Debian Bug report logs - #393408
Source package contains non-free IETF RFC/I-D's

version graph

Package: proftpd; Maintainer for proftpd is (unknown);

Reported by: Simon Josefsson <jas@extundo.com>

Date: Mon, 16 Oct 2006 10:22:09 UTC

Severity: serious

Tags: etch-ignore

Found in version proftpd/1.3.0-9.1

Fixed in version proftpd-dfsg/1.3.0-10

Done: Francesco Paolo Lovergine <frankie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Francesco Paolo Lovergine <frankie@debian.org>:
Bug#393408; Package proftpd. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <jas@extundo.com>:
New Bug report received and forwarded. Copy sent to Francesco Paolo Lovergine <frankie@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon Josefsson <jas@extundo.com>
To: submit@bugs.debian.org
Subject: Source package contains non-free IETF RFC/I-D's
Date: Mon, 16 Oct 2006 12:11:13 +0200
Package: proftpd
Version: 1.3.0-9.1
Severity: serious

Hi!

This bug has been filed on multiple packages, and general discussions
are kindly requested to take place on debian-legal or debian-devel in
the thread with Subject: "Non-free IETF RFC/I-Ds in source packages".

It seems this source package contains the following files from the
IETF under non-free license terms:

proftpd-1.3.0/doc/rfc/draft-bonachea-sftp-00.txt 
proftpd-1.3.0/doc/rfc/draft-ietf-ftpext-mlst-15.txt 
proftpd-1.3.0/doc/rfc/draft-ietf-ftpext-sec-consider-02.txt 
proftpd-1.3.0/doc/rfc/rfc0959.txt 
proftpd-1.3.0/doc/rfc/rfc2228.txt 
proftpd-1.3.0/doc/rfc/rfc2389.txt 
proftpd-1.3.0/doc/rfc/rfc2428.txt 
proftpd-1.3.0/doc/rfc/rfc4217.txt 

The license on RFC/I-Ds is not DFSG-free, see:
 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810
 * http://release.debian.org/removing-non-free-documentation
 * http://wiki.debian.org/NonFreeIETFDocuments

The etch release policy says binary and source packages must each be free:
 * http://release.debian.org/etch_rc_policy.txt

The severity is serious, because this violates the Debian policy:
 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem.  In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license.  A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding a 'dfsg' version name to it.

3. Move the package to non-free.

I went over many packages looking for names of likely non-free files,
and there may be false positives.  If this is the case for your
package, I'm sorry for the noise.  I'll modify the scripts to take
into account false positives when I learn of them, and publish the
list of exceptions under "Known exceptions" at
<http://wiki.debian.org/NonFreeIETFDocuments>.

Thanks,
Simon



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#393408; Package proftpd. Full text and rfc822 format available.

Acknowledgement sent to Francesco Paolo Lovergine <frankie@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 393408@bugs.debian.org (full text, mbox):

From: Francesco Paolo Lovergine <frankie@debian.org>
To: Simon Josefsson <jas@extundo.com>, 393408@bugs.debian.org
Subject: Re: Bug#393408: Source package contains non-free IETF RFC/I-D's
Date: Mon, 16 Oct 2006 16:22:44 +0200
tags 393408 + pending
thanks

> Package: proftpd
> Version: 1.3.0-9.1
> Severity: serious
> 

A cleaned proftpd-dfsg-1.3.0 source is now pending in NEW.

