Debian Bug report logs - #506977
FPC: copyright infringement in pre 2.2.2 sources

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Paul Gevers <paul.gevers@esac.climbing.nl>

Date: Wed, 26 Nov 2008 16:45:01 UTC

Severity: serious

Done: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Wed, 26 Nov 2008 16:45:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Gevers <paul.gevers@esac.climbing.nl>:
New Bug report received and forwarded. Copy sent to Carlos Laviola <claviola@debian.org>. (Wed, 26 Nov 2008 16:45:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Paul Gevers <paul.gevers@esac.climbing.nl>
To: submit@bugs.debian.org
Subject: FPC: copyright infringement in pre 2.2.2 sources
Date: Wed, 26 Nov 2008 10:42:13 -0600
[Message part 1 (text/plain, inline)]
Package: fpc
Version: 2.2.0-dfsg1-9
Version: 2.0.0-4
Severity: serious
Thanks

As can be read in the changelog of the latest version the old source of
fpc has a copyright infringment:
- Possible CodeGear Copyright infringements in the source were reworked
  using cleanroom approach.

Following the full discussion for the same issue in Ubuntu (discussed in
LP bug 275688 [1]) it looks like upstream is now positive of the
infringement. Upstream removed all old releases from their servers.
Debian should probably seek for a similar solution or relicense
(although the latter solution is said in [1] that it should probably
never be mentioned)

I know it is late for Lenny, but I think we should look into this ASAP.
I will point debian-legal to this bug as well.

Paul

[1] https://bugs.launchpad.net/ubuntu/+source/fpc/+bug/275688

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Wed, 26 Nov 2008 17:06:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Gevers <paul@climbing.nl>:
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Wed, 26 Nov 2008 17:06:08 GMT) Full text and rfc822 format available.

Message #10 received at 506977@bugs.debian.org (full text, mbox):

From: Paul Gevers <paul@climbing.nl>
To: debian-legal@lists.debian.org
Cc: 506977@bugs.debian.org
Subject: Bug#506977: FPC: copyright infringement in pre 2.2.2 sources
Date: Wed, 26 Nov 2008 11:02:12 -0600
[Message part 1 (text/plain, inline)]
Hi debian-legal
(please keep bug cc on reply)

I just filed the bug below about a copyright infringement in the fpc
source from before version 2.2.2 (that is everything except unstable). I
am also following and trying to help on the Ubuntu bug which discusses
the same problem [1]. Could you help by explaining what needs to be done
(if anything) with the current old-stable, stable and testing sources?
It looks like we should take this seriously, but I fear this is slightly
above my head. Especially the fact that upstream removed all the old
releases from their website seems to mark that they took it very seriously.

Paul
[1] https://bugs.launchpad.net/ubuntu/+source/fpc/+bug/275688

-------- Original Message --------
Subject: Bug#506977: FPC: copyright infringement in pre 2.2.2 sources
Date: Wed, 26 Nov 2008 10:42:13 -0600
From: Paul Gevers
To: submit@bugs.debian.org

Package: fpc
Version: 2.2.0-dfsg1-9
Version: 2.0.0-4
Severity: serious
Thanks

As can be read in the changelog of the latest version the old source of
fpc has a copyright infringment:
- Possible CodeGear Copyright infringements in the source were reworked
  using cleanroom approach.

Following the full discussion for the same issue in Ubuntu (discussed in
LP bug 275688 [1]) it looks like upstream is now positive of the
infringement. Upstream removed all old releases from their servers.
Debian should probably seek for a similar solution or relicense
(although the latter solution is said in [1] that it should probably
never be mentioned)

I know it is late for Lenny, but I think we should look into this ASAP.
I will point debian-legal to this bug as well.

Paul

[1] https://bugs.launchpad.net/ubuntu/+source/fpc/+bug/275688



[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Wed, 26 Nov 2008 18:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to MJ Ray <mjr@phonecoop.coop>:
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Wed, 26 Nov 2008 18:06:04 GMT) Full text and rfc822 format available.

