Debian Bug report logs - #730758
sha1 is non-free

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luca Falavigna <dktrkranz@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: sha1 is non-free

Date: Fri, 29 Nov 2013 11:11:31 +0100

Source: witty
Version: 3.3.0-1
Severity: serious
Tags: sid jessie


src/web/sha1.* are licensed under these terms:/*
 *  sha1.h
 *
 *  Copyright (C) 1998, 2009
 *  Paul E. Jones <paulej@packetizer.com>
 *  All Rights Reserved
 *
 * Freeware Public License (FPL)
 *
 * This software is licensed as "freeware."  Permission to distribute
 * this software in source and binary forms, including incorporation
 * into other products, is hereby granted without a fee.  THIS SOFTWARE
 * IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS FOR A PARTICULAR PURPOSE.  THE AUTHOR SHALL NOT BE HELD
 * LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER
 * DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA
 * OR DATA BEING RENDERED INACCURATE.

Thus, these portions of code are non-free.

Cheers,
Luca

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Pau Garcia i Quiles <pgquiles@elpauer.org>

To: Luca Falavigna <dktrkranz@debian.org>, 730758@bugs.debian.org

Cc: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#730758: sha1 is non-free

Date: Fri, 29 Nov 2013 23:05:02 +0100

[Message part 1 (text/plain, inline)]

Hello,

I'll work on this with upstream ASAP. I was finishing the last touches for
3.3.1-1, this will delay it a bit, hopefully for good.

Thank you for your report.




On Fri, Nov 29, 2013 at 11:11 AM, Luca Falavigna <dktrkranz@debian.org>wrote:

> Source: witty
> Version: 3.3.0-1
> Severity: serious
> Tags: sid jessie
>
>
> src/web/sha1.* are licensed under these terms:/*
>  *  sha1.h
>  *
>  *  Copyright (C) 1998, 2009
>  *  Paul E. Jones <paulej@packetizer.com>
>  *  All Rights Reserved
>  *
>  * Freeware Public License (FPL)
>  *
>  * This software is licensed as "freeware."  Permission to distribute
>  * this software in source and binary forms, including incorporation
>  * into other products, is hereby granted without a fee.  THIS SOFTWARE
>  * IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES,
>  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
>  * AND FITNESS FOR A PARTICULAR PURPOSE.  THE AUTHOR SHALL NOT BE HELD
>  * LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER
>  * DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA
>  * OR DATA BEING RENDERED INACCURATE.
>
> Thus, these portions of code are non-free.
>
> Cheers,
> Luca
>



-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

[Message part 2 (text/html, inline)]

Message #20 received at 730758@bugs.debian.org (full text, mbox, reply):

From: Pau Garcia i Quiles <pgquiles@elpauer.org>

To: 730758@bugs.debian.org

Subject: Fwd: sha1 license

Date: Sat, 30 Nov 2013 19:55:10 +0100

[Message part 1 (text/plain, inline)]

Hello,

I wrote to upstream and he cleared all concerns.


---------- Forwarded message ----------
From: Paul E. Jones <paulej@packetizer.com>
Date: Sat, Nov 30, 2013 at 7:44 PM
Subject: Re: sha1 license
To: Pau Garcia i Quiles <pgquiles@elpauer.org>


Pau,

That is a little odd to claim it can't be modified. The whole point of
making it free is so that developers can do anything they want with it.
Somebody is adding more to what free means than what free means.

The code is totally free, with no restrictions on it whatsoever. There are
no fees, no requirements to provide changes back to me, etc., and of course
people can modify it. It would not be free if they couldn't. (And many
people have. It's used in lots of projects, some free and some commercial.)

I inserted the "Freeware Public License" line to poke fun at the GNU Public
License, which really is encumbered by silly restrictions. My code has
absolutely no restrictions whatsoever.

You are hereby authorized to make any change you want to the license file
or even adapt it as you see fit to address your own concerns. When I say it
is free, I mean it really is free :-)

Paul

------------------------------
*From:* Pau Garcia i Quiles <pgquiles@elpauer.org>
*Sent:* Sat Nov 30 12:05:22 EST 2013
*To:* paulej@packetizer.com
*Subject:* sha1 license

Hello,

I am the Debian packager of Wt ( http://www.webtoolkit.eu ), a C++ web
framework that uses your C SHA1 implementation.

http://www.packetizer.com/security/sha1/sha1-c.zip

It has come to my attention that your SHA1 implementation is licensed under
the Freeware Public License, which does not allow modification, and
therefore is not open source:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730758

I was wondering if the inexistence of a modification clause is on purpose
or just an oversight.

In case it is an oversight, would you mind adding a modification clause to
the FPL? (or licensing under another license, e. g. a 2-clause BSD license,
a MIT license or a Mozilla Public License). Otherwise, I will have to ask
Wt (and probably other projects, such as Qt) to replace your SHA1
implementation with an open source one.

Thank you

[Message part 2 (text/html, inline)]

Message #27 received at 730758-done@bugs.debian.org (full text, mbox, reply):

From: Pau Garcia i Quiles <pgquiles@elpauer.org>

To: 730758-done@bugs.debian.org

Date: Sat, 30 Nov 2013 19:58:52 +0100

[Message part 1 (text/plain, inline)]

Close reason: invalid bug

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.