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 02 Jul 2012 17:23:08 +0200
 modsecurity-apache (2.6.6-1) unstable; urgency=low
   * New upstream release.
diff -Nru modsecurity-apache-2.6.6/debian/copyright modsecurity-apache-2.6.6/debian/copyright
--- modsecurity-apache-2.6.6/debian/copyright	2012-03-16 13:23:17.000000000 +0100
+++ modsecurity-apache-2.6.6/debian/copyright	2012-07-12 13:03:53.000000000 +0200
@@ -1,163 +1,22 @@
-This package was debianized by 
-Alberto Gonzalez Iniesta <agi@inittab.org> on Mon, 6 Nov 2006
-It was downloaded from http://www.modsecurity.org
-Copyright (C) 2004-2006 Breach Security, Inc. (http://www.breach.com)
-   This package is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
-   This package is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   GNU General Public License for more details.
-   You should have received a copy of the GNU General Public License
-   along with this package; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
-   MA 02110-1301, USA.
-On Debian GNU/Linux systems, the complete text of the GNU General
-Public License can be found in `/usr/share/common-licenses/GPL-2'.
-Version 1.0, 29 July 2008
-As a special exception ("Exception") to the terms and conditions of version 2
-of the GPL, Breach Security, Inc. hereby grants you the rights described
-below, provided you agree to the terms and conditions in this Exception,
-including its obligations and restrictions on use.
-Exception Intent
-We want specified Free/Libre and Open Source Software ("FLOSS") programs to be
-able to use ModSecurity (the "Program") despite the fact that not all FLOSS
-licenses are compatible with version 2 of the GNU General Public License (the
-Legal Terms and Conditions
-You are free to distribute a Derivative Work that is formed entirely from the
-Program and one or more works (each, a "FLOSS Work") licensed under one or
-more of the licenses listed below in section 1, as long as all of the
-following conditions are met:
-  1. You obey the GPLv2 in all respects for the Program and the Derivative
-     Work, except for identifiable sections of the Derivative Work which are
-     1. not derived from the Program, and
-     2. are not designed to interact with the Program, and
-     3. which can reasonably be considered independent and separate works in
-        themselves.
-  2. All such identifiable sections of the Derivative Work are
-     1. distributed subject to one of the FLOSS licenses listed below, and
-     2. the object code or executable form of those sections are accompanied
-        by the complete corresponding machine-readable source code for those
-        sections on the same medium and under the same FLOSS license as the
-        corresponding object code or executable forms of those sections.
-  3. Any works which are aggregated with the Program or with a Derivative Work
-     on a volume of a storage or distribution medium in accordance with the
-     GPLv2, can reasonably be considered independent and separate works in
-     themselves which are not derivatives of either the Program, a Derivative
-     Work or a FLOSS Work, and are not designed to interact with the Program.
-If the above conditions are not met, then the Program may only be copied,
-modified, distributed or used under the terms and conditions of the GPLv2
-or another valid licensing option from Breach Security, Inc.
-FLOSS License List
-License name	                                Version(s)/Copyright Date
-Academic Free License                                  2.0
-Apache Software License                                1.0/1.1/2.0
-Apple Public Source License                            2.0
-Artistic license                                       From Perl 5.8.0
-BSD license                                            "July 22 1999"
-Common Development and Distribution License (CDDL)     1.0
-Common Public License                                  1.0
-Eclipse Public License                                 1.0
-GNU Library or "Lesser" General Public License (LGPL)  2.0/2.1/3.0
-Jabber Open Source License                             1.0
-MIT License (As listed in file MIT-License.txt)        -
-Mozilla Public License (MPL)                           1.0/1.1
-Open Software License                                  2.0
-OpenSSL license (with original SSLeay license)         "2003" ("1998")
-PHP License                                            3.0
-Python license (CNRI Python License)                   -
-Python Software Foundation License                     2.1.1
-Sleepycat License                                      "1999"
-University of Illinois/NCSA Open Source License        -
-W3C License                                            "2001"
-X11 License                                            "2001"
-Zlib/libpng License                                    -
-Zope Public License                                    2.0
-Due to the many variants of some of the above licenses, we require that for
-any version of the listed FLOSS licenses to qualify under this exception, it
-must follow the 2003 version of the Free Software Foundation's Free Software
-Definition (http://www.gnu.org/philosophy/free-sw.html) or version 1.9 of the
-Open Source Definition by the Open Source Initiative
-1. Terms used, but not defined, herein shall have the meaning provided in the
-   version 2 of the GPL.
-2. Derivative Work means a derivative work under copyright law.
-This Exception applies to all Programs that contain a notice placed by Breach
-Security, Inc. saying that the Program may be distributed under the terms of
-this Exception. If you create or distribute a work which is a Derivative Work
-of both the Program and any other work licensed under the GPL, then this FLOSS
-Exception is not available for that work; thus, you must remove the FLOSS
-Exception notice from that work and comply with the GPL in all respects,
-including by retaining all GPL notices.
-You may choose to redistribute a copy of the Program exclusively under the
-terms of the GPLv2 by removing the Exception notice from that copy of the
-Program, provided that the copy has never been modified by you or any third
-Appendix A. Qualified Libraries and Packages
-The following is a non-exhaustive list of libraries and packages which are
-covered by the Exception when they are licensed under one or more of the
-licenses listed above. Please note that this appendix is merely provided as
-an additional service to specific FLOSS projects who wish to simplify
-licensing information for their users. Compliance with one of the licenses
-noted under the "FLOSS license list" section remains a prerequisite.
-Package name	                    Qualifying License and Version
-Apache HTTP Server                  Apache Software License 2.0
-Apache Portable Runtime (APR)       Apache Software License 2.0
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: modsecurity-apache
+Source: http://www.modsecurity.org
+Files: *
+Copyright: (c) 2006-2011 Trustwave Holdings, Inc.
+License: ASLv2
+ ModSecurity for Apache is provided to you under the terms and
+ conditions of Apache Software License Version 2 (ASLv2).
+ .
+ On Debian systems, the complete text of the Apache Software License
+ Version 2 can be found in "/usr/share/common-licenses/Apache-2.0".
+Files: debian/*
+Copyright: (c) 2006-2012 Alberto Gonzalez Iniesta <agi@inittab.org>
+License: ASLv2
+ Debian packaging for ModSecurity is provided to you under the terms 
+ and conditions of Apache Software License Version 2 (ASLv2).
+ .
+ On Debian systems, the complete text of the Apache Software License
+ Version 2 can be found in "/usr/share/common-licenses/Apache-2.0".

Reply to: