Debian Bug report logs - #641489
adolc: Contains non-free Windows executables

version graph

Package: adolc; Maintainer for adolc is Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>;

Reported by: Sam Geeraerts <samgee@elmundolibre.be>

Date: Tue, 13 Sep 2011 20:00:01 UTC

Severity: serious

Tags: patch, upstream

Found in version 2.1.8-2

Fixed in versions adolc/2.2.1-1, adolc/2.1.8+nomsvcrt-1

Done: bap@debian.org (Barak A. Pearlmutter)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Tue, 13 Sep 2011 20:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Geeraerts <samgee@elmundolibre.be>:
New Bug report received and forwarded. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Tue, 13 Sep 2011 20:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sam Geeraerts <samgee@elmundolibre.be>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: adolc: Contains non-free Windows executables
Date: Tue, 13 Sep 2011 21:58:16 +0200
Package: adolc
Version: 2.1.8-2
Severity: serious
Tags: upstream
Justification: Policy 2.1
User: gnewsense-dev@nongnu.org
Usertags: gnewsense libreplanet

The source package contains the files vcredist_x86.exe and vcredist_x64.exe.
The following is an excerpt from eula.rtf contained in those CAB archives.

==========
You may not

    * disclose the results of any benchmark tests of the software to any third party without Microsoft's prior written approval;
    * work around any technical limitations in the software;
    * reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
    * make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
    * publish the software for others to copy;
    * rent, lease or lend the software;
    * transfer the software or this agreement to any third party; or
    * use the software for commercial software hosting services.

3. BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.
==========

These terms are clearly in violation of DFSG, so I suggest to remove those
exe files (and maybe even the whole windows directory).

-- System Information:
Debian Release: 3.0.2
Architecture: i386 (i686)

Kernel: Linux 2.6.38.6-libre-planet (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash




Reply sent to barak@cs.nuim.ie:
You have taken responsibility. (Tue, 13 Sep 2011 22:18:07 GMT) Full text and rfc822 format available.

Notification sent to Sam Geeraerts <samgee@elmundolibre.be>:
Bug acknowledged by developer. (Tue, 13 Sep 2011 22:18:08 GMT) Full text and rfc822 format available.

Message #10 received at 641489-done@bugs.debian.org (full text, mbox):

From: "Barak A. Pearlmutter" <barak@cs.nuim.ie>
To: 641489-done@bugs.debian.org
Cc: Sam Geeraerts <samgee@elmundolibre.be>
Subject: Re: Bug#641489: adolc: Contains non-free Windows executables
Date: Tue, 13 Sep 2011 22:15:23 +0100
Package: adolc
Version: 2.2.1-1

Those files were deleted upstream in version 2.2.1, which was packaged
and uploaded (adolc 2.2.1-1) in June 2011.  The upstream SVN log
entry:

    Author: kulshres <kulshres@94ac48a7-3327-4b6a-8511-9a4036a20e83> 2011-06-08 13:16:34

    regenerate files for stable branch and get rid of binaries

    git-svn-id: https://projects.coin-or.org/svn/ADOL-C/stable/2.2@231 94ac48a7-3327-4b6a-8511-9a4036a20e83

Although I would not be adverse to having the .exe files in question
removed from the source tarballs in the stable distribution, and on
snapshots, etc, and there would be no harm in doing so since it would
not affect the build, I do not think this issue merits such drastic
measures.

					--Barak.
--
Barak A. Pearlmutter
 Hamilton Institute & Dept Comp Sci, NUI Maynooth, Co. Kildare, Ireland
 http://www.bcl.hamilton.ie/~barak/




Information forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Thu, 15 Sep 2011 16:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Geeraerts <samgee@elmundolibre.be>:
Extra info received and forwarded to list. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Thu, 15 Sep 2011 16:36:03 GMT) Full text and rfc822 format available.

Message #15 received at 641489@bugs.debian.org (full text, mbox):

From: Sam Geeraerts <samgee@elmundolibre.be>
To: barak@cs.nuim.ie
Cc: 641489@bugs.debian.org
Subject: Re: Bug#641489: adolc: Contains non-free Windows executables
Date: Thu, 15 Sep 2011 18:32:03 +0200
I'm happy those files are deleted upstream (at least in the stable 
branch). But I think at least these terms make the .exe files 
undistributable:

    * publish the software for others to copy;
    * transfer the software or this agreement to any third party; or

AFAIK, that does require that the files be removed from the source package.




