Am 03.07.24 um 23:56 schrieb Benjamin Kaduk:
On Wed, Jul 03, 2024 at 11:27:50PM +0200, Bastian Germann wrote:
Am 03.07.24 um 05:23 schrieb Benjamin Kaduk:
I do not see how it would be possible to replace this code in Debian before
upstream can do so; this code is a core part of the functionality of the
software and the files cannot be relicensed without the permission of all
copyright holders.
Upstream supports more OS than only Linux and most of the changes are
portability changes. Trying a compile with the files replaced won't hurt.
I think it would hurt; some of the chnages relate to security fixes, among
other things.
Can you point to a specific security fix that is not included in glibc or
FreeBSD?
I would like to report it to them in that case.
I am also a bit confused at why you chose to file this as severity: serious
-- could you please clarify what part of policy is being violated or how it
makes the package unsuitable for release?
Assuming the license is non-free (which some people may doubt but this seems
to be established in Debian) the package violates Policy ยง2.2.1 "Every package
in main must comply with the DFSG"
Do you have any links handy for "this seems to be established in Debian"?
Maybe a statement from ftpmaster?
There is a bug waiting for a statement from ftpmaster: #1072165.
Starting from scratch I'm only finding
https://lists.debian.org/debian-legal/2003/08/msg00667.html from 2003 (and
the corresponding bug,
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=181493), neither of which
really ends with a resounding conclusion, and which are quite old.
The conclusion of bug #181493 was upstream's relicensing of the code.
