Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-03-09 Thread Gianfranco Costamagna 
Control: tags -1 pending
Control: tags -1 patch

Hi Manuel and pkg-sdl maintainers

>   https://hg.libsdl.org/SDL/log/9cec5fe32bca/src/stdlib/SDL_qsort.c

I removed the file from tarball, reimported as dfsg2, copied the file from
https://hg.libsdl.org/SDL/file/a8e53dc3c5a1/src/stdlib/SDL_qsort.c
(the last commit)
extracted as patch, tried to build on amd64 and i386, and everything was good.

I pushed on DebOMatic
http://debomatic-amd64.debian.net/distribution#unstable/libsdl2/2.0.4+dfsg2-1/buildlog
http://debomatic-i386.debian.net/distribution#unstable/libsdl2/2.0.4+dfsg2-1/buildlog

and to me the issue is solved.

I pushed on deferred/2 this one too, let me know if I can speed it up!

cheers,

Gianfranco



signature.asc
Description: OpenPGP digital signature

Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-03-05 Thread Manuel A. Fernandez Montecelo 

[Update]

The issue has been fixed in the libsdl1.2 package (#814445), but copying
this last bit of info in the case that it's useful for the future, in
the case that we need to revisit the issue later.


2016-02-21 13:04 Ben Hutchings:


Gareth has now updated the licence text at



So Ben Hutchings contacted the author of the original code and the
author promptly relicensed and clarified some aspects, so this doesn't
seem to be a legal threat.

In the meanwhile, we had notified SDL upstream and they had changed the
implementation for another one, and when Gareth relicensed it they added
back the new version of Gareth's qsort, so it will be present in the
next releases:

 https://hg.libsdl.org/SDL/log/9cec5fe32bca/src/stdlib/SDL_qsort.c


I tried to backport the fix but there are some technical problems to get
this to work, it doesn't seem to compile right away, not even after
several hacks.

I'd rather wait for the next upstream release to happen rather than to
keep spending time on this, now that things are clarified and that it
seems largely a theoretical threat.  Hopefully the next upstream release
will arrive soon, but maybe the autoremoval process from testing will
kick-in in between, and also I am not sure if it's a good idea to reduce
the severity of this bug.

This code has been there since forever with the same license for many
many Debian releases, and as explained it doesn't seem to be a legal
threat, but still.


Cheers.
--
Manuel A. Fernandez Montecelo

Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-02-21 Thread Ben Hutchings 
On Sun, 2016-02-21 at 11:37 +, Manuel A. Fernandez Montecelo wrote:
> Hi Ben,
> 
> 2016-02-21 03:09 Ben Hutchings:
> > I happen to know the original author, so I've mailed him requesting he
> > consider relicencing.
> 
> I suppose that you were looking into this as part of the BSP.

Yes.

> I notified upstream a few days ago, and they didn't want to be in
> possible breach of the license, so they changed the implementation for
> libsdl2:
> 
>   
> http://lists.alioth.debian.org/pipermail/pkg-sdl-maintainers/2016-February/002374.html
> 
> libsdl1.2 suffers from the same problem, but we can just repack the
> orig.tar and disable the use of this implementation (it's supposed to
> not be used by default, so an empty file would do, or otherwise the file
> from libsdl2 can be used).
> 
> So, in summary, I am going to upload fixes in the next few days.
> 
> 
> At this point I suspect that upstream is not going to go back (unless
> the implementation that they now use is problematic).  Maybe it's good
> if you could get this relicenced just in case, e.g. for the benefit of
> other distros.  What do you think?

It might be.

Gareth has now updated the licence text at


Ben.

-- 
Ben Hutchings
Time is nature's way of making sure that everything doesn't happen at once.


signature.asc
Description: This is a digitally signed message part

Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-02-21 Thread Manuel A. Fernandez Montecelo 

Hi Ben,

2016-02-21 03:09 Ben Hutchings:

I happen to know the original author, so I've mailed him requesting he
consider relicencing.


I suppose that you were looking into this as part of the BSP.

I notified upstream a few days ago, and they didn't want to be in
possible breach of the license, so they changed the implementation for
libsdl2:

 
http://lists.alioth.debian.org/pipermail/pkg-sdl-maintainers/2016-February/002374.html

libsdl1.2 suffers from the same problem, but we can just repack the
orig.tar and disable the use of this implementation (it's supposed to
not be used by default, so an empty file would do, or otherwise the file
from libsdl2 can be used).

So, in summary, I am going to upload fixes in the next few days.


At this point I suspect that upstream is not going to go back (unless
the implementation that they now use is problematic).  Maybe it's good
if you could get this relicenced just in case, e.g. for the benefit of
other distros.  What do you think?


Cheers.
--
Manuel A. Fernandez Montecelo

Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-02-20 Thread Ben Hutchings 
I happen to know the original author, so I've mailed him requesting he
consider relicencing.

Ben.

-- 
Ben Hutchings
Time is nature's way of making sure that everything doesn't happen at once.


signature.asc
Description: This is a digitally signed message part

Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-02-11 Thread Manuel A. Fernandez Montecelo 

Control: tags -1 + upstream
Control: clone -1 -2
Control: reassign -2 src:libsdl1.2


Hi,

2016-02-09 20:45 stresswa...@ruggedinbox.com:


Package: libsdl2
Version: 2.0.2+dfsg1-6
Severity: serious

The file 'src/stdlib/SDL_qsort.c' in SDL2 seems to disallow
modification.


Thanks for the report.

This also affects v1.2, this file has been there since forever, so I am
cloning the bug report there.

We're in contact with upstream to try to solve the problem, since it
also affects them.


Cheers.
--
Manuel A. Fernandez Montecelo

Bug#814276: Non-Free file: src/stdlib/SDL_qsort.c

2016-02-09 Thread stressware2 

Package: libsdl2
Version: 2.0.2+dfsg1-6
Severity: serious

The file 'src/stdlib/SDL_qsort.c' in SDL2 seems to disallow
modification.

The Debian copyright file simply mentions the license as:

  You may use it in anything you like; you may make money
  out of it; you may distribute it in object form or as
  part of an executable without including source code;
  you don't have to credit me. (But it would be nice if
  you did.)'.

What it does not mention is the text before that:

  * This code may be reproduced freely provided
  *   - this file is retained unaltered apart from minor
  * changes for portability and efficiency
  *   - no changes are made to this comment
  *   - any changes that *are* made are clearly flagged
  *   - the _ID string below is altered by inserting, after
  * the date, the string " altered" followed at your option
  * by other material. (Exceptions: you may change the name
  * of the exported routine without changing the ID string.
  * You may change the values of the macros TRUNC_* and
  * PIVOT_THRESHOLD without changing the ID string, provided
  * they remain constants with TRUNC_nonaligned, TRUNC_aligned
  * and TRUNC_words/WORD_BYTES between 8 and 24, and
  *   PIVOT_THRESHOLD between 32 and 200.)'.

Although the file states 'You may use it in anything you like', it
either contradicts itself, or is simply talking about using the
unmodified file in any program you like. The part before that clearly
says that the file cannot be 'reproduced freely' unless '[the] file is
retained unaltered apart from minor changes for portability and
efficiency'.