Hi Paul, Thank you for the link - I haven't been subscribed to mentors for a while and so wasn't aware of Patrik Fimml's RFS or your analysis.
In the general sense, it's kind of disappointing that there are still 13 year old copies of core functionality like blowfish floating around with licensing issues. I haven't looked at alternatives all that closely yet, but it seems like we need to come up with a DFSG alternative either by disabling the ODc plugin or porting to/finding an alternate blowfish implementation. For the latter I'm assuming that libcrypto++-dev is the right choice. (In Googling about for C++ blowfish implementations, Wei Dai's implementation pops up right away.) Regards, tony On 11/07/2010 01:15 AM, Paul Wise wrote: > Package: abiword > Version: 2.8.6-0.1 > Severity: serious > X-Debbugs-CC: Jari Aalto <jari.aa...@cante.net>, tony mancill > <tmanc...@debian.org> > > Quoting from my review of 2.8.6-1 prepared by the maintainer: > > http://lists.debian.org/debian-mentors/2010/10/msg00401.html > > The license of plugins/opendocument/common/xp/crypto/blowfish/ looks > like it is the original BSD license with obnoxious advertising clause, > which is incompatible with the GNU GPL IIRC. This is the blocker for > uploading it. Please talk to upstream about that. > > http://www.gnu.org/licenses/license-list.html#OriginalBSD > > In addition it is an embedded code copy of part of OpenSSL, the > security team does not like those. >
signature.asc
Description: OpenPGP digital signature
