Bug#764938: Bug#764496: RM: ssdeep/all suites -- ROM; non-distributable

To: 764938@bugs.debian.org
Subject: Bug#764938: Bug#764496: RM: ssdeep/all suites -- ROM; non-distributable
From: Helmut Grohne <helmut@subdivi.de>
Date: Sun, 2 Nov 2014 19:31:01 +0100
Message-id: <[🔎] 20141102183100.GA27783@alf.mars>
Mail-followup-to: Helmut Grohne <helmut@subdivi.de>, 764938@bugs.debian.org
Reply-to: Helmut Grohne <helmut@subdivi.de>, 764938@bugs.debian.org
In-reply-to: <20141008151953.GA12028@alf.mars>
References: <20141008151953.GA12028@alf.mars>

On Wed, Oct 08, 2014 at 05:19:54PM +0200, Helmut Grohne wrote:
> Thorsten Alteholz pointed (#764357) out that ssdeep contains source from
> trn, which is licensed under a non-commercial license. It therefore is
> not DFSG free. What makes matters bad is that it links non-commercial
> source with GPL source (in libfuzzy2). Thus the resulting binaries
> become non-distributable.

For snapshot removal:

Only packages with versions older than 2.12 are affected, but even e.g.
1.1-2 is clearly affected.

 * Binary packages built from ssdeep need to be removed due to the GPL
   violation.

 * ssdeep sources (prior to 2.12) contain non-commercial bits and are
   thus not DFSG free but they are distributable.

So if snapshot can contain non-DFSG free packages, only binary packages
need to be removed.

Helmut

Reply to:

Next by Date: Bug#769500: snapshot.debian.org: Importing of new versions not working?
Next by thread: Bug#769500: snapshot.debian.org: Importing of new versions not working?
Index(es):
- Date
- Thread