Message #15 received at 506977@bugs.debian.org (full text, mbox):

From: MJ Ray <mjr@phonecoop.coop>
To: debian-legal@lists.debian.org
Cc: 506977@bugs.debian.org
Subject: Re: Bug#506977: FPC: copyright infringement in pre 2.2.2 sources
Date: Wed, 26 Nov 2008 18:03:40 +0000
Paul Gevers <paul@climbing.nl> wrote:
> [...] Could you help by explaining what needs to be done
> (if anything) with the current old-stable, stable and testing sources?
> It looks like we should take this seriously, but I fear this is slightly
> above my head. Especially the fact that upstream removed all the old
> releases from their website seems to mark that they took it very seriously.
> [1] https://bugs.launchpad.net/ubuntu/+source/fpc/+bug/275688

It may also mean that they considered it the easiest way to avoid an
expensive legal dispute.  It clearly says "Possible" in what is quoted
in the debian bug report.  I don't understand who's who on the
LaunchPad bug because there's no sigs and the pages linked from
posters' names seem uninformative.

If you're reasonably sure there's an infringement, I think you should
contact ftpmasters and the various release managers as soon as
possible.  I don't think debian-legal can help much if it's a straight
dispute/remove choice - sorry.

Good luck!
-- 
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct




Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Wed, 26 Nov 2008 19:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to marcov@stack.nl (Marco van de Voort):
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Wed, 26 Nov 2008 19:57:02 GMT) Full text and rfc822 format available.

Message #20 received at 506977@bugs.debian.org (full text, mbox):

From: marcov@stack.nl (Marco van de Voort)
To: 506977@bugs.debian.org
Subject: bug 506977 ( ubuntu 275688)
Date: Wed, 26 Nov 2008 20:51:43 +0100 (CET)
Hello,

Note: I'm the FPC core developer that also features in the Ubuntu
correspondance. Carlos (the maintainer of this port) can confirm that, or
have a look here: http://www.freepascal.org/aboutus.var

The probable infringement was brought to our attention in early 2007.
The infringement was made amenable mostly due to trivial means (variable
names, fairly small procedures that were the same).

The other side was really cooperative, and gave us time to clean up
massively, without having to immediately pull all sources, and we employed
at tool to identify potential problem sources, and found a lot more. 

So we cut real wide, and reengineered all potentially infringing code. (all
in all a nontrivial amount).

However because the infringement was so trivial, and relicensing
counterproductive and confusion, it was decided to pull all releases.

So in august, after 2.2.2 came out, we removed all older releases from our
site, and assumed the mentioning of the copyright problems in our release
manifest would be enough to warrant a swift upgrade. 

I hope it need no explanation that that was a pretty painful step, removing
10 years of history of our project.

However, here we are now, 3-4 months after the release and the heads up, and
the infringing code is still served from Debian servers. We are not happy
with this. Note that it is also not fair to the other party who has been
patient, and now could see the code still floating around.

In short: please remove the old versions as soon as possible, or upgrade.

Marco.




Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Wed, 26 Nov 2008 21:12:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Gevers <paul@climbing.nl>:
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Wed, 26 Nov 2008 21:12:14 GMT) Full text and rfc822 format available.

Message #25 received at 506977@bugs.debian.org (full text, mbox):

From: Paul Gevers <paul@climbing.nl>
To: ftpmaster@ftp-master.debian.org
Cc: 506977@bugs.debian.org
Subject: Re: Bug#506977: bug 506977 ( ubuntu 275688)
Date: Wed, 26 Nov 2008 15:09:48 -0600
[Message part 1 (text/plain, inline)]
Dear FTP-masters,

Please have a look at bug 506977 (of which the last and most explaining
comment is below this email). The issue involved is a copyright
infringement in the source of fpc before version 2.2.2 (i.e. everything
version except for the one in unstable). I fear that we should either
update or remove the sources of fpc on all but unstable releases.

In Ubuntu I checked that the following packages builddepend on FPC:
lazarus
imapcopy
hedgewars
libhdate
gearhead
m-tx
python-soappy
poker-network
I assume, but have not check yet, that the same goes for Debian.

