Debian Bug report logs - #864729
Use obsolete/buggy code

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Dmitry Shachnev <mitya57@debian.org>

To: submit@bugs.debian.org

Subject: assimp: Bundles ConvertUTF code which is under non-DFSG license

Date: Tue, 13 Jun 2017 19:26:07 +0300

[Message part 1 (text/plain, inline)]

Source: assimp
Version: 3.3.1~dfsg-4
Severity: serious

Dear maintainer,

assimp seems to bundle ConvertUTF library which is under a non-DFSG license.

$ lintian -i assimp_3.3.1~dfsg-4.dsc
E: assimp source: license-problem-convert-utf-code contrib/ConvertUTF/ConvertUTF.c
N:
N:    The following file source files include material under a non-free
N:    license from Unicode Inc. Therefore, it is not possible to ship this in
N:    main or contrib.
N:
N:    This license does not grant any permission to modify the files (thus
N:    failing DFSG#3). Moreover, the license grant to attempt to restrict use
N:    to "products supporting the Unicode Standard" (thus failing DFSG#6).
N:
N:    In this case a solution is to use libicu and to remove this code by
N:    repacking.
N:
N:    If this is a false-positive, please report a bug against Lintian.
N:
N:    Refer to https://bugs.debian.org/823100 for details.
N:
N:    Severity: serious, Certainty: possible
N:
N:    Check: cruft, Type: source

--
Dmitry Shachnev

[signature.asc (application/pgp-signature, inline)]

Message #8 received at 864729-submitter@bugs.debian.org (full text, mbox, reply):

From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

To: 864729-submitter@bugs.debian.org

Subject: Re: Bug#864729: assimp: Bundles ConvertUTF code which is under non-DFSG license

Date: Wed, 14 Jun 2017 10:06:27 +0200

On 2017-06-13 18:26, Dmitry Shachnev wrote:
> Source: assimp
> Version: 3.3.1~dfsg-4
> Severity: serious
> 
> Dear maintainer,
> 
> assimp seems to bundle ConvertUTF library which is under a non-DFSG license.

thanks a lot for your bug-report.

pease do not forget to also file bugs against the remaining packages
that still use ConvertUTF.c:
  https://lintian.debian.org/tags/license-problem-convert-utf-code.html

mfadr
IOhannes

Message #13 received at 864729@bugs.debian.org (full text, mbox, reply):

From: Dmitry Shachnev <mitya57@debian.org>

To: IOhannes m zmölnig <umlaeute@debian.org>, 864729@bugs.debian.org

Subject: Re: Bug#864729: assimp: Bundles ConvertUTF code which is under non-DFSG license

Date: Wed, 14 Jun 2017 23:45:44 +0300

[Message part 1 (text/plain, inline)]

Hi IOhannes,

On Wed, Jun 14, 2017 at 10:06:27AM +0200, IOhannes m zmölnig wrote:
> thanks a lot for your bug-report.
>
> please do not forget to also file bugs against the remaining packages
> that still use ConvertUTF.c:
>   https://lintian.debian.org/tags/license-problem-convert-utf-code.html

Sorry, I do not intend to start a mass bug filing because there are quite
many packages there.

In this particular case, I noticed the issue in assimp code which is bundled
into qt3d-opensource-src, and decided to report it here, so that qt3d can
benefit from the future fix in your package.

--
Dmitry Shachnev

[signature.asc (application/pgp-signature, inline)]

Message #16 received at 864729-submitter@bugs.debian.org (full text, mbox, reply):

From: Rene Engelhard <rene@debian.org>

To: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

Cc: 864729-submitter@bugs.debian.org

Subject: Re: Bug#864729: assimp: Bundles ConvertUTF code which is under non-DFSG license

Date: Tue, 11 Jul 2017 08:10:08 +0200

Hi,

On Wed, Jun 14, 2017 at 10:06:27AM +0200, IOhannes m zmölnig (Debian/GNU) wrote:
> pease do not forget to also file bugs against the remaining packages
> that still use ConvertUTF.c:
>   https://lintian.debian.org/tags/license-problem-convert-utf-code.html

Just happened to see this report...

It seems that not all of these are actually affected. Most are, but the
things including google breakpad for their crash reporter stuff have
a newer version of this apparently:

/*
 * Copyright © 1991-2015 Unicode, Inc. All rights reserved.
 * Distributed under the Terms of Use in 
 * http://www.unicode.org/copyright.html.
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of the Unicode data files and any associated documentation
 * (the "Data Files") or Unicode software and any associated documentation
 * (the "Software") to deal in the Data Files or Software
 * without restriction, including without limitation the rights to use,
 * copy, modify, merge, publish, distribute, and/or sell copies of
 * the Data Files or Software, and to permit persons to whom the Data Files
 * or Software are furnished to do so, provided that
 * (a) this copyright and permission notice appear with all copies 
 * of the Data Files or Software,
 * (b) this copyright and permission notice appear in associated 
 * documentation, and
 * (c) there is clear notice in each modified Data File or in the Software
 * as well as in the documentation associated with the Data File(s) or
 * Software that the data or software has been modified.
 *
 * THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF
 * ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS
 * NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL
 * DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
 * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THE DATA FILES OR SOFTWARE.
 *
 * Except as contained in this notice, the name of a copyright holder
 * shall not be used in advertising or otherwise to promote the sale,
 * use or other dealings in these Data Files or Software without prior
 * written authorization of the copyright holder.
 */

which on a first glance looks BSDish and OKsh to me.

Regards,

Rene 

Message #21 received at 864729-quiet@bugs.debian.org (full text, mbox, reply):

From: Dmitry Shachnev <mitya57@debian.org>

To: Rene Engelhard <rene@debian.org>, 864729-quiet@bugs.debian.org

Subject: Re: Bug#864729: assimp: Bundles ConvertUTF code which is under non-DFSG license

Date: Tue, 11 Jul 2017 13:34:41 +0300

[Message part 1 (text/plain, inline)]

Hi Rene!

On Tue, Jul 11, 2017 at 08:10:08AM +0200, Rene Engelhard wrote:
> It seems that not all of these are actually affected. Most are, but the
> things including google breakpad for their crash reporter stuff have
> a newer version of this apparently:
> [...]
>
> which on a first glance looks BSDish and OKsh to me.

Interesting. It looks like breakpad developers just changed the license
without any explanation:

https://chromium.googlesource.com/breakpad/breakpad/+/14bbefbd9600e08d

I wonder if they actually got a permission from Unicode, Inc. to relicense
those files.

--
Dmitry Shachnev

[signature.asc (application/pgp-signature, inline)]

Message #26 received at 864729@bugs.debian.org (full text, mbox, reply):

From: Rene Engelhard <rene@debian.org>

To: Dmitry Shachnev <mitya57@debian.org>

Cc: 864729@bugs.debian.org

Subject: Re: Bug#864729: assimp: Bundles ConvertUTF code which is under non-DFSG license

Date: Tue, 11 Jul 2017 21:26:14 +0200

Hi,

On Tue, Jul 11, 2017 at 01:34:41PM +0300, Dmitry Shachnev wrote:
> On Tue, Jul 11, 2017 at 08:10:08AM +0200, Rene Engelhard wrote:
> > It seems that not all of these are actually affected. Most are, but the
> > things including google breakpad for their crash reporter stuff have
> > a newer version of this apparently:
> > [...]
> >
> > which on a first glance looks BSDish and OKsh to me.
> 
> Interesting. It looks like breakpad developers just changed the license
> without any explanation:
> 
> https://chromium.googlesource.com/breakpad/breakpad/+/14bbefbd9600e08d
> 
> I wonder if they actually got a permission from Unicode, Inc. to relicense
> those files.

