On Thu, Jul 12, 2012 at 12:48:04PM +0200, Niels Thykier wrote: > On 2012-07-12 12:21, Alberto Gonzalez Iniesta wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian....@packages.debian.org > > Usertags: unblock > > > > Please unblock package modsecurity-apache > > > > A change in the license went unnoticed. Just debian/copyright was > > updated. > > > > debdiff attached. > > > > unblock modsecurity-apache/2.6.6-2 > > > > -- System Information: > > Debian Release: wheezy/sid > > APT prefers unstable > > APT policy: (500, 'unstable') > > Architecture: i386 (i686) > > > > Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores) > > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/dash > > """ > + [...]; either version 2 of the License. > """ > > Did you mean "either version 2 or (at your choice any) later version of > the License"? (or however it is written...) > > According to your copyright file, any Debian patches will be under GPL-2 > and cannot be applied. However, the Apache2 license is not compatible > with GPL-2 (it seems to be with GPL-3)[1]. > > [1] http://www.apache.org/licenses/GPL-compatibility.html > > """ > Despite our best efforts, the FSF has never considered the Apache > License to be compatible with GPL version 2, citing the patent > termination and indemnification provisions as restrictions not present > in the older GPL license. > """ >
Hi Niels, Thanks for noticing. I just uploaded 2.6.6-3 with debian/* files licensed as ASLv2. Hope that's enough. Attached debdiff. Cheers, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
diff -Nru modsecurity-apache-2.6.6/debian/changelog modsecurity-apache-2.6.6/debian/changelog --- modsecurity-apache-2.6.6/debian/changelog 2012-06-15 13:22:03.000000000 +0200 +++ modsecurity-apache-2.6.6/debian/changelog 2012-07-12 13:06:12.000000000 +0200 @@ -1,3 +1,16 @@ +modsecurity-apache (2.6.6-3) unstable; urgency=low + + * Relicense debian/* files to ASLv2 to avoid conflicts with upstream + license. + + -- Alberto Gonzalez Iniesta <a...@inittab.org> Thu, 12 Jul 2012 13:05:20 +0200 + +modsecurity-apache (2.6.6-2) unstable; urgency=low + + * Updated debian/copyright with right license. + + -- Alberto Gonzalez Iniesta <a...@inittab.org> Mon, 02 Jul 2012 17:23:08 +0200 + modsecurity-apache (2.6.6-1) unstable; urgency=low * New upstream release. diff -Nru modsecurity-apache-2.6.6/debian/copyright modsecurity-apache-2.6.6/debian/copyright --- modsecurity-apache-2.6.6/debian/copyright 2012-03-16 13:23:17.000000000 +0100 +++ modsecurity-apache-2.6.6/debian/copyright 2012-07-12 13:03:53.000000000 +0200 @@ -1,163 +1,22 @@ -This package was debianized by -Alberto Gonzalez Iniesta <a...@inittab.org> on Mon, 6 Nov 2006 - -It was downloaded from http://www.modsecurity.org - -Copyright (C) 2004-2006 Breach Security, Inc. (http://www.breach.com) - -Copyright: - - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 dated June, 1991. - - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301, USA. - -On Debian GNU/Linux systems, the complete text of the GNU General -Public License can be found in `/usr/share/common-licenses/GPL-2'. - - -MODSECURITY LICENSING EXCEPTION -=============================== - -Version 1.0, 29 July 2008 - -As a special exception ("Exception") to the terms and conditions of version 2 -of the GPL, Breach Security, Inc. hereby grants you the rights described -below, provided you agree to the terms and conditions in this Exception, -including its obligations and restrictions on use. - - -Exception Intent -================ - -We want specified Free/Libre and Open Source Software ("FLOSS") programs to be -able to use ModSecurity (the "Program") despite the fact that not all FLOSS -licenses are compatible with version 2 of the GNU General Public License (the -"GPLv2"). - - -Legal Terms and Conditions -========================== - -You are free to distribute a Derivative Work that is formed entirely from the -Program and one or more works (each, a "FLOSS Work") licensed under one or -more of the licenses listed below in section 1, as long as all of the -following conditions are met: - - 1. You obey the GPLv2 in all respects for the Program and the Derivative - Work, except for identifiable sections of the Derivative Work which are - - 1. not derived from the Program, and - - 2. are not designed to interact with the Program, and - - 3. which can reasonably be considered independent and separate works in - themselves. - - 2. All such identifiable sections of the Derivative Work are - - 1. distributed subject to one of the FLOSS licenses listed below, and - - 2. the object code or executable form of those sections are accompanied - by the complete corresponding machine-readable