With kind regards,
Paul

Marco van de Voort wrote:
> Hello,
> 
> Note: I'm the FPC core developer that also features in the Ubuntu
> correspondence. Carlos (the maintainer of this port) can confirm that, or
> have a look here: http://www.freepascal.org/aboutus.var
> 
> The probable infringement was brought to our attention in early 2007.
> The infringement was made amenable mostly due to trivial means (variable
> names, fairly small procedures that were the same).
> 
> The other side was really cooperative, and gave us time to clean up
> massively, without having to immediately pull all sources, and we employed
> at tool to identify potential problem sources, and found a lot more. 
> 
> So we cut real wide, and reengineered all potentially infringing code. (all
> in all a nontrivial amount).
> 
> However because the infringement was so trivial, and relicensing
> counterproductive and confusion, it was decided to pull all releases.
> 
> So in august, after 2.2.2 came out, we removed all older releases from our
> site, and assumed the mentioning of the copyright problems in our release
> manifest would be enough to warrant a swift upgrade. 
> 
> I hope it need no explanation that that was a pretty painful step, removing
> 10 years of history of our project.
> 
> However, here we are now, 3-4 months after the release and the heads up, and
> the infringing code is still served from Debian servers. We are not happy
> with this. Note that it is also not fair to the other party who has been
> patient, and now could see the code still floating around.
> 
> In short: please remove the old versions as soon as possible, or upgrade.
> 
> Marco.
> 
> 
> 
> 

[signature.asc (application/pgp-signature, attachment)]

Information stored :
Bug#506977; Package fpc. (Wed, 26 Nov 2008 22:03:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Torsten Werner" <mail.twerner@googlemail.com>:
Extra info received and filed, but not forwarded. (Wed, 26 Nov 2008 22:03:09 GMT) Full text and rfc822 format available.

Message #30 received at 506977-quiet@bugs.debian.org (full text, mbox):

From: "Torsten Werner" <mail.twerner@googlemail.com>
To: debian-release@lists.debian.org
Cc: "Marco van de Voort" <marcov@stack.nl>, 506977-quiet@bugs.debian.org, "Mazen NEIFER" <mazen@freepascal.org>
Subject: Bug #506977 FPC: copyright infringement in pre 2.2.2 sources
Date: Wed, 26 Nov 2008 22:56:07 +0100
Hi,


my suggestion is to remove fpc from oldstable and stable but unblock
the unstable version 2.2.2-4 for lenny and trigger binNMUs for
lazarus. What do you think?

What is the correct way to remove packages from (old)stable? Should I
file a bug report against ftp.debian.org or is it done by the SRM?


Cheers,
Torsten

On Wed, Nov 26, 2008 at 8:51 PM, Marco van de Voort <marcov@stack.nl> wrote:
>
> Hello,
>
> Note: I'm the FPC core developer that also features in the Ubuntu
> correspondance. Carlos (the maintainer of this port) can confirm that, or
> have a look here: http://www.freepascal.org/aboutus.var
>
> The probable infringement was brought to our attention in early 2007.
> The infringement was made amenable mostly due to trivial means (variable
> names, fairly small procedures that were the same).
>
> The other side was really cooperative, and gave us time to clean up
> massively, without having to immediately pull all sources, and we employed
> at tool to identify potential problem sources, and found a lot more.
>
> So we cut real wide, and reengineered all potentially infringing code. (all
> in all a nontrivial amount).
>
> However because the infringement was so trivial, and relicensing
> counterproductive and confusion, it was decided to pull all releases.
>
> So in august, after 2.2.2 came out, we removed all older releases from our
> site, and assumed the mentioning of the copyright problems in our release
> manifest would be enough to warrant a swift upgrade.
>
> I hope it need no explanation that that was a pretty painful step, removing
> 10 years of history of our project.
>
> However, here we are now, 3-4 months after the release and the heads up, and
> the infringing code is still served from Debian servers. We are not happy
> with this. Note that it is also not fair to the other party who has been
> patient, and now could see the code still floating around.
>
> In short: please remove the old versions as soon as possible, or upgrade.
>
> Marco.
>
>
>
>




Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Thu, 27 Nov 2008 08:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mazen Neifer <mazen@freepascal.org>:
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Thu, 27 Nov 2008 08:57:07 GMT) Full text and rfc822 format available.

Message #35 received at 506977@bugs.debian.org (full text, mbox):

From: Mazen Neifer <mazen@freepascal.org>
To: Paul Gevers <paul.gevers@esac.climbing.nl>, 506977@bugs.debian.org
Subject: Re: Bug#506977: FPC: copyright infringement in pre 2.2.2 sources
Date: Thu, 27 Nov 2008 09:54:52 +0100
Hi,

Le mercredi 26 novembre 2008 à 10:42 -0600, Paul Gevers a écrit :
> Package: fpc
> Version: 2.2.0-dfsg1-9
> Version: 2.0.0-4
> Severity: serious
> Thanks
> 
> As can be read in the changelog of the latest version the old source of
> fpc has a copyright infringment:
> - Possible CodeGear Copyright infringements in the source were reworked
>   using cleanroom approach.
> 
> Following the full discussion for the same issue in Ubuntu (discussed in
> LP bug 275688 [1]) it looks like upstream is now positive of the
> infringement. Upstream removed all old releases from their servers.
> Debian should probably seek for a similar solution or relicense
> (although the latter solution is said in [1] that it should probably
> never be mentioned)
> 
> I know it is late for Lenny, but I think we should look into this ASAP.
> I will point debian-legal to this bug as well.
> 
> Paul
> 
> [1] https://bugs.launchpad.net/ubuntu/+source/fpc/+bug/275688
> 
A request was sent to deban-relase list
http://www.mail-archive.com/debian-release@lists.debian.org/msg27208.html but got negative answer.

Cheers,
Mazen,





Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Thu, 27 Nov 2008 09:06:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mazen Neifer <mazen@freepascal.org>:
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Thu, 27 Nov 2008 09:06:07 GMT) Full text and rfc822 format available.

Message #40 received at 506977@bugs.debian.org (full text, mbox):

From: Mazen Neifer <mazen@freepascal.org>
To: Paul Gevers <paul@climbing.nl>, 506977@bugs.debian.org
Cc: ftpmaster@ftp-master.debian.org
Subject: Re: Bug#506977: bug 506977 ( ubuntu 275688)
Date: Thu, 27 Nov 2008 10:04:03 +0100
Hi,

Le mercredi 26 novembre 2008 à 15:09 -0600, Paul Gevers a écrit :
> Dear FTP-masters,
> 
> Please have a look at bug 506977 (of which the last and most explaining
> comment is below this email). The issue involved is a copyright
> infringement in the source of fpc before version 2.2.2 (i.e. everything
> version except for the one in unstable). I fear that we should either
> update or remove the sources of fpc on all but unstable releases.
> 
> In Ubuntu I checked that the following packages builddepend on FPC:
> lazarus
> imapcopy
> hedgewars
> libhdate
> gearhead
> m-tx
> python-soappy
> poker-network
> I assume, but have not check yet, that the same goes for Debian.
> 
> With kind regards,
> Paul
> 
> Marco van de Voort wrote:
> > Hello,
> > 
> > Note: I'm the FPC core developer that also features in the Ubuntu
> > correspondence. Carlos (the maintainer of this port) can confirm that, or
> > have a look here: http://www.freepascal.org/aboutus.var
> > 
> > The probable infringement was brought to our attention in early 2007.
> > The infringement was made amenable mostly due to trivial means (variable
> > names, fairly small procedures that were the same).
> > 
> > The other side was really cooperative, and gave us time to clean up
> > massively, without having to immediately pull all sources, and we employed
> > at tool to identify potential problem sources, and found a lot more. 
> > 
> > So we cut real wide, and reengineered all potentially infringing code. (all
> > in all a nontrivial amount).
> > 
> > However because the infringement was so trivial, and relicensing
> > counterproductive and confusion, it was decided to pull all releases.
> > 
> > So in august, after 2.2.2 came out, we removed all older releases from our
> > site, and assumed the mentioning of the copyright problems in our release
> > manifest would be enough to warrant a swift upgrade. 
> > 
> > I hope it need no explanation that that was a pretty painful step, removing
> > 10 years of history of our project.
> > 
> > However, here we are now, 3-4 months after the release and the heads up, and
> > the infringing code is still served from Debian servers. We are not happy
> > with this. Note that it is also not fair to the other party who has been
> > patient, and now could see the code still floating around.
> > 
> > In short: please remove the old versions as soon as possible, or upgrade.
> > 
> > Marco.

Please note that removing FPC 2.2.0 from Lenny should also lead to
removing Lazarus 0.9.24. Beond the package dependency, Lazarus
statically links to the infringed code. The Lazarus IDE is not an issue
as it is GPL, but the LCL not, and thus have the same issue as RTL.

In clear, either FPC + Lazarus should get out of Lenny or should be
updated.