Asked in #libreoffice-dev (upstream using breakpad, too, disabled in Debian
builds):

21:14 < _rene_> moggi: do you have good contact with the breakpad guys?
21:15 <@moggi> _rene_: I have talked to the mozilla breakpad guy a few times, 
               why?
21:15 -!- ohallot [~Thunderbi@mvx-189-45-131-207.mundivox.com] has joined 
          #libreoffice-dev
21:16 < _rene_> moggi: see http://bugs.debian.org/864729. totally unrelated 
                package, just saw it
21:16 < _rene_> BUT
21:16 < _rene_> mozilla includes that too via breakpad
21:17 < _rene_> and they did relicense to something BSDish
21:18 <@moggi> _rene_: I know the reviewer of the license change
21:19 < _rene_> so I wonder what went up there and whether Unicode relicensed it
21:19 < _rene_> and for everything or for Google only (where the latter would 
                also violate the DFSG)
21:19 < loircbot> LibreOffice (core) tamas.zolnai * 
                  svx/source/table/tablecontroller.cxx: tdf#109050: Moving 
                  table object with ALT+Arrow keys does not work properly
21:21 <@moggi> _rene_: 
               https://bugs.chromium.org/p/google-breakpad/issues/detail?id=270
21:22 < _rene_> ah, thanks

which says:

--- snip ---
Project Member Comment 6 by ted.miel...@gmail.com, Jan 21 2015
Gervase Markham told me that Mark Davis (original author of the code) told him via private email that the license on this code is now the standard Unicode license, which is an acceptable open source license. I would love to get that in a public venue, but I think we can safely replace the license on these files with the Unicode license.

Comment 7 by gerv.mar...@gmail.com, Feb 4 2015
Specifically, Mark's email said:

On Thu, Jan 15, 2015 at 6:01 PM, Gervase Markham <gerv@mozilla.org> wrote:
>     * Unicode, Inc. hereby grants the right to freely use the information
>     * supplied in this file in the creation of products supporting the
>     * Unicode Standard

​It is now covered by http://www.unicode.org/copyright.html#Exhibit1

Mark
--- snip ---

Regards,

Rene

> 
> --
> Dmitry Shachnev

Message #31 received at 864729-close@bugs.debian.org (full text, mbox, reply):