Information forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Thu, 15 Sep 2011 17:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to barak@cs.nuim.ie:
Extra info received and forwarded to list. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Thu, 15 Sep 2011 17:03:06 GMT) Full text and rfc822 format available.

Message #20 received at 641489@bugs.debian.org (full text, mbox):

From: "Barak A. Pearlmutter" <barak@cs.nuim.ie>
To: 641489@bugs.debian.org
Cc: Sam Geeraerts <samgee@elmundolibre.be>
Subject: Re: Bug#641489: adolc: Contains non-free Windows executables
Date: Thu, 15 Sep 2011 17:59:24 +0100
> AFAIK, that does require that the files be removed from the source package.

They are already removed from the latest source package.

The question is if we want to go through the bother of removing them
from *old* source packages, which would be a lot of work, for dubious
benefit.  I certainly have no objections: please feel free to take the
appropriate actions, which I imagine involves regenerating tarballs,
with appropriately twiddled version designators, rebuilding in ancient
environments, for dozens of architectures, notifying various
administrators of parts of debian including not just ftpmasters but
also snapshot and probably others, and trying to get derived
distributions to do the same.

An intermediate approach would be do just include this removal in the
next stable point release.

					--Barak.




Information forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Mon, 19 Sep 2011 17:27:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Geeraerts <samgee@elmundolibre.be>:
Extra info received and forwarded to list. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Mon, 19 Sep 2011 17:27:14 GMT) Full text and rfc822 format available.

Message #25 received at 641489@bugs.debian.org (full text, mbox):

From: Sam Geeraerts <samgee@elmundolibre.be>
To: barak@cs.nuim.ie, 641489@bugs.debian.org
Subject: Re: Bug#641489: adolc: Contains non-free Windows executables
Date: Mon, 19 Sep 2011 19:24:35 +0200
I certainly want to help getting this solved, but I don't know what all 
the appropriate actions are. I also don't know what's involved in the 
intermediate approach you suggest, but from your explanation I gather 
that's easier. I'm guessing the next stable point release is not far 
off, so the latter looks like the best way to go.

How can I help get that done?




Information forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Thu, 10 Nov 2011 08:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Thu, 10 Nov 2011 08:09:04 GMT) Full text and rfc822 format available.

Message #30 received at 641489@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: Sam Geeraerts <samgee@elmundolibre.be>
Cc: barak@cs.nuim.ie, 641489@bugs.debian.org
Subject: Re: adolc: Contains non-free Windows executables
Date: Thu, 10 Nov 2011 02:05:35 -0600
tags 641489 + patch
quit

Hi,

Barak A. Pearlmutter wrote:

> They are already removed from the latest source package.
>
> The question is if we want to go through the bother of removing them
> from *old* source packages, which would be a lot of work

I don't think it's so hard.  Could you look over the proposed changes
at

  git://git.debian.org/~jrnieder-guest/adolc.git
  (gitweb: <http://git.debian.org/?p=users/jrnieder-guest/adolc.git>)

?  Comments (especially improvements) welcome.

Sam Geeraerts wrote:

> I certainly want to help getting this solved, but I don't know what all the
> appropriate actions are.

Probably the way to save others the most time would be to look through
the versions at http://snapshot.debian.org/ and find which contain the
problematic files, so we can file an appropriate bug against the
snapshot.debian.org package.

Thanks much,
Jonathan




Added tag(s) patch. Request was from Jonathan Nieder <jrnieder@gmail.com> to control@bugs.debian.org. (Thu, 10 Nov 2011 08:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Tue, 22 Nov 2011 17:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Barak A. Pearlmutter" <barak@cs.nuim.ie>:
Extra info received and forwarded to list. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Tue, 22 Nov 2011 17:51:06 GMT) Full text and rfc822 format available.