Please not that in answer to
http://www.mail-archive.com/debian-release@lists.debian.org/msg27208.html the backports.org was proposed as an alternative http://www.mail-archive.com/debian-release@lists.debian.org/msg27826.html but I feels it can confuse users producing non GPL code.

Cheers,
Mazen,





Information stored :
Bug#506977; Package fpc. (Thu, 27 Nov 2008 11:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and filed, but not forwarded. (Thu, 27 Nov 2008 11:09:04 GMT) Full text and rfc822 format available.

Message #45 received at 506977-quiet@bugs.debian.org (full text, mbox):

From: Frank Lichtenheld <djpig@debian.org>
To: Torsten Werner <mail.twerner@googlemail.com>
Cc: debian-release@lists.debian.org, Marco van de Voort <marcov@stack.nl>, 506977-quiet@bugs.debian.org, Mazen NEIFER <mazen@freepascal.org>
Subject: Re: Bug #506977 FPC: copyright infringement in pre 2.2.2 sources
Date: Thu, 27 Nov 2008 12:05:54 +0100
On Wed, Nov 26, 2008 at 10:56:07PM +0100, Torsten Werner wrote:
> my suggestion is to remove fpc from oldstable and stable but unblock
> the unstable version 2.2.2-4 for lenny and trigger binNMUs for
> lazarus. What do you think?
> 
> What is the correct way to remove packages from (old)stable? Should I
> file a bug report against ftp.debian.org or is it done by the SRM?

That's SRM stuff, so you need to file the bug against release.debian.org
instead of ftp.debian.org.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/




Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Thu, 27 Nov 2008 15:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to marcov@stack.nl (Marco van de Voort):
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Thu, 27 Nov 2008 15:57:05 GMT) Full text and rfc822 format available.

Message #50 received at 506977@bugs.debian.org (full text, mbox):

From: marcov@stack.nl (Marco van de Voort)
To: 506977@bugs.debian.org
Subject: GPL relicensing
Date: Thu, 27 Nov 2008 16:55:35 +0100 (CET)
I see a lot of echoing about relicensing to GPL, and I regret naming that
option in the Ubuntu bugreport, since it should NOT be taken as gospel.

In case Debian/Ubuntu is serious about this, this is roughly the situation
of GPL licensing option:

-----

The whole possibility of relicensing to GPL is based on just a remark on
a mailing list that all offending code is in some sf.net project. 

But there are two problems with the option of relicensing:
- These claims were not verified.
- Due to the moment the disputed code appeared in the FPC tree (pre 2000),
    it can't have Kylix (including the GPL sf.net project) origin. This
    might put the whole GPL option on shaky ground.

The FPC project has NOT researched this to the fullest (since we decided to
retract all releases with potentially infringing code), and won't do this
either. 

All talk of GPL relicensing is based on a few loose remarks on FPC
core when the release planning for 2.2.2 was done, which were not followed
up.

So if you want to try the relicensing option, one must verify the facts
themselves and/or arrange for legal council and/or contact Codegear yourselves.

-----





Information forwarded to debian-bugs-dist@lists.debian.org, Carlos Laviola <claviola@debian.org>:
Bug#506977; Package fpc. (Thu, 27 Nov 2008 17:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Carlos Laviola <claviola@debian.org>. (Thu, 27 Nov 2008 17:57:05 GMT) Full text and rfc822 format available.

Message #55 received at 506977@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: debian-release@lists.debian.org
Cc: control@bugs.debian.org, 506977@bugs.debian.org
Subject: Re: Bug #506977 FPC: copyright infringement in pre 2.2.2 sources
Date: Thu, 27 Nov 2008 18:53:39 +0100
[Message part 1 (text/plain, inline)]
reassign 506977 release.debian.org
thanks

On Thursday 27 November 2008 12:05, Frank Lichtenheld wrote:
> > What is the correct way to remove packages from (old)stable? Should I
> > file a bug report against ftp.debian.org or is it done by the SRM?
>
> That's SRM stuff, so you need to file the bug against release.debian.org
> instead of ftp.debian.org.

From: Paul Gevers <paul@climbing.nl>
Cc: 506977@bugs.debian.org
>In Ubuntu I checked that the following packages builddepend on FPC:
>lazarus
>imapcopy
>hedgewars
>libhdate
>gearhead
>m-tx
>python-soappy
>poker-network
>I assume, but have not check yet, that the same goes for Debian.

