Package: libgcrypt20 Version: 1.7.9-1 Severity: serious libgcrypt implements OCB, which is patented[0]. The author, Phil Rogaway, provides three licenses.
* The first license applies to wholly open-source implementations that do not contain any closed-source components. * The second license applies to non-military software implementations. * The third license applies only to OpenSSL. Only the first license applies here, since libgcrypt is not derived from OpenSSL and the second license violates the DFSG. Because libgcrypt is LGPL and may legally be linked to proprietary code, it must contain a copy of the first patent license, as the patent license imposes further restrictions on the way it can legally be used and distributed. As a consequence, these terms must be listed in the copyright file. Because Debian must avail itself of the first patent license, it is therefore obligatory that libgcrypt20 not link against any proprietary code directly or indirectly, and this should be prominently disclosed as it restricts the text of the LGPL. If it is not possible for practical purposes that libgcrypt not link to proprietary software (say, because libgcrypt20 is linked into Xorg and people might want to use a proprietary graphics driver), then OCB support will need to be removed. [0] http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libgcrypt20 depends on: ii libc6 2.24-17 ii libgpg-error0 1.27-3 libgcrypt20 recommends no packages. Versions of packages libgcrypt20 suggests: pn rng-tools <none> -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature