Bug#211644: marked as done (ssh: multiple license problems)

[Debian Bug Tracking System]

Your message dated Thu, 29 Jul 2004 09:02:04 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#211644: fixed in openssh 1:3.8.1p1-8
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Sep 2003 07:13:23 +0000
>From [EMAIL PROTECTED] Fri Sep 19 02:13:17 2003
Return-path: <[EMAIL PROTECTED]>
Received: from cs2416783-242.houston.rr.com (crustytoothpaste.ath.cx) 
[24.167.83.242] 
        by master.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1A0FS7-0001nB-00; Fri, 19 Sep 2003 02:13:15 -0500
Received: from stonewall (unknown [192.168.2.2])
        by crustytoothpaste.ath.cx (Postfix) with SMTP
        id 9EB507BC28; Fri, 19 Sep 2003 07:13:14 +0000 (UTC)
Received: by stonewall (sSMTP sendmail emulation); Fri, 19 Sep 2003 07:13:14 
+0000
Date: Fri, 19 Sep 2003 07:13:14 +0000
From: "Brian M. Carlson" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ssh: multiple license problems
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
        protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB"
Content-Disposition: inline
X-Reportbug-Version: 2.28
X-Operating-System: Linux stonewall.crustytoothpaste.ath.cx 2.6.0-test4-1-386 
Content-Conversion: prohibited
X-Request-PGP: finger://[EMAIL PROTECTED]
User-Agent: Mutt/1.5.4i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-5.0 required=4.0
        tests=HAS_PACKAGE
        version=2.53-bugs.debian.org_2003_9_16
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_9_16 
(1.174.2.15-2003-03-30-exp)


--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: ssh
Version: 1:3.6.1p2-8
Severity: serious

In the copyright file, it is claimed that:

  The Debian patch is distributed under the terms of the GPL, which you
  can find in /usr/share/common-licenses/GPL.

If this is true, then there is a license conflict. ssh is linked with
libssl0.9.7, which is the openssl library. The terms of the GPL and
those of OpenSSL's license conflict and Debian does not consider OpenSSL
to fall under the "integral part of the system" exception. See -legal
for more information, or better yet, search the archives.

One of the copyright notices in the copyright file claims:

    The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
    Comments in the file indicate it may be used for any purpose without
    restrictions:

     * COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
     * code or tables extracted from it, as desired without restriction.

which does *absolutely nothing* for Debian. Use (at least in the US) is
already explicitly permitted by copyright law. This grants us no rights
to distribute, modify, or copy, and so *fails* virtually every provision
of the DFSG. This code may have already been replaced, and if so, you
can ignore this portion of the bug. I remember seeing something about
this on -legal. You may want to investigate whether this is the case.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux stonewall.crustytoothpaste.ath.cx 2.6.0-test4-1-386 #5 Thu Se=
p 4 21:30:10 EST 2003 i686
Locale: LANG=3DC, LC_CTYPE=3DC (ignored: LC_ALL set to C)

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.3.14       Debian configuration managemen=
t sy
ii  libc6                       2.3.2-7      GNU C Library: Shared librarie=
s an
ii  libpam-modules              0.76-14      Pluggable Authentication Modul=
es f
ii  libpam0g                    0.76-14      Pluggable Authentication Modul=
es l
ii  libssl0.9.7                 0.9.7b-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers l=
ibra
ii  zlib1g                      1:1.1.4-15   compression library - runtime

-- debconf information excluded


--=20
Brian M. Carlson <[EMAIL PROTECTED]> 0x560553e7
"Let us think the unthinkable, let us do the undoable. Let us prepare
 to grapple with the ineffable itself, and see if we may not eff it
 after all." --Douglas Adams