From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

To: 864729-close@bugs.debian.org

Subject: Bug#864729: fixed in assimp 3.3.1~dfsg-5

Date: Wed, 12 Jul 2017 19:03:55 +0000

Source: assimp
Source-Version: 3.3.1~dfsg-5

We believe that the bug you reported is fixed in the latest version of
assimp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864729@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> (supplier of updated assimp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Jul 2017 20:01:45 +0200
Source: assimp
Binary: libassimp3v5 libassimp-dev libassimp-doc assimp-utils python-pyassimp
Architecture: source
Version: 3.3.1~dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Changed-By: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
Description:
 assimp-utils - 3D model import library (utilities)
 libassimp-dev - 3D model import library (development)
 libassimp-doc - 3D model import library (documentation)
 libassimp3v5 - 3D model import library
 python-pyassimp - 3D model import library (Python bindings)
Closes: 864729
Changes:
 assimp (3.3.1~dfsg-5) unstable; urgency=medium
 .
   * Added Multi-Arch fields
   * Updated ConvertUTF license to the DFSG-free new unicode license.
     Thanks to Rene Engelhard <rene@debian.org> (Closes: #864729)
     * Added lintian-override for ConvertUTF
   * Bumped standards version to 4.0.0
Checksums-Sha1:
 95685e9430ec5915726b14f690ca10afc5333341 2297 assimp_3.3.1~dfsg-5.dsc
 8006e5920d7a2aa259e7e58aa7c54c82fb0f4acf 19608 assimp_3.3.1~dfsg-5.debian.tar.xz
 66d3c71e0f76b538ba82e07990c6773247f9ec5a 10595 assimp_3.3.1~dfsg-5_amd64.buildinfo
Checksums-Sha256:
 89c68e6e05e6d269fe8f7c223b455cef0aa1e30c1985763188a2bce39280ad71 2297 assimp_3.3.1~dfsg-5.dsc
 ab7d2698d63f3a468013e17aa866975708aa0fd1daeaa39a080ead1befbcb775 19608 assimp_3.3.1~dfsg-5.debian.tar.xz
 798e4ae9ee48ed020c1b8ea37174b6a32f3cf64c137a00056fbeb10df1c4bfd8 10595 assimp_3.3.1~dfsg-5_amd64.buildinfo
Files:
 1774d0c6049e06549c8a35b7bb88bfee 2297 graphics extra assimp_3.3.1~dfsg-5.dsc
 d904218d95a15fd8fe725c8165fd1de1 19608 graphics extra assimp_3.3.1~dfsg-5.debian.tar.xz
 476c7d911796be49f46ad05a52793033 10595 graphics extra assimp_3.3.1~dfsg-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAllmbdwACgkQtlAZxH96
Nvh0mhAAkmJxQ0tGRwQLOKWhv9Fe+LtJi/3nDbas8om/ngp2mABpP3rhzv3DaesZ
izJHPnhwad8EQbk2WFnbg0Y9XjnIzDzsWWcypILMlWMzRPdun6F7F7dPF2J+bT/t
ZnWjTa64RwxKnAWGTbx0x8/aAsjqAW/OfWZaeO7IFP9VetXxW0dxewKdUr634nuc
p8ps7E0Fa5erTXvJxR4CvSD5Kjvnw3jAIPHs9OUBuU9HuCU+voZBHYm4Ke1Ep+iN
NxWQ8BMzp2dhgCLC8FlCIdTwAtj+8b9l5vMdEaHu/GqczBIPWUGDh3drmn8iMPhz
17zi38cfsbvshieCf2772bdfWMEOgiu4JjGICMM2X7rV2CvDqn/xEfeSqzxyjFCb
IghrN+yXPIZAP0nznVCDv3p5VlaFgeQR+ZTqrsrHCZMYOmxH2uCteZPzbzlp7fJH
YqN3zCPCguYqMkEundRiOQtQlmNiLn7GFQyP3Nh0Iwt4K9C12e8X3GJ6If0kebjz
EcIA7maOUm0lbQcxBoTHETeonpgQ8RtQkGmdM8/UplZw4DejXJvYcHWTr9YN5AAz
dq8zbdAiul5zgQgL4B3sLBQ9bdRy/A/+eYkRFPodsvYoVxRAiN7akaFTN7kER25a
YNgmCIrFLzAqLTgdVlcC7fH3wCOe+oq5mVi9ux6fcxauVZxURGs=
=JXUE
-----END PGP SIGNATURE-----

Message #36 received at 864729@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

To: 864729@bugs.debian.org

Subject: Reopen

Date: Fri, 1 Jun 2018 22:21:44 +0200

control: reopen -1
control: found -1 3.3.1~dfsg-5

This bug was not fixed. Unicode body withdraw this code from their
website (due to bugs that are fixed in icu) long before applying
relicencing.

So it is not free

Bastien

Message #47 received at 864729@bugs.debian.org (full text, mbox, reply):

From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

To: 864729@bugs.debian.org

Subject: Retitle

Date: Fri, 1 Jun 2018 22:27:28 +0200

control: retitle -1 Use obsolete/buggy code
control: severity -1 important

ConvertUTF is nevertheless buggy/obsolete please use libicu

Bastien

Message #56 received at 864729@bugs.debian.org (full text, mbox, reply):

From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

To: 864729@bugs.debian.org

Subject: Re: Retitle

Date: Mon, 4 Jun 2018 11:26:48 +0200

On Fri, 1 Jun 2018 22:27:28 +0200 Bastien ROUCARIES
<roucaries.bastien@gmail.com> wrote:
> control: retitle -1 Use obsolete/buggy code
> control: severity -1 important
> 
> ConvertUTF is nevertheless buggy/obsolete please use libicu
> 

hmm. i don't agree that "uses obsolete/buggy code" is a bug in itself.
please be more specific (or file that bug against all non-trivial
packages, as i doubt that any of them does not "use buggy code").

if you want libicu to be used, please report the issue upstream - and
submit patches (i find upstream very appreciative).

gfamsdr
IOhannes

Message #61 received at 864729-done@bugs.debian.org (full text, mbox, reply):

From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>

To: 864729-done@bugs.debian.org

Subject: Use obsolete/buggy code

Date: Fri, 18 Oct 2019 13:26:55 +0200

since assimp-4.1.0 upstream has switched from ConvertUTF to utf8cpp.
thanks.

Send a report that this bug log contains spam.