Looks like quite a lot of packages seem to have go. The removal request looks 
reasonable to me :(


regards,
	Holger
[Message part 2 (application/pgp-signature, inline)]

Bug reassigned from package `fpc' to `release.debian.org'. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Thu, 27 Nov 2008 17:57:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#506977; Package release.debian.org. (Thu, 27 Nov 2008 18:36:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Gevers <paul@climbing.nl>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Thu, 27 Nov 2008 18:36:07 GMT) Full text and rfc822 format available.

Message #62 received at 506977@bugs.debian.org (full text, mbox):

From: Paul Gevers <paul@climbing.nl>
To: 506977@bugs.debian.org
Subject: Re: Bug#506977: Bug #506977 FPC: copyright infringement in pre 2.2.2 sources
Date: Thu, 27 Nov 2008 12:30:57 -0600
[Message part 1 (text/plain, inline)]
>> In Ubuntu I checked that the following packages builddepend on FPC:
>> lazarus
>> imapcopy
>> hedgewars
>> libhdate
>> gearhead
>> m-tx
>> python-soappy
>> poker-network
>> I assume, but have not check yet, that the same goes for Debian.
> 
> Looks like quite a lot of packages seem to have go. The removal request looks 
> reasonable to me :(

Yesterday I found out that python-soappy and poker-network do NOT build
depend on fpc. That was a mistake because "reverse-build-depends fpc"
gives more output than only fpc (i.e. it reverse build depend on
python-fpconst)

Paul

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#506977; Package release.debian.org. (Thu, 27 Nov 2008 23:18:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Joerg Jaspert <joerg@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Thu, 27 Nov 2008 23:18:09 GMT) Full text and rfc822 format available.

Message #67 received at 506977@bugs.debian.org (full text, mbox):

From: Joerg Jaspert <joerg@debian.org>
To: Mazen Neifer <mazen@freepascal.org>
Cc: Paul Gevers <paul@climbing.nl>, 506977@bugs.debian.org, ftpmaster@ftp-master.debian.org, Luk Claes <luk@debian.org>, Philipp Kern <pkern@debian.org>
Subject: Re: Bug#506977: bug 506977 ( ubuntu 275688)
Date: Fri, 28 Nov 2008 00:11:14 +0100
>> Please have a look at bug 506977 (of which the last and most explaining
>> comment is below this email). The issue involved is a copyright
>> infringement in the source of fpc before version 2.2.2 (i.e. everything
>> version except for the one in unstable). I fear that we should either
>> update or remove the sources of fpc on all but unstable releases.

Well. Looked.

> In clear, either FPC + Lazarus should get out of Lenny or should be
> updated.

You miss etch, which has an even older 2.0.0, so that needs to be fixed
too.

Now, having talked to the RMs for the various releases:

etch - will get done within two weeks. We need time to prepare and
       coordinate a new stable release.

lenny - it will, together with its reverse dependencies, get removed
        within a day (well, next britney + archive sync run)
        Its unfortunately way too large a code change to sync the new
        version from unstable to lenny.

-- 
bye, Joerg
<elmo> [..] trying to avoid extra dependencies on gnumeric is like trying to
       plug one hole in the titantic with a bit of tissue paper"




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#506977; Package release.debian.org. (Wed, 03 Dec 2008 11:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Kern <pkern@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Wed, 03 Dec 2008 11:33:02 GMT) Full text and rfc822 format available.

Message #72 received at 506977@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: ftpmaster@ftp-master.debian.org, 506977@bugs.debian.org
Subject: Re: Bug#506977: bug 506977 ( ubuntu 275688)
Date: Wed, 3 Dec 2008 12:30:12 +0100
On Fri, Nov 28, 2008 at 12:11:14AM +0100, Joerg Jaspert wrote:
> You miss etch, which has an even older 2.0.0, so that needs to be fixed
> too.

This means that we need to remove fpc, gearhead, imapcopy, libhdate (all
three b-dep on fpc), libhdate-pascal (deps on fpc) and hdate-applet (depends
on libhdate).