Message #37 received at 641489@bugs.debian.org (full text, mbox):

From: "Barak A. Pearlmutter" <barak@cs.nuim.ie>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: samgee@elmundolibre.be, 641489@bugs.debian.org
Subject: Re: adolc: Contains non-free Windows executables
Date: Tue, 22 Nov 2011 17:46:18 +0000
> I don't think it's so hard.  Could you look over the proposed changes
> at
>
>   git://git.debian.org/~jrnieder-guest/adolc.git

Yup: that looks about right.

I'll figure out and perform the right magic (an incantation in
debian/changelog I suspect) to cause it to wend its way into the
stable updates.

					--Barak.




Reply sent to bap@debian.org (Barak A. Pearlmutter):
You have taken responsibility. (Sat, 10 Dec 2011 19:57:06 GMT) Full text and rfc822 format available.

Notification sent to Sam Geeraerts <samgee@elmundolibre.be>:
Bug acknowledged by developer. (Sat, 10 Dec 2011 19:57:06 GMT) Full text and rfc822 format available.

Message #42 received at 641489-close@bugs.debian.org (full text, mbox):

From: bap@debian.org (Barak A. Pearlmutter)
To: 641489-close@bugs.debian.org
Subject: Bug#641489: fixed in adolc 2.1.8+nomsvcrt-1
Date: Sat, 10 Dec 2011 19:54:57 +0000
Source: adolc
Source-Version: 2.1.8+nomsvcrt-1

We believe that the bug you reported is fixed in the latest version of
adolc, which is due to be installed in the Debian FTP archive:

adolc_2.1.8+nomsvcrt-1.debian.tar.gz
  to main/a/adolc/adolc_2.1.8+nomsvcrt-1.debian.tar.gz
adolc_2.1.8+nomsvcrt-1.dsc
  to main/a/adolc/adolc_2.1.8+nomsvcrt-1.dsc
adolc_2.1.8+nomsvcrt.orig.tar.gz
  to main/a/adolc/adolc_2.1.8+nomsvcrt.orig.tar.gz
libadolc-dev_2.1.8+nomsvcrt-1_i386.deb
  to main/a/adolc/libadolc-dev_2.1.8+nomsvcrt-1_i386.deb
libadolc2_2.1.8+nomsvcrt-1_i386.deb
  to main/a/adolc/libadolc2_2.1.8+nomsvcrt-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 641489@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Barak A. Pearlmutter <bap@debian.org> (supplier of updated adolc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 23 Nov 2011 14:02:29 +0000
Source: adolc
Binary: libadolc-dev libadolc2
Architecture: source i386
Version: 2.1.8+nomsvcrt-1
Distribution: stable
Urgency: low
Maintainer: Barak A. Pearlmutter <bap@debian.org>
Changed-By: Barak A. Pearlmutter <bap@debian.org>
Description: 
 libadolc-dev - ADOLC development libs and headers
 libadolc2  - ADOLC automatic differentiation system, runtime libs
Closes: 641489
Changes: 
 adolc (2.1.8+nomsvcrt-1) stable; urgency=low
 .
   [ Jonathan Nieder ]
   * remove Visual C++ runtime from windows/ directory (closes: #641489)
   * document in debian/copyright how and why the source was repacked
Checksums-Sha1: 
 e9dc25ad3daaf16563b78f74291addc1422822f6 1227 adolc_2.1.8+nomsvcrt-1.dsc
 f0a71aa97e5ab921921c859f6987edceb0528fb6 2121143 adolc_2.1.8+nomsvcrt.orig.tar.gz
 d255c96f4f1055d9dfaa7f297feb77b72b0ede7e 17438 adolc_2.1.8+nomsvcrt-1.debian.tar.gz
 fa42b0ecd3bcdf4183aeafe86cc9ea44355dc2cd 890840 libadolc-dev_2.1.8+nomsvcrt-1_i386.deb
 53d217a8abec049dfaf28d87a6c90cfbb7ef89ce 143554 libadolc2_2.1.8+nomsvcrt-1_i386.deb
Checksums-Sha256: 
 b35f0d8041cd54d39533ceca986cba8b229784119de5c9fe0967ce08039e45a4 1227 adolc_2.1.8+nomsvcrt-1.dsc
 65ec29c3ec534c76f0e1d4e2ee8c77e22fdbb1dba4a3294312acd3f3d38d9a21 2121143 adolc_2.1.8+nomsvcrt.orig.tar.gz
 39841662ced09faa83768a3150cc5fe6d08a2c36053dd23f167c76ba1477765b 17438 adolc_2.1.8+nomsvcrt-1.debian.tar.gz
 02a93fadd3cbb0b938ef7c0f557af826c4e85a35723a26f94eec0da6987a63ab 890840 libadolc-dev_2.1.8+nomsvcrt-1_i386.deb
 403b8ebc4477429417018d10b7952f4b9821c7aacbf7d3466f358db1af347b85 143554 libadolc2_2.1.8+nomsvcrt-1_i386.deb
Files: 
 79e47cd90925973551ba740dddf4abed 1227 libs extra adolc_2.1.8+nomsvcrt-1.dsc
 39517ec2b0f24d80ae82c261e920c5e4 2121143 libs extra adolc_2.1.8+nomsvcrt.orig.tar.gz
 7e72306049bd3d5d475a7d1526809a75 17438 libs extra adolc_2.1.8+nomsvcrt-1.debian.tar.gz
 5a04896edb518b21d5af493bd6f8010b 890840 libdevel extra libadolc-dev_2.1.8+nomsvcrt-1_i386.deb
 5482c42ff4fb449fd607271d5af98122 143554 libs extra libadolc2_2.1.8+nomsvcrt-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFOzQXJLz4Gnv7CP7IRAhvcAJ0YEdDAiLDhn2gmm3dx7hKeKE3zhgCeMGCg
05GznFhD2gPqt8ojNZrZ9Gk=
=5FyO
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Barak A. Pearlmutter <bap@debian.org>:
Bug#641489; Package adolc. (Sun, 11 Dec 2011 18:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Barak A. Pearlmutter <bap@debian.org>. (Sun, 11 Dec 2011 18:51:03 GMT) Full text and rfc822 format available.

