Bug#211644: ssh: multiple license problems
On Fri, Sep 19, 2003 at 07:13:14AM +0000, Brian M. Carlson wrote:
> Package: ssh
> Version: 1:3.6.1p2-8
> Severity: serious
>
> In the copyright file, it is claimed that:
>
> The Debian patch is distributed under the terms of the GPL, which you
> can find in /usr/share/common-licenses/GPL.
>
> If this is true, then there is a license conflict. ssh is linked with
> libssl0.9.7, which is the openssl library. The terms of the GPL and
> those of OpenSSL's license conflict and Debian does not consider OpenSSL
> to fall under the "integral part of the system" exception. See -legal
> for more information, or better yet, search the archives.
Yeah, I'm aware of the problem. Matthew, are you happy for me to
substitute a simple 2-clause BSD licence instead? I think you're
responsible for most of the bits of the patch that actually affect code
linked into ssh.
> One of the copyright notices in the copyright file claims:
>
> The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
> Comments in the file indicate it may be used for any purpose without
> restrictions:
>
> * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
> * code or tables extracted from it, as desired without restriction.
>
> which does *absolutely nothing* for Debian. Use (at least in the US) is
> already explicitly permitted by copyright law. This grants us no rights
> to distribute, modify, or copy, and so *fails* virtually every provision
> of the DFSG. This code may have already been replaced, and if so, you
> can ignore this portion of the bug.
It has been replaced; the upstream copyright file is simply out of date.
They've done a licence audit in 3.7 which polishes this sort of thing
up.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: