Your message dated Tue, 16 Dec 2008 07:47:05 +0000
with message-id <e1lcue1-0001uc...@ries.debian.org>
and subject line Bug#507947: fixed in moodle 1.8.2.dfsg-1
has caused the Debian Bug report #507947,
regarding moodle: html2text.php is not DFSG-free
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
507947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: moodle
Version: 1.6.3-2
Severity: serious
Hello,
While taking a look at what moodle is shipping under /usr/share/moodle/lib/ I
noticed that the file html2text.php doesn't say much about its licence other
than a reference to upstream's website.
And from there (just quoting the most obvious ones)[1]:
> You should not attempt to prevent others from copying the scripts from your
> site. However, if you want to include the scripts in any script archives
> for downloading (such as ScriptSearch or JavaScript Kit), online or
> downloadable web templates (such as the SharePoint templates), or in
> bundled or distributed scripts/software (such as Opera or Dashboard
> widgets, or the Formativ Academic Timetable), you should contact me first
> and obtain my express written permission.
> You should check my scripts archive and 'What's new?' pages periodically to
> see if the script has been updated. More commonly updated scripts will also
> include version numbers in the .js header file(s). Updates are usually to
> provide extra functionality, or to increase browser compatibility, as well
> as the occasional bug fix. If you would like to be automatically kept up to
> date with script updates, subscribe to my RSS feed. All important script
> updates will be mentioned on there.
> — Commercial/profit-making public websites
> — Corporate internal websites
IOW: at first glance, it violates points 1, 5, and 6 of the DFSG.
When searching for other copies in the archive of the same file I found
roundcube-core shipping a file called html2text.php[2] which includes
html2text.inc which is released under the v2 of the GPL. Haven't checked, but
it might be a candidate to replace moodle's.
[1]http://www.howtocreate.co.uk/jslibs/termsOfUse.html
[2]/usr/share/roundcube/program/lib/html2text.inc
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: moodle
Source-Version: 1.8.2.dfsg-1
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:
moodle_1.8.2.dfsg-1.diff.gz
to pool/main/m/moodle/moodle_1.8.2.dfsg-1.diff.gz
moodle_1.8.2.dfsg-1.dsc
to pool/main/m/moodle/moodle_1.8.2.dfsg-1.dsc
moodle_1.8.2.dfsg-1_all.deb
to pool/main/m/moodle/moodle_1.8.2.dfsg-1_all.deb
moodle_1.8.2.dfsg.orig.tar.gz
to pool/main/m/moodle/moodle_1.8.2.dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 507...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francois Marier <franc...@debian.org> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 16 Dec 2008 20:24:27 +1300
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.8.2.dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Moodle Packaging Team <moodle-packag...@catalyst.net.nz>
Changed-By: Francois Marier <franc...@debian.org>
Description:
moodle - Course Management System for Online Learning
Closes: 507947 508593
Changes:
moodle (1.8.2.dfsg-1) unstable; urgency=high
.
* Replace html2text with a GPL alternative (closes: #507947)
* Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
* Add Dan Poltawski to the uploaders field
Checksums-Sha1:
550bd3e04422d3c9b28326febb5f43c5f8fa0dbe 1362 moodle_1.8.2.dfsg-1.dsc
28298d5b8916387091c2e411d6757c48669ae26a 10162497 moodle_1.8.2.dfsg.orig.tar.gz
69f8d7ae7e964477530e035fdd3c226f56992d79 33471 moodle_1.8.2.dfsg-1.diff.gz
8fba3fc32c66710516da323514b3523d3776175d 8720910 moodle_1.8.2.dfsg-1_all.deb
Checksums-Sha256:
1ff40fb4cd5e799dd748ea2339322b9f5da1ee6f5adf1d8d1591f185e6efd018 1362
moodle_1.8.2.dfsg-1.dsc
c67ebeba04320ab43f7ade9f1c685cfcdb327184428382c10b02fb4a2a76e7a2 10162497
moodle_1.8.2.dfsg.orig.tar.gz
b1541914fa82591f7a34f1ef863444ec76ca9bf47c701b8b27b8c3ccb7e35a68 33471
moodle_1.8.2.dfsg-1.diff.gz
f35a953425e8d6249d5e780acd6596b68acea826dd044a7b2f66ce14d13669c3 8720910
moodle_1.8.2.dfsg-1_all.deb
Files:
bcb0cfde4b6f1ca0766032ddd64266c0 1362 web optional moodle_1.8.2.dfsg-1.dsc
d116f83641c70216a94168aa2c303004 10162497 web optional
moodle_1.8.2.dfsg.orig.tar.gz
5741d3630ecfab96f43861853370281f 33471 web optional moodle_1.8.2.dfsg-1.diff.gz
7f49682873006f3145bc2ab5a815c8e5 8720910 web optional
moodle_1.8.2.dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklHWCgACgkQScUZKBnQNIa1KgCbBOMeRrzxNGwIPMh58NlwxaJd
4+AAnRfsv/yEnvWGuex+wDZqSjAKTa3X
=tHi5
-----END PGP SIGNATURE-----
--- End Message ---
