Bug#211644: ssh: multiple license problems

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#211644: ssh: multiple license problems
From: "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>
Date: Fri, 19 Sep 2003 07:13:14 +0000
Message-id: <[🔎] 20030919071314.GA9553@stonewall>
Reply-to: "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>, 211644@bugs.debian.org

Package: ssh
Version: 1:3.6.1p2-8
Severity: serious

In the copyright file, it is claimed that:

The Debian patch is distributed under the terms of the GPL, which you
can find in /usr/share/common-licenses/GPL.

If this is true, then there is a license conflict. ssh is linked with
libssl0.9.7, which is the openssl library. The terms of the GPL and
those of OpenSSL's license conflict and Debian does not consider OpenSSL
to fall under the "integral part of the system" exception. See -legal
for more information, or better yet, search the archives.

One of the copyright notices in the copyright file claims:

The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
Comments in the file indicate it may be used for any purpose without
restrictions:

* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.

which does *absolutely nothing* for Debian. Use (at least in the US) is
already explicitly permitted by copyright law. This grants us no rights
to distribute, modify, or copy, and so *fails* virtually every provision
of the DFSG. This code may have already been replaced, and if so, you
can ignore this portion of the bug. I remember seeing something about
this on -legal. You may want to investigate whether this is the case.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux stonewall.crustytoothpaste.ath.cx 2.6.0-test4-1-386 #5 Thu Sep 4 21:30:10 EST 2003 i686
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to C)

Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.3.14 Debian configuration management sy
ii libc6 2.3.2-7 GNU C Library: Shared libraries an
ii libpam-modules 0.76-14 Pluggable Authentication Modules f
ii libpam0g 0.76-14 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7b-2 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.1.4-15 compression library - runtime

-- debconf information excluded

--
Brian M. Carlson <sandals@crustytoothpaste.ath.cx> 0x560553e7
"Let us think the unthinkable, let us do the undoable. Let us prepare
to grapple with the ineffable itself, and see if we may not eff it
after all." --Douglas Adams

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#211644: ssh: multiple license problems
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#211640: ssh: contains unlicensed Internet-Draft in /usr/share/doc/ssh/RFC.gz
Next by Date: Bug#211644: ssh: multiple license problems
Previous by thread: Bug#211640: ssh: contains unlicensed Internet-Draft in /usr/share/doc/ssh/RFC.gz
Next by thread: Bug#211644: ssh: multiple license problems
Index(es):
- Date
- Thread