-- 
Francesco P. Lovergine



Reply sent to Francesco Paolo Lovergine <frankie@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Simon Josefsson <jas@extundo.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 393408-close@bugs.debian.org (full text, mbox):

From: Francesco Paolo Lovergine <frankie@debian.org>
To: 393408-close@bugs.debian.org
Subject: Bug#393408: fixed in proftpd-dfsg 1.3.0-10
Date: Mon, 16 Oct 2006 09:38:43 -0700
Source: proftpd-dfsg
Source-Version: 1.3.0-10

We believe that the bug you reported is fixed in the latest version of
proftpd-dfsg, which is due to be installed in the Debian FTP archive:

proftpd-dfsg_1.3.0-10.diff.gz
  to pool/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-10.diff.gz
proftpd-dfsg_1.3.0-10.dsc
  to pool/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-10.dsc
proftpd-dfsg_1.3.0.orig.tar.gz
  to pool/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0.orig.tar.gz
proftpd-doc_1.3.0-10_all.deb
  to pool/main/p/proftpd-dfsg/proftpd-doc_1.3.0-10_all.deb
proftpd-ldap_1.3.0-10_all.deb
  to pool/main/p/proftpd-dfsg/proftpd-ldap_1.3.0-10_all.deb
proftpd-mysql_1.3.0-10_all.deb
  to pool/main/p/proftpd-dfsg/proftpd-mysql_1.3.0-10_all.deb
proftpd-pgsql_1.3.0-10_all.deb
  to pool/main/p/proftpd-dfsg/proftpd-pgsql_1.3.0-10_all.deb
proftpd_1.3.0-10_i386.deb
  to pool/main/p/proftpd-dfsg/proftpd_1.3.0-10_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 393408@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francesco Paolo Lovergine <frankie@debian.org> (supplier of updated proftpd-dfsg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 16 Oct 2006 15:16:21 +0200
Source: proftpd-dfsg
Binary: proftpd proftpd-mysql proftpd-pgsql proftpd-ldap proftpd-doc
Architecture: source all i386
Version: 1.3.0-10
Distribution: unstable
Urgency: low
Maintainer: Francesco Paolo Lovergine <frankie@debian.org>
Changed-By: Francesco Paolo Lovergine <frankie@debian.org>
Description: 
 proftpd    - Versatile, virtual-hosting FTP daemon
 proftpd-doc - Versatile, virtual-hosting FTP daemon (Documentation)
 proftpd-ldap - Versatile, virtual-hosting FTP daemon
 proftpd-mysql - Versatile, virtual-hosting FTP daemon
 proftpd-pgsql - Versatile, virtual-hosting FTP daemon
Closes: 375017 375102 381949 383077 387982 388647 393408
Changes: 
 proftpd-dfsg (1.3.0-10) unstable; urgency=low
 .
   * Removed RFCs in the original tarball.
     (closes: #393408)
   * Added a watch file for uscan.
   * Templates updated.
     (closes: #375102,#381949,#383077)
   * Removes proftpd user on purge in postrm.
     (closes: #387982)
   * Merged by 1.3.0-9.1 NMU (thanks Arjan Oosting):
   	+ Call update-inetd during remove and disappear and not during purge.
          (closes: #388647)
         + Make dependency on libcap-dev conditional to fix FTBFS on GNU/kFreeBSD
          (closes: #375017)
         + Deregister /etc/init.d script on purge
Files: 
 149a374bffc1387bb95628c94939e027 926 net optional proftpd-dfsg_1.3.0-10.dsc
 b857aaf750244106d1991bcb3c48f4a0 1751265 net optional proftpd-dfsg_1.3.0.orig.tar.gz
 5a617a5936c89a9af7b0c4b1331fe641 167847 net optional proftpd-dfsg_1.3.0-10.diff.gz
 b751b221d3ecc6b5e1da5c6ff51d5118 593760 net optional proftpd_1.3.0-10_i386.deb
 7a8716c9a55e4a19c74912b5ad304476 492186 doc optional proftpd-doc_1.3.0-10_all.deb
 e91292ffbd4d1f803969b74a4014b0b2 161506 net optional proftpd-mysql_1.3.0-10_all.deb
 58d4d6d1adc885e50a0010607c1fcb41 161500 net optional proftpd-pgsql_1.3.0-10_all.deb
 c91cc6ab771bf94d3623b374d1b2b58d 161498 net optional proftpd-ldap_1.3.0-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFM4nmpFNRmenyx0cRAuTkAJ4iK15BkjqM/Xwm+IShNZOORHLhFwCg2UGO
hBiDWeHvnaznR8nHZqmtlgw=
=Z7b+
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Francesco Paolo Lovergine <frankie@debian.org>:
Bug#393408; Package proftpd. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Francesco Paolo Lovergine <frankie@debian.org>. Full text and rfc822 format available.

