Bug#785122: chocolate-doom: includes licence-incompatible GPLv3 code
Package: chocolate-doom Version: 2.1.0-1 Severity: serious Justification: license issue Chocolate-doom includes code taken from GnuPG, which is GPLv3, whereas chocolate-doom is GPLv2 (or later). Upstream have fixed this by replacing the AES implementation with one from the kernel. See https://github.com/chocolate-doom/chocolate-doom/commit/b3678129fd7bed6c3287ab682819b075e8bf495a For ref, the first commit introducing this code is commit a3b3e15f4eed9aaffc56be69784cd7447cf456de Author: Simon Howard frag...@gmail.com Date: Sat Oct 27 06:10:50 2012 + The first released version to include that commit is 2.0.0, meaning only jessie and onwards are impacted. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785122: chocolate-doom: includes licence-incompatible GPLv3 code
Hi Jon, Am Dienstag, den 12.05.2015, 14:17 +0100 schrieb Jonathan Dowland: Chocolate-doom includes code taken from GnuPG, which is GPLv3, whereas chocolate-doom is GPLv2 (or later). Upstream have fixed this by replacing the AES implementation with one from the kernel. See doesn't mixing GPlv2-or-later code with GPLv3 code result in code that is GPLv3 only? I fail to see why this would be of RC severity. I mean, there is no GPLv2-only code involved. https://github.com/chocolate-doom/chocolate-doom/commit/b3678129fd7bed6c3287ab682819b075e8bf495a I have seen this commit but decided to wait for the GPLv3 licensed sha1 implementation to get replaced as well before I take action on the Debian package. Cheers, Fabian signature.asc Description: This is a digitally signed message part
