Your message dated Sun, 13 Apr 2014 21:35:24 +0000 with message-id <e1wzs3g-00005k...@franck.debian.org> and subject line Bug#741740: fixed in ledger 3.0.0+dfsg3-1 has caused the Debian Bug report #741740, regarding ledger-3 bundles non-dfsg software to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 741740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741740 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ledger Version: 3.0.0+dfsg1-1 Severity: serious ledger bundles an SHA-1 C++ implementation by Paul E. Jones which is licensed under a "Freeware Public License". This license does not allow modification and therefore does not adhere to the DFSG. The ledger source tree contains these files: lib/sha1.cpp lib/sha1.h These files have this header: * Copyright (C) 1998 * Paul E. Jones <pau...@arid.us> * All Rights Reserved. This bundled sha1 software is taken from here: http://www.packetizer.com/security/sha1/ The ledger source tree contains the 1998 version of the sha1 software, but without any reference to a license. Unfortunately, I could not find the 1998 version of the software on the packetizer.com website to determine the license. A revised 2009 release on the website contains the following license: ========== Copyright (C) 1998, 2009 Paul E. Jones <pau...@packetizer.com> Freeware Public License (FPL) This software is licensed as "freeware." Permission to distribute this software in source and binary forms, including incorporation into other products, is hereby granted without a fee. THIS SOFTWARE IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL NOT BE HELD LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA OR DATA BEING RENDERED INACCURATE. ========== There was a similar issue with the "orthanc" package. This was resolved when the upstream author switched to a different library with a license compatible with the DFSG: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724947 https://lists.debian.org/debian-legal/2013/09/msg00077.html (NB: I am not a Debian user, but spotted this problem while packaging ledger-3.0.0 for Fedora.) Kind regards, -- Jamie Nguyen
--- End Message ---
--- Begin Message ---Source: ledger Source-Version: 3.0.0+dfsg3-1 We believe that the bug you reported is fixed in the latest version of ledger, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 741...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Bremner <brem...@debian.org> (supplier of updated ledger package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 13 Apr 2014 17:52:27 -0300 Source: ledger Binary: ledger ledger-el Architecture: source amd64 all Version: 3.0.0+dfsg3-1 Distribution: unstable Urgency: medium Maintainer: Matt Palmer <mpal...@debian.org> Changed-By: David Bremner <brem...@debian.org> Description: ledger - command-line double-entry accounting program ledger-el - command-line double-entry accounting program (emacs interface) Closes: 741246 741740 Changes: ledger (3.0.0+dfsg3-1) unstable; urgency=medium . * Depend on default boost version * Bug fix: "ledger-3 bundles non-dfsg software", thanks to j...@jamielinux.com</a>; (Closes: #741740). The bundled sha1 implementation is replaced by one from boost. * Bug fix: "missing licenses in debian/copyright", thanks to Thorsten Alteholz (Closes: #741246). Checksums-Sha1: 76e9bdda2d0ad86de10d63a6f51f91cda97e0ade 2030 ledger_3.0.0+dfsg3-1.dsc c6ed1c23971f2f01bf6452932092733e4ba89aaf 791183 ledger_3.0.0+dfsg3.orig.tar.gz 01ec570249cfaa0f72fea0c066a71828e8bc3d0c 10052 ledger_3.0.0+dfsg3-1.debian.tar.xz c3524ce11685e44b7f8bf15beb2bd5c6e86ced51 1774374 ledger_3.0.0+dfsg3-1_amd64.deb f06fda47ecedae6d11a7002a6a85b0568ee63b01 37770 ledger-el_3.0.0+dfsg3-1_all.deb Checksums-Sha256: 45b3cce40d839c1ff4e0fb5f99caf73744fbd30369975918b71bcd8ee04b494d 2030 ledger_3.0.0+dfsg3-1.dsc d03cea64b70258bbeee1892406cf7cd020ba58e6638eb11bed51ee74645ff633 791183 ledger_3.0.0+dfsg3.orig.tar.gz 5479726a6366e06a26f07cb0025e36a51acfda681c937149253b2656724b2c8f 10052 ledger_3.0.0+dfsg3-1.debian.tar.xz d24edb10e842758ba4ee0be7d648d5dad161ef2be92e7da85c2ab66af2d229de 1774374 ledger_3.0.0+dfsg3-1_amd64.deb 542453ec62b352fa4f016878e0c742d091e70fd7452885f0fbf72fa396858347 37770 ledger-el_3.0.0+dfsg3-1_all.deb Files: 6fe130829911ab71e4095529abf7a136 2030 utils optional ledger_3.0.0+dfsg3-1.dsc d693fbbb5d1f43c9b5b2c73936f4d957 791183 utils optional ledger_3.0.0+dfsg3.orig.tar.gz 84e9fb02ea63e215dab3f23f0b798e00 10052 utils optional ledger_3.0.0+dfsg3-1.debian.tar.xz e4af575f7af6542251ff2ee2a213d05f 1774374 utils optional ledger_3.0.0+dfsg3-1_amd64.deb da7302c0d46ae1332c20df6938a10640 37770 utils optional ledger-el_3.0.0+dfsg3-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCAAGBQJTSvyMAAoJEPIClx2kp54s6ZgL/Rxbea4jA+gysDewCaWZl2d7 NWCXTeMSdKneBaZTNN+/KTYtj4JfPtKOVUclYCiCJ/nUNFVc9BMqbzuj/fexOEPr Syo3p2S5c3d0+gqVYIU/FCvvbYOd5rV22/rz4SCxdwbK/tQ4qyyKn3gF0bFdauzv E91UE51oIxHdu6T9BSTKAVCYjGzwRDkrJ29x7Qlw18POV2At2YxBrCHiGDEGCGP/ w7TydN5hx/SzWgU47piIZggSlPg9SDzOoOzsmyUPPp6M/M3QqeK2GlRPG4cs9PhV 1Tvg2+WgqrAqwjWSdX577qzZd2s63uxL7q8Wgh6ySLXrsrMHPaSiBQbuI5bRGOaJ 57WVaHCRcvXLBEjyMDcWsWaB7PlnkZvauvbiSkbo2BIomieUVB5IOIgmV1NyYSUz gZ41o/mZoaIta0jnnLQMCiaDHfuxVZnY88gY5E/LV2UHe3hpgIQ49o/NjWZISnL5 GoJjhwZU+3EFME7ZA7kSmKPTLhtLXwQnyy9uD7ydFw== =3ujC -----END PGP SIGNATURE-----
--- End Message ---
