Hello Unit,
> > I really appreciate your work, but version 3.0 of testssl has a licensing issue
> > that needs to be resolved before packaging it for Debian: upstream decided to add
> > a clause to their GPL license stating that any public use of it must mention where they've
> > got the program from. I'm worried as to how this relates to the DFSG, more specifically:
> >
https://github.com/drwetter/testssl.sh/blob/3b89dc6b0a41299fbf462789998e4c103f4f0210/testssl.sh#L19-L22>
> Correct me if I'm wrong, but from what I'm reading, the section you point to is
> already in Debian[0], and was actually there since the initial upload[1]? There
> was a minor wording change in 5257c2f3 but as I understand it one was already
> bound to the license anyway.
I'm not sure, this specific part seems troublesome for me:
"If you enclose this script or parts of it in your software, it has to
be accompanied by the same license (see link) and the place where to get
the recent version of this program."
The fact that this license is being called GPL-2 bothers me as well, it's not plain GPL-2.
> > I *think* this is ok (didn't thought enough about it) but I feel like a discussion on debian-legal
> > would be better and I don't feel confident uploading this without it.
> >
> > Did you notice that as well? What are you thoughts on it?
>
> I'd think since the initial upload passed review, the wording change wouldn't be
> any cause for alarm since that's just about having to obey the license. But I
> would happily read any other opinions!
The problem is that d/copyright is wrong as it doesn't say it ins't plain GPL, so it could
have happened that ftp-master didn't notice that when reviewing the first upload.
I will raise a thread on debian-legal next time I have some free time to see what people
think about this. But it's sure that in a best case scenario at least d/copyright will need
to be changed.
Thanks for your work!
--
Samuel Henrique <samueloph>