Message #20 received at 393408@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Simon Josefsson <jas@extundo.com>, 393356@bugs.debian.org, 393357@bugs.debian.org, 393358@bugs.debian.org, 393359@bugs.debian.org, 393360@bugs.debian.org, 393361@bugs.debian.org, 393364@bugs.debian.org, 393365@bugs.debian.org, 393366@bugs.debian.org, 393367@bugs.debian.org, 393368@bugs.debian.org, 393369@bugs.debian.org, 393370@bugs.debian.org, 393371@bugs.debian.org, 393372@bugs.debian.org, 393373@bugs.debian.org, 393374@bugs.debian.org, 393375@bugs.debian.org, 393376@bugs.debian.org, 393377@bugs.debian.org, 393378@bugs.debian.org, 393379@bugs.debian.org, 393380@bugs.debian.org, 393381@bugs.debian.org, 393382@bugs.debian.org, 393383@bugs.debian.org, 393384@bugs.debian.org, 393385@bugs.debian.org, 393386@bugs.debian.org, 393387@bugs.debian.org, 393388@bugs.debian.org, 393389@bugs.debian.org, 393390@bugs.debian.org, 393391@bugs.debian.org, 393392@bugs.debian.org, 393393@bugs.debian.org, 393394@bugs.debian.org, 393395@bugs.debian.org, 393396@bugs.debian.org, 393397@bugs.debian.org, 393398@bugs.debian.org, 393399@bugs.debian.org, 393400@bugs.debian.org, 393402@bugs.debian.org, 393403@bugs.debian.org, 393405@bugs.debian.org, 393406@bugs.debian.org, 393408@bugs.debian.org, 393409@bugs.debian.org, 393410@bugs.debian.org, 393411@bugs.debian.org, 393412@bugs.debian.org, 393413@bugs.debian.org, 393414@bugs.debian.org, 393415@bugs.debian.org, 393416@bugs.debian.org, 393417@bugs.debian.org, 393418@bugs.debian.org, 393419@bugs.debian.org, 393420@bugs.debian.org, 393421@bugs.debian.org, 393422@bugs.debian.org, 393423@bugs.debian.org, 393424@bugs.debian.org, 393425@bugs.debian.org
Subject: Re: Bug#393356: Source package contains non-free IETF RFC/I-D's
Date: Mon, 16 Oct 2006 22:02:24 -0700
tags 393356 etch-ignore
tags 393357 etch-ignore
tags 393358 etch-ignore 
tags 393359 etch-ignore
tags 393360 etch-ignore 
tags 393361 etch-ignore 
tags 393364 etch-ignore 
tags 393365 etch-ignore 
tags 393366 etch-ignore 
tags 393367 etch-ignore 
tags 393368 etch-ignore 
tags 393369 etch-ignore 
tags 393370 etch-ignore 
tags 393371 etch-ignore 
tags 393372 etch-ignore 
tags 393373 etch-ignore 
tags 393374 etch-ignore 
tags 393375 etch-ignore 
tags 393376 etch-ignore 
tags 393377 etch-ignore 
tags 393378 etch-ignore 
tags 393379 etch-ignore 
tags 393380 etch-ignore 
tags 393381 etch-ignore 
tags 393382 etch-ignore 
tags 393383 etch-ignore 
tags 393384 etch-ignore 
tags 393385 etch-ignore 
tags 393386 etch-ignore 
tags 393387 etch-ignore 
tags 393388 etch-ignore 
tags 393389 etch-ignore 
tags 393390 etch-ignore 
tags 393391 etch-ignore 
tags 393392 etch-ignore 
tags 393393 etch-ignore 
tags 393394 etch-ignore 
tags 393395 etch-ignore 
tags 393396 etch-ignore 
tags 393397 etch-ignore 
tags 393398 etch-ignore 
tags 393399 etch-ignore 
tags 393400 etch-ignore 
tags 393402 etch-ignore 
tags 393403 etch-ignore 
tags 393405 etch-ignore 
tags 393406 etch-ignore 
tags 393408 etch-ignore 
tags 393409 etch-ignore 
tags 393410 etch-ignore 
tags 393411 etch-ignore 
tags 393412 etch-ignore 
tags 393413 etch-ignore 
tags 393414 etch-ignore 
tags 393415 etch-ignore 
tags 393416 etch-ignore 
tags 393417 etch-ignore 
tags 393418 etch-ignore 
tags 393419 etch-ignore 
tags 393420 etch-ignore 
tags 393421 etch-ignore 
tags 393422 etch-ignore 
tags 393423 etch-ignore 
tags 393424 etch-ignore 
tags 393425 etch-ignore
thanks