Message #47 received at 641489@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: snapshot.debian.org@packages.debian.org
Cc: Sam Geeraerts <samgee@elmundolibre.be>, 641489@bugs.debian.org
Subject: Re: adolc: Contains non-free Windows executables
Date: Sun, 11 Dec 2011 12:49:13 -0600
clone 641489 -1
retitle -1 unredistributable files in adolc
severity -1 normal
reopen -1
reassign -1 snapshot.debian.org
quit

Hi,

It seems that upstream versions

 2.1.7, 2.1.8, 2.1.9, 2.2.0

of adolc contain a file named vcredist_x86.exe with a EULA that does
not permit redistribution.  See http://bugs.debian.org/641489 for
details.




Bug 641489 cloned as bug 651732. Request was from Jonathan Nieder <jrnieder@gmail.com> to control@bugs.debian.org. (Sun, 11 Dec 2011 18:51:04 GMT) Full text and rfc822 format available.

Message #50 received at 641489-done@bugs.debian.org (full text, mbox):

From: Peter Palfrader <weasel@debian.org>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: Sam Geeraerts <samgee@elmundolibre.be>, 641489-done@bugs.debian.org
Subject: Re: adolc: Contains non-free Windows executables
Date: Tue, 24 Jan 2012 11:29:47 +0100
On Son, 11 Dez 2011, Jonathan Nieder wrote:

> It seems that upstream versions
> 
>  2.1.7, 2.1.8, 2.1.9, 2.2.0
> 
> of adolc contain a file named vcredist_x86.exe with a EULA that does
> not permit redistribution.  See http://bugs.debian.org/641489 for
> details.

Seems that fell a bit through the cracks.  Done now.  It seems that
2.1.10 and 2.1.12 were also affected.

I removed the orig.tar.gz and the binaries build from the source but
left the .dsc and diff.gz/debian.tar.gz in place since I assume they are
fine.  If the debian diff/tar also contains unredistributable files
please let me know.

removal log entry: http://snapshot.debian.org/removal/29

Cheers,
weasel
-- 
                           |  .''`.       ** Debian **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 22 Feb 2012 07:40:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 02:01:42 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.