~ > dak rm -nR -s stable fpc libhdate-pascal gearhead imapcopy libhdate hdate-applet -m 'copyright infringement in fp-compiler'
Working... done.
Will remove the following packages from stable:

fp-compiler |    2.0.0-4 | amd64, i386, powerpc, sparc
   fp-docs |    2.0.0-4 | all
    fp-ide |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-base |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-db |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-fcl |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-fv |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gfx |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gnome1 |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gtk |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gtk2 |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-misc |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-net |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-rtl |    2.0.0-4 | amd64, i386, powerpc, sparc
  fp-utils |    2.0.0-4 | amd64, i386, powerpc, sparc
       fpc |    2.0.0-4 | source
  gearhead |    1.010-1 | source, amd64, i386, powerpc, sparc
gearhead-data |    1.010-1 | all
hdate-applet |   0.15.6-5 | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
  imapcopy | 1.01+20060420-1 | source, amd64, i386, powerpc, sparc
  libhdate |    1.4.8-1 | source
libhdate-dev | 1.4.8-1+b1 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libhdate-pascal | 1.4.8-1+b1 | amd64, i386, powerpc, sparc
libhdate-perl | 1.4.8-1+b1 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libhdate-python | 1.4.8-1+b1 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
 libhdate1 | 1.4.8-1+b1 | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc

Maintainer: Carlos Laviola <claviola@debian.org>, Kari Pahula <kaol@debian.org>, RISKO Gergely <risko@debian.org>, Debian Hebrew Packaging Team <debian-hebrew-package@lists.alioth.debian.org>

------------------- Reason -------------------
copyright infringement in fp-compiler
----------------------------------------------

Checking reverse dependencies...
No dependency problem found.

Kind regards,
Philipp Kern




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#506977; Package release.debian.org. (Wed, 03 Dec 2008 11:36:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Philipp Kern <pkern@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Wed, 03 Dec 2008 11:36:06 GMT) Full text and rfc822 format available.

Message #77 received at 506977@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: 506977@bugs.debian.org
Subject: Re: Bug#506977: bug 506977 ( ubuntu 275688)
Date: Wed, 3 Dec 2008 12:35:16 +0100
On Wed, Dec 03, 2008 at 12:30:12PM +0100, Philipp Kern wrote:
> This means that we need to remove fpc, gearhead, imapcopy, libhdate (all
> three b-dep on fpc), libhdate-pascal (deps on fpc) and hdate-applet (depends
> on libhdate).

Minor correction: I contacted the hdate maintainer Baruch Even who uploaded
a revision to unstable dropping the fpc-dependent package to provide an
updated package for stable.

Kind regards,
Philipp Kern




Reply sent to Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Wed, 17 Dec 2008 21:20:26 GMT) Full text and rfc822 format available.

Notification sent to Paul Gevers <paul.gevers@esac.climbing.nl>:
Bug acknowledged by developer. (Wed, 17 Dec 2008 21:20:44 GMT) Full text and rfc822 format available.

Message #82 received at 506977-close@bugs.debian.org (full text, mbox):

From: Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>
To: 506977-close@bugs.debian.org
Cc: imapcopy@packages.debian.org, imapcopy@packages.qa.debian.org, gearhead@packages.debian.org, gearhead@packages.qa.debian.org, fpc@packages.debian.org, fpc@packages.qa.debian.org
Subject: Bug#506977: fixed
Date: Wed, 17 Dec 2008 21:11:19 +0000
We believe that the bug you reported is now fixed; the following
package(s) have been removed from stable:

fp-compiler |    2.0.0-4 | amd64, i386, powerpc, sparc
   fp-docs |    2.0.0-4 | all
    fp-ide |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-base |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-db |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-fcl |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-fv |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gfx |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gnome1 |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gtk |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-gtk2 |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-misc |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-net |    2.0.0-4 | amd64, i386, powerpc, sparc
fp-units-rtl |    2.0.0-4 | amd64, i386, powerpc, sparc
  fp-utils |    2.0.0-4 | amd64, i386, powerpc, sparc
       fpc |    2.0.0-4 | source
  gearhead |    1.010-1 | source, amd64, i386, powerpc, sparc
gearhead-data |    1.010-1 | all
  imapcopy | 1.01+20060420-1 | source, amd64, i386, powerpc, sparc

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 506977@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Joerg Jaspert (the ftpmaster behind the curtain)




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 15 Jan 2009 07:31:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 09:49:17 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.