Your message dated Sun, 05 Nov 2017 06:34:38 +0000 with message-id <e1ebevy-0009fm...@fasolo.debian.org> and subject line Bug#879984: fixed in libgcrypt20 1.8.1-2 has caused the Debian Bug report #879984, regarding libgcrypt20: copyright does not mention OCB patent license to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 879984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879984 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libgcrypt20 Version: 1.7.9-1 Severity: serious libgcrypt implements OCB, which is patented[0]. The author, Phil Rogaway, provides three licenses. * The first license applies to wholly open-source implementations that do not contain any closed-source components. * The second license applies to non-military software implementations. * The third license applies only to OpenSSL. Only the first license applies here, since libgcrypt is not derived from OpenSSL and the second license violates the DFSG. Because libgcrypt is LGPL and may legally be linked to proprietary code, it must contain a copy of the first patent license, as the patent license imposes further restrictions on the way it can legally be used and distributed. As a consequence, these terms must be listed in the copyright file. Because Debian must avail itself of the first patent license, it is therefore obligatory that libgcrypt20 not link against any proprietary code directly or indirectly, and this should be prominently disclosed as it restricts the text of the LGPL. If it is not possible for practical purposes that libgcrypt not link to proprietary software (say, because libgcrypt20 is linked into Xorg and people might want to use a proprietary graphics driver), then OCB support will need to be removed. [0] http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libgcrypt20 depends on: ii libc6 2.24-17 ii libgpg-error0 1.27-3 libgcrypt20 recommends no packages. Versions of packages libgcrypt20 suggests: pn rng-tools <none> -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: libgcrypt20 Source-Version: 1.8.1-2 We believe that the bug you reported is fixed in the latest version of libgcrypt20, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 879...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated libgcrypt20 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 Nov 2017 19:06:49 +0100 Source: libgcrypt20 Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb libgcrypt11-dev libgcrypt-mingw-w64-dev Architecture: source Version: 1.8.1-2 Distribution: experimental Urgency: medium Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 879984 Description: libgcrypt11-dev - transitional libgcrypt11-dev package libgcrypt20-dev - LGPL Crypto library - development files libgcrypt20-doc - LGPL Crypto library - documentation libgcrypt20 - LGPL Crypto library - runtime library libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb) libgcrypt-mingw-w64-dev - LGPL Crypto library - Windows development Changes: libgcrypt20 (1.8.1-2) experimental; urgency=medium . * Sync priorities with override file (libgcrypt11-dev/libgcrypt-mingw-w64-dev: extra -> optional). Bump Standards-Version to 4.1.1. * Point watchfile to https URL. * Use DEB_VERSION_UPSTREAM_REVISION instead of DEB_VERSION to generate fake version number. * Sync debian/copyright with upstream's LICENSES file, adding the OCB license 1. Closes: #879984 * [lintian] Drop trailing whitespace in control and changelog. * [lintian] Fix typo in copyright file. Checksums-Sha1: ee870c82234cc6bb2a10f60f41dcb3170bb6a29e 2920 libgcrypt20_1.8.1-2.dsc abc4e8edf194406a50f6cf69dec44e2b999abecd 29028 libgcrypt20_1.8.1-2.debian.tar.xz Checksums-Sha256: 95545846a996e4bf6b438cb93b22791148d068ecc85f795efeb4423c20c55e3f 2920 libgcrypt20_1.8.1-2.dsc de29a1985b294728f6da5b1edb7ca8fe9ad752065cd633b10ddc67add4d9d540 29028 libgcrypt20_1.8.1-2.debian.tar.xz Files: a60c317f34076ecc3a190f78ebd402a6 2920 libs optional libgcrypt20_1.8.1-2.dsc 9eea54b37573d6013dfab29abab9aa37 29028 libs optional libgcrypt20_1.8.1-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAln+rZsACgkQpU8BhUOC FISs3g//ay/H09gzs66a+2ppNijXAjzP2MTCL3Y1o/ftuw0DoAuKJx5qFvvr6ieH aaA/RFYkn7brX72VHRDkeUikBA/fNF/+kLq/bUbtq0fQOeRVEFd2F4eOGBbEhK0z Zh5YRA1xBQooLBxEmcP7ZEkSoqc/E27MTC2jE5F98oMSRn1aefD5ndbYC5YbLMCV ov6VMhBKoimVB855/Amj1LYBaogA01OQK/E4Uj/EDFvRyROLdq2NlryN7lnm8qns glyUTHsNFlh7/qZrN3NEqu4ZIMwPpGAUQKJW3ejrH5iaa69fs3afQhNCnrQm6CAg f2VRRyyBrrNpNuFbShIPR/zpTxZ9qB2+UG1vXKDJnEMLQbJfEMGPfVXUd76/a5x1 ECCxRJCZp7muYaI1zKJx8WBDjexjQC7gvqx56jVs3vJuGD0vp0No4157n5UV/wh9 hBG2LLGR9ylfWaGYZExLJbz3mWYgZaEHdwjaRTd5c4gw6SVXb8n4F083bMh2kK3V cqXW27wndR45n8wHcY2zZLrT9lJ8ppFQCR+AD3TKOQOscUajeQyqa0jqQyVxnqO9 kLBcyXYIFjhab6fLuMYkXqfk24Uo1qI3VW9DzM37Ofwa/p1QtZQnLw3abuQX365C 1thxdQzbdGhbU0WAfr7nEhFQSQ7C94JDJGT/+VNkfXRJldncWAQ= =Rnfq -----END PGP SIGNATURE-----
--- End Message ---
