Package: pdftk Version: 2.02-2 Severity: serious Tags: upstream Justification: Policy 2.1
pdftk is under GPLv2. It uses at least two LGPLv2 libraries, iText and iconv. Notably, iText is PDF-processing software essential to pdftk's main purpose. iText is embedded directly into pdftk's source in modified form (https://www.pdflabs.com/docs/pdftk-license/). (iconv does not appear to be embedded.) It appears that (for iText) it is using the provision allowing converting LGPLv2 to GPLv2. In that case, it's bound by GPLv2 2(c), which says: "If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice". There is such a notice (pdftk --help) with copyright and warranty info. However, it does not mention iText. Alternatively, if it is using LGPLv2 6 ("As an exception to the Sections above, you may also compile or link a "work that uses the Library"") (though I am not sure if this is usable if the library is embedded in the source), there are similar requirements: "If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License." All the authors of iText should be included in this runtime copyright statement and the man page. -- System Information: Debian Release: 8.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages pdftk depends on: ii libc6 2.19-18+deb8u10 ii libgcc1 1:4.9.2-10+deb8u1 ii libgcj15 4.9.2-10+deb8u1 ii libstdc++6 4.9.2-10+deb8u1 pdftk recommends no packages. Versions of packages pdftk suggests: ii poppler-utils [xpdf-utils] 0.26.5-2+deb8u4 -- no debconf information
