Package: sdpa
Version: 7.3.11+dfsg-1
Severity: important
User: debian-science-maintain...@lists.alioth.debian.org
Usertags: scotch-license-issues
Hello,
the executable /usr/bin/sdpa is under the GNU GPL v2 or later, with
no (documented) special exception.
However, at the same time, it links with:
=> libscotch-6.so and libesmumps-6.so, which are released
under the GPL-incompatible terms of the CeCILL-C v1.0 license
This seems to mean that package sdpa includes a file which is
GPL-licensed, but links with GPL-incompatible libraries.
Please refer to the similar bug #740463 for some further
details about the SCOTCH licensing issues.
I think the possible solutions to the issue for sdpa are, in
descending order of desirability:
(A) SCOTCH copyright holders should be contacted and persuaded to
re-license (or dual-license) it under GPLv2-or-later-compatible terms
(B) SCOTCH should be substituted with a GPLv2-or-later-compatible
replacement, if any is available (METIS seems to be at least
GPLv3-or-later-compatible, see https://bugs.debian.org/740463#15 )
(C) sdpa copyright holders should be asked to relax the copyleft (for
instance by switching to the LGPL v2.1) or add license exceptions that
give permission to link their works with code released under CeCILL-C v1.0
Once again, the best solution is (A): I renew my call for help to push
in the direction of {re|dual}-licensing SCOTCH under the GNU LGPL v2.1:
please see https://bugs.debian.org/740463#5 for the full story.
Thanks for your time!
P.S.: please note that the correct severity for this bug is "serious",
in my opinion. However, other similar bug reports have been downgraded
to "important", while waiting for a statement of the opinion of Debian
FTP Masters (a statement that has been repeatedly asked for, but seems
to never arrive: see https://bugs.debian.org/741196#126 , for instance).
For this reason, I set the severity to "important".