source code for those - sections on the same medium and under the same FLOSS license as the - corresponding object code or executable forms of those sections. - - 3. Any works which are aggregated with the Program or with a Derivative Work - on a volume of a storage or distribution medium in accordance with the - GPLv2, can reasonably be considered independent and separate works in - themselves which are not derivatives of either the Program, a Derivative - Work or a FLOSS Work, and are not designed to interact with the Program. - -If the above conditions are not met, then the Program may only be copied, -modified, distributed or used under the terms and conditions of the GPLv2 -or another valid licensing option from Breach Security, Inc. - - -FLOSS License List -================== - -License name Version(s)/Copyright Date ------------------------------------------------------------------------ -Academic Free License 2.0 -Apache Software License 1.0/1.1/2.0 -Apple Public Source License 2.0 -Artistic license From Perl 5.8.0 -BSD license "July 22 1999" -Common Development and Distribution License (CDDL) 1.0 -Common Public License 1.0 -Eclipse Public License 1.0 -GNU Library or "Lesser" General Public License (LGPL) 2.0/2.1/3.0 -Jabber Open Source License 1.0 -MIT License (As listed in file MIT-License.txt) - -Mozilla Public License (MPL) 1.0/1.1 -Open Software License 2.0 -OpenSSL license (with original SSLeay license) "2003" ("1998") -PHP License 3.0 -Python license (CNRI Python License) - -Python Software Foundation License 2.1.1 -Sleepycat License "1999" -University of Illinois/NCSA Open Source License - -W3C License "2001" -X11 License "2001" -Zlib/libpng License - -Zope Public License 2.0 - -Due to the many variants of some of the above licenses, we require that for -any version of the listed FLOSS licenses to qualify under this exception, it -must follow the 2003 version of the Free Software Foundation's Free Software -Definition (http://www.gnu.org/philosophy/free-sw.html) or version 1.9 of the -Open Source Definition by the Open Source Initiative -(http://www.opensource.org/docs/definition.php). - - -Definitions -=========== - -1. Terms used, but not defined, herein shall have the meaning provided in the - version 2 of the GPL. - -2. Derivative Work means a derivative work under copyright law. - - -Applicability -============= - -This Exception applies to all Programs that contain a notice placed by Breach -Security, Inc. saying that the Program may be distributed under the terms of -this Exception. If you create or distribute a work which is a Derivative Work -of both the Program and any other work licensed under the GPL, then this FLOSS -Exception is not available for that work; thus, you must remove the FLOSS -Exception notice from that work and comply with the GPL in all respects, -including by retaining all GPL notices. - -You may choose to redistribute a copy of the Program exclusively under the -terms of the GPLv2 by removing the Exception notice from that copy of the -Program, provided that the copy has never been modified by you or any third -party. - - -Appendix A. Qualified Libraries and Packages -============================================ - -The following is a non-exhaustive list of libraries and packages which are -covered by the Exception when they are licensed under one or more of the -licenses listed above. Please note that this appendix is merely provided as -an additional service to specific FLOSS projects who wish to simplify -licensing information for their users. Compliance with one of the licenses -noted under the "FLOSS license list" section remains a prerequisite. - -Package name Qualifying License and Version ------------------------------------------------------------------ -Apache HTTP Server Apache Software License 2.0 -Apache Portable Runtime (APR) Apache Software License 2.0 +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: modsecurity-apache +Source: http://www.modsecurity.org + +Files: * +Copyright: (c) 2006-2011 Trustwave Holdings, Inc. +License: ASLv2 + ModSecurity for Apache is provided to you under the terms and + conditions of Apache Software License Version 2 (ASLv2). + . + On Debian systems, the complete text of the Apache Software License + Version 2 can be found in "/usr/share/common-licenses/Apache-2.0". + +Files: debian/* +Copyright: (c) 2006-2012 Alberto Gonzalez Iniesta <a...@inittab.org> +License: ASLv2 + Debian packaging for ModSecurity is provided to you under the terms + and conditions of Apache Software License Version 2 (ASLv2). + . + On Debian systems, the complete text of the Apache Software License + Version 2 can be found in "/usr/share/common-licenses/Apache-2.0".