Bug#610303: marked as done (RM: dropbox -- RoQA; unredistributable; non-free; NPOASR)
Your message dated Mon, 17 Jan 2011 18:25:47 +0100
with message-id <20110117172547.GA2016@anguilla.noreply.org>
and subject line Re: Needs also to be removed from snapshot.d.o
has caused the Debian Bug report #610303,
regarding RM: dropbox -- RoQA; unredistributable; non-free; NPOASR
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
610303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610303
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: dropbox
Version: 1.0.10-1
Severity: serious
Justification: Policy 2.2.3, 4.5
dropbox bundles many 3rd party binary-only libraries in a way that
violates their licenses:
1) ncrypt-0.6.4-*.egg/, according to its PKG-INFO (which is horribly
mangled, BTW), contains a GPL-licensed library with accompanying source.
Additionally, this library is linked to OpenSSL, but those two licenses
are incompatible.
2) netifaces-0.5*.egg/ contains the netifaces library, which is
MIT-licensed. One of the clause of the license is "The above copyright
notice and this permission notice shall be included in all copies or
substantial portions of the Software." Neither is included in dropbox.
3) _dbus*_bindings.so is the python-dbus library. It is MIT-licensed,
but copyright & permission notices are not included.
4) _librsync.so contains statically-linked librync library which is
under LGPL-2.1+ license. No source is provided.
5) _speedups.so contains (parts of) the simplejson library. It is
MIT-licensed, but copyright & permission notices are not included.
6) pyexpat.so contains statically linked Expat library. It is
MIT-licensed, but copyright & permission notices are not included.
7) libcrypto.so.0.9.8, libssl.so.0.9.8 are parts of the OpenSSL library.
Its license require that "Redistributions in binary form must reproduce
the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the
distribution." Neither is reproduced in dropbox.
8) libncurses.so.5 is the ncurses library. It is MIT-licensed, but
copyright & permission notices are not included.
(Disclaimer: I didn't do full audit of the shipped code. There might be
other license problems in dropbox.)
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
- To: 610303-done@bugs.debian.org
- Cc: Alexander Reichle-Schmehl <tolimar@debian.org>
- Subject: Re: Needs also to be removed from snapshot.d.o
- From: Peter Palfrader <weasel@debian.org>
- Date: Mon, 17 Jan 2011 18:25:47 +0100
- Message-id: <20110117172547.GA2016@anguilla.noreply.org>
- In-reply-to: <20110117120923.GA20519@melusine.alphascorpii.net>
- References: <20110117120923.GA20519@melusine.alphascorpii.net>
On Mon, 17 Jan 2011, Alexander Reichle-Schmehl wrote:
[Please Cc the bug itself next time too, you only sent this mail to control@]
> Seems that dropbox must also be removed from snapshot.d.o. I checked
> the debian/copyright from the first version available, and think that
> all version are affected and have to go.
Thanks Alexander, much appreciated.
This has been taken care of: http://snapshot.debian.org/removal/24
Cheers,
weasel
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
--- End Message ---
Reply to: