#781011 libdb5.3 license problem

Package:
libdb5.3
Source:
db5.3
Description:
Berkeley v5.3 Database Libraries [runtime]
Submitter:
Kouta Ikematsu
Date:
2022-06-30 19:51:03 UTC
Severity:
minor
#781011#5
Date:
2015-03-23 07:59:33 UTC
From:
To:
Hello.

libdb5.3 is included "licensed under Artistic license" code. no version elected.

Note: If this license is Artistic License "Version 2", This is not problem. (Artistic License 2.0 is FSF-Free, GPL compatible.)


FileList:

src/crypto/mersenne/mt19937db.c



This code is DFSG-Free, but not FSF-Free, and GPL incompatible.

This library used GPL'ed software. (E,g jigdo, etc...) It is non-free, GPL incompatible. (See Summary)

And, Not display this code's copyright statement. (missing copyright file)


Summary:

"SleepyCat License code + Artistic License (Version 1.0) or FSF non-free code + GPL code => Not OK (GPL incompatible)"

"SleepyCat License code + Artistic Licence (Version 2.0) code + GPL code => OK (GPL compatible)"

"SleepyCat License code + GPL or GPL compatible license code + GPL code  => OK (GPL compatible)"

(Note: GPL code is no exception, default GPL licensed code.)


Suggests:

1. Remove GPL problematic code, and rebuild. and add copyright file.

2. Replace GPL compatible code, and rebuild. and add copyright file.

3. Contact Upstream author.

4. Remove Debian archive.



Reference:

https://bugzilla.redhat.com/show_bug.cgi?id=886838
https://lists.debian.org/debian-devel/2013/07/msg00140.html
https://www.gnu.org/philosophy/license-list.html#ArtisticLicense
https://www.gnu.org/philosophy/license-list.html#ArtisticLicense2
https://wiki.debian.org/DFSGLicenses#The_Artistic_License

#781011#10
Date:
2015-03-23 09:11:54 UTC
From:
To:
As you might know from:

https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=886838

since it uses same style, it's purely documentation issue as the mersene
twister was also released under BSD license, for more reference also see
here:

https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20130506/1016593.html

Thus lowering the severity to minor.

You could also find this statement from upstream authors:

http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/elicense.html

Anything would be better than filling serious bug with proposal such as
"Remove Debian archive.".

Cheers,
Ondrej

#781011#17
Date:
2022-06-30 19:48:59 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
db5.3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 781011@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann <bage@debian.org> (supplier of updated db5.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Thu, 30 Jun 2022 21:41:48 +0200
Source: db5.3
Architecture: source
Version: 5.3.28+dfsg1-0.10
Distribution: unstable
Urgency: medium
Maintainer: Debian Berkeley DB Team <team+bdb@tracker.debian.org>
Changed-By: Bastian Germann <bage@debian.org>
Closes: 781011
Changes:
 db5.3 (5.3.28+dfsg1-0.10) unstable; urgency=medium
 .
   * Non-maintainer upload
   * d/changelog: Correct bug reference
   * Remove alien lintian tags
   * Convert Priority: extra to optional
   * d/copyright: Convert to machine-readable format (Closes: #781011)
   * Remove dh compat 9 leftovers
Checksums-Sha1:
 94e8752c088d6b4c35d244eb43d610f9093afa79 2964 db5.3_5.3.28+dfsg1-0.10.dsc
 b1de30d0c600892f46f3ff98498724a4e6da6993 34656 db5.3_5.3.28+dfsg1-0.10.debian.tar.xz
 df9b056450bc11fd24b09d39c185618bd8032982 13338 db5.3_5.3.28+dfsg1-0.10_source.buildinfo
Checksums-Sha256:
 7bab820246eb763be7d04fcb2893bedb414f9b3cf7a29327e3530adfbca1963e 2964 db5.3_5.3.28+dfsg1-0.10.dsc
 2d2b3c6b4643e9c94db58f9540332e23a780d63afdc3fcabe66df01a343d6c65 34656 db5.3_5.3.28+dfsg1-0.10.debian.tar.xz
 8063bdbbd17b4e5f7421d1e85f7afb1286b080ed08080623cec651a4018e2c61 13338 db5.3_5.3.28+dfsg1-0.10_source.buildinfo
Files:
 afaa4be1a238dac4538b66bcdc029b0b 2964 libs optional db5.3_5.3.28+dfsg1-0.10.dsc
 6d69df97100e3de1baf8f7bed17d536b 34656 libs optional db5.3_5.3.28+dfsg1-0.10.debian.tar.xz
 bf2c022be76442e332d40117cc795891 13338 libs optional db5.3_5.3.28+dfsg1-0.10_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmK9/QcQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFDCPDADDfr8Ige9eYGtHRpKRi+LqZ0UTyHmb/2O0
bExVfIJlNx8tfDt3AmjBqMW6O9FmmLdUPftejewxuIjwZXUKAQAgILLcSI/dOAWl
mmWhxzp/Z7Phlv+OA6sFClW41govdwS7+iiH6exjITYRqn7qnpg3GZVzDT3t3hyk
diTF9orpyubXtJCc+QebL5MojxvALIM3e++3DgZHyX7kD8nquGV9k6pU/ukeXCpK
GO+RkblSv81T6xi+jmQDd50l8mICkmPy+BcavspICWW0Xd7S/Wf4hIiy78YLjeYH
u5xQfIM6aUpGHzpfD9fPSv+NXav4Gan0A9rs0IK6SZrKGaTpFskhCP0rF43whxTk
nf3z0GGWZix0wsBQMd44XcsBmZOnyVnTlyhQkXMqN+RQ6iXpvGKhWLKI53jRbH4y
oVL9XYt4SFx3yZewK4/u3v3lk/bNWZ6Y9UDBFFQfH+Fxso2kcFu1aNMyUDitBJ8w
aAe9PXKbL3dY+z2HyXiDpYJGYKLwLlM=
=qEd7
-----END PGP SIGNATURE-----