Hi Simon,

On Mon, Oct 16, 2006 at 11:51:17AM +0200, Simon Josefsson wrote:
> This bug has been filed on multiple packages, and general discussions
> are kindly requested to take place on debian-legal or debian-devel in
> the thread with Subject: "Non-free IETF RFC/I-Ds in source packages".

> It seems this source package contains the following files from the
> IETF under non-free license terms:

> apg-2.2.3/doc/rfc0972.txt 
> apg-2.2.3/doc/rfc1750.txt 

> The license on RFC/I-Ds is not DFSG-free, see:
>  * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810
>  * http://release.debian.org/removing-non-free-documentation
>  * http://wiki.debian.org/NonFreeIETFDocuments

> The etch release policy says binary and source packages must each be free:
>  * http://release.debian.org/etch_rc_policy.txt

> The severity is serious, because this violates the Debian policy:
>  * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

> There are (at least) three ways to fix this problem.  In order of
> preference:

> 1. Ask the author of the RFC to re-license the RFC under a free
>    license.  A template for this e-mail request can be found at
>    http://wiki.debian.org/NonFreeIETFDocuments

> 2. Remove the non-free material from the source, e.g., by re-packaging
>    the upstream archive and adding a 'dfsg' version name to it.

> 3. Move the package to non-free.

> I went over many packages looking for names of likely non-free files,
> and there may be false positives.  If this is the case for your
> package, I'm sorry for the noise.  I'll modify the scripts to take
> into account false positives when I learn of them, and publish the
> list of exceptions under "Known exceptions" at
> <http://wiki.debian.org/NonFreeIETFDocuments>.

Andi Barth and I have discussed these bugs, and we believe these bugs should
be granted an exception for etch, for the following reasons:

- As you mention, this mass-filing is based on file names and may include
  false positives for this reason.  Given this uncertainty, which covers
  both files that may not actually contain RFCs and RFCs that may be
  distributed with separate permissions from the authors, I do not consider
  it reasonable for the burden to be on the maintainers (and the release
  team) to demonstrate any particular bug to be a false-positive before the
  package can be included in the release.
- The time between the bug filing and the scheduled release of etch is now
  relatively short, and I don't believe, given the comparatively small
  impact of these bugs (where RC bugs are concerned), that they should
  warrant either delaying the release of etch or requiring the removal of a
  package so affected.  It is normal to allow some latitude for such license
  issues while they are being investigated/addressed.

I'm happy to see that a number of maintainers have already made uploads (or
are preparing uploads) to address these bugs, and I would encourage all
maintainers to try to address such bugs in their packages for release.  I am
also certainly happy to grant freeze exceptions for uploads fixing these
bugs.  We only will not treat these as bugs that must be fixed prior to
release.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Tags added: etch-ignore Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 13:02:21 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 20:12:59 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.