On 2023-06-27 17:35, Bastian Germann wrote:
Am 28.06.23 um 00:13 schrieb Richard Laager:
The last bugfix release took them more than 3 years and when #767 is released is unknown.
When a release happens is irrelevant, as you can carry #767 as a patch in the Debian package until then.
Even when that happens, upstream still has to eliminate the last instance of the RSA-MD license.
What is the remaining instance of RSA-MD licensed code after #767?
License compliance will not just magically happen by ignoring the problematic parts in Debian.
I didn't suggest it would, nor am I ignoring anything. My point is that, in this particular case, it seems that you have everything solved or close to solved by yourself.
-- Richard
OpenPGP_signature
Description: OpenPGP digital signature
