Source: update-notifier Severity: serious Version: 0.99.3debian8 0.99.3debian11
Both, the Squeeze version[1] as well as the Wheezy version[2] of this package claim in debian/copyright that it's licensed under the "GNU Lesser General Public License version 2" (or later) despite the facts that a) a "version 2" of the GNU Lesser General Public License never existed[3], and b) the file COPYING in the same tar ball[4][5] clearly contains the GNU General Public License version 2 and neither the GNU Lesser General Public License version 2.1 not the GNU Library General Public License version 2.0 (which would be the closest name matches to mentioned non-existing license). [1] https://sources.debian.net/src/update-notifier/0.99.3debian8/debian/copyright/ [2] https://sources.debian.net/src/update-notifier/0.99.3debian11/debian/copyright/ [3] https://www.gnu.org/licenses/old-licenses/old-licenses.html#LGPL [4] https://sources.debian.net/src/update-notifier/0.99.3debian11/COPYING/ [5] https://sources.debian.net/src/update-notifier/0.99.3debian11/COPYING/ debian/copyright seems to refer to src/update-notifier.c which sports the same non-existing license[6][7]. [6] https://sources.debian.net/src/update-notifier/0.99.3debian8/src/update-notifier.c/#L7 [7] https://sources.debian.net/src/update-notifier/0.99.3debian11/src/update-notifier.c/#L7 Even if you do not intend to do an (old)stable update for this issue, please at least clarify the license in this bug report to allow others to fork your work under the correct license. My interpretation is the following: * debian/copyright as well as src/update-notifier.c both refer to a non-existing license. * They do not refer to an explicit file in /usr/share/common-licenses/ but claim that the license should have been received "along with this library". * "Along with this library", there is only the GPL (in the file COPYING), but none of its LGPL-abbreviated relatives. * This looks like a failed and incomplete relicensing attempt from GPL-2+ to LGPL-2.1+. * The GPL-2 is a stricter version of at least the LGPL-2.1. So it should be safe to asssume that the software can be at least copied under the terms of the GPL-2 and probably also GPL-2+. But then again, IANAL. So any clarification is appreciated. -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/6 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
