Your message dated Mon, 17 Jan 2011 11:52:02 +0000
with message-id <e1pencw-0004vs...@franck.debian.org>
and subject line Bug#610300: Removed package(s) from unstable
has caused the Debian Bug report #610257,
regarding dropbox: multiple license violations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
610257: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610257
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dropbox
Version: 1.0.10-1
Severity: serious
Justification: Policy 2.2.3, 4.5
dropbox bundles many 3rd party binary-only libraries in a way that
violates their licenses:
1) ncrypt-0.6.4-*.egg/, according to its PKG-INFO (which is horribly
mangled, BTW), contains a GPL-licensed library with accompanying source.
Additionally, this library is linked to OpenSSL, but those two licenses
are incompatible.
2) netifaces-0.5*.egg/ contains the netifaces library, which is
MIT-licensed. One of the clause of the license is "The above copyright
notice and this permission notice shall be included in all copies or
substantial portions of the Software." Neither is included in dropbox.
3) _dbus*_bindings.so is the python-dbus library. It is MIT-licensed,
but copyright & permission notices are not included.
4) _librsync.so contains statically-linked librync library which is
under LGPL-2.1+ license. No source is provided.
5) _speedups.so contains (parts of) the simplejson library. It is
MIT-licensed, but copyright & permission notices are not included.
6) pyexpat.so contains statically linked Expat library. It is
MIT-licensed, but copyright & permission notices are not included.
7) libcrypto.so.0.9.8, libssl.so.0.9.8 are parts of the OpenSSL library.
Its license require that "Redistributions in binary form must reproduce
the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the
distribution." Neither is reproduced in dropbox.
8) libncurses.so.5 is the ncurses library. It is MIT-licensed, but
copyright & permission notices are not included.
(Disclaimer: I didn't do full audit of the shipped code. There might be
other license problems in dropbox.)
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Version: 1.0.10-1+rm
Dear submitter,
as the package dropbox has just been removed from the Debian archive
unstable we hereby close the assiciated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/610300
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@debian.org.
Debian distribution maintenance software
pp.
Alexander Reichle-Schmehl (the ftpmaster behind the curtain)
--- End Message ---