--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBP2qsiuWR/8lWBVPnAQNPBgf9HJJNPa7ezfEPfu+q1UEwS+Z4a4ehTFqi
jvv1dghn6JAY44cOPl8UceNuEnKr5ldQvtRDnPH4Wuai7XuuAtDEg/cQ4TIRlGfO
sXEino8dd6lNuF8F3DqQgS9OecnJyTcaNKqi7hO3rtVWNrZ6n+UxbmcBUJQkYlJ4
VQeALOJH4i+jGjTnCvZ9EHoj6XtAQ4lkzmCvdk7DYdCClpe5v4BKweKhYKVhnR1n
nHz9mVcQ787ogItOln0RjpGrTRrQBw5U8mO65H1PDT0azInqZJgcJLm7R17gSlvJ
jXPj5Bt84lwLHB0d3fqOqs8C2TiqAHscPzMQFVhN45XBIDtE0RN3+Q==
=CBgh
-----END PGP SIGNATURE-----

--tThc/1wpZn/ma/RB--

---------------------------------------
Received: (at 211644-close) by bugs.debian.org; 29 Jul 2004 13:08:02 +0000
>From [EMAIL PROTECTED] Thu Jul 29 06:08:02 2004
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1BqAdd-0004Ua-00; Thu, 29 Jul 2004 06:08:01 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1BqAXs-0001ir-00; Thu, 29 Jul 2004 09:02:04 -0400
From: Colin Watson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.51 $
Subject: Bug#211644: fixed in openssh 1:3.8.1p1-8
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 29 Jul 2004 09:02:04 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: openssh
Source-Version: 1:3.8.1p1-8

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_3.8.1p1-8_powerpc.udeb
  to pool/main/o/openssh/openssh-client-udeb_3.8.1p1-8_powerpc.udeb
openssh-server-udeb_3.8.1p1-8_powerpc.udeb
  to pool/main/o/openssh/openssh-server-udeb_3.8.1p1-8_powerpc.udeb
openssh_3.8.1p1-8.diff.gz
  to pool/main/o/openssh/openssh_3.8.1p1-8.diff.gz
openssh_3.8.1p1-8.dsc
  to pool/main/o/openssh/openssh_3.8.1p1-8.dsc
ssh-askpass-gnome_3.8.1p1-8_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8_powerpc.deb
ssh_3.8.1p1-8_powerpc.deb
  to pool/main/o/openssh/ssh_3.8.1p1-8_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[EMAIL PROTECTED]> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 29 Jul 2004 13:28:47 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server-udeb
Architecture: source powerpc
Version: 1:3.8.1p1-8
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <[EMAIL PROTECTED]>
Changed-By: Colin Watson <[EMAIL PROTECTED]>
Description: 
 openssh-client-udeb - Secure shell client for the Debian installer (udeb)
 openssh-server-udeb - Secure shell server for the Debian installer (udeb)
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 211644
Changes: 
 openssh (1:3.8.1p1-8) unstable; urgency=high
 .
   * Matthew Vernon:
     - Add a GPL exception to the licensing terms of the Debian patch
       (closes: #211644).
Files: 
 162f151f8eb551149c7c1df420a8492f 890 net standard openssh_3.8.1p1-8.dsc
 8e3fcc08d957c5a514eb4552238a5f12 147029 net standard openssh_3.8.1p1-8.diff.gz
 7733d6b8b49b6ff15509e9c3175cd19e 732940 net standard ssh_3.8.1p1-8_powerpc.deb
 997a1eeb4608e07a6467e9e1d4a0e2cf 52110 gnome optional 
ssh-askpass-gnome_3.8.1p1-8_powerpc.deb
 abcb55c6c5d412201438f16c3aaa3ec6 151126 debian-installer optional 
openssh-client-udeb_3.8.1p1-8_powerpc.udeb
 9351138305583be4f53efe8b888285be 160120 debian-installer optional 
openssh-server-udeb_3.8.1p1-8_powerpc.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Colin Watson <[EMAIL PROTECTED]> -- Debian developer

iD8DBQFBCPDz9t0zAhD6TNERAjPaAJ9SGo+difQkBKwXx4wmFTYnh0OmagCdHufE
oQeB0xAGGB+q/UJKds8GpA0=
=D0G1
-----END PGP SIGNATURE-----