Your message dated Thu, 14 Jun 2018 05:49:13 +0000
with message-id <e1ftl8d-0009sy...@fasolo.debian.org>
and subject line Bug#833692: fixed in pinot 1.05-2
has caused the Debian Bug report #833692,
regarding pinot: links GPLv2+ code with OpenSSL
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
833692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pinot
Version: 1.05-1.1+b1
Severity: serious
Justification: Policy 2.2.1
Bad news everyone - pinot links libxapian (which is GPLv2+) and openssl
(which has a GPLv2+-incompatible advertising clause in its licence) into
the same binary:
$ ldd /usr/lib/pinot/backends/libxapianbackend.so|grep 'xapian\|ssl'
libssl.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2
(0x00007f079530e000)
libxapian.so.22 => /usr/lib/x86_64-linux-gnu/libxapian.so.22
(0x00007f0794aa6000)
$ dpkg -S /usr/lib/pinot/backends/libxapianbackend.so
pinot: /usr/lib/pinot/backends/libxapianbackend.so
I'm part of Xapian upstream, and with that hat on I can say we aren't
able to add an exception clause to the licence as there are copyright
holders who aren't interested in relicensing.
In the long term we're hoping to eliminate the non-relicensable code
from libxapian and release it under a more liberal licence, but that's
not imminent - a shorter-term way to resolve this for pinot in Debian is
needed.
It looks to me like you can probably build-depend on libcurl4-gnutls-dev
or libcurl4-nss-dev instead of libcurl4-openssl-dev (and drop
libssl-dev) except that the upstream configure script thinks it needs
openssl if `curl-config --features|grep -i SSL` is non-empty.
Cheers,
Olly
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pinot
Source-Version: 1.05-2
We believe that the bug you reported is fixed in the latest version of
pinot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 833...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Olly Betts <o...@survex.com> (supplier of updated pinot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Jun 2018 16:47:38 +1200
Source: pinot
Binary: pinot
Architecture: source
Version: 1.05-2
Distribution: unstable
Urgency: medium
Maintainer: Olly Betts <o...@survex.com>
Changed-By: Olly Betts <o...@survex.com>
Description:
pinot - meta-search engine for local files and web queries
Closes: 759122 828503 833692 836287
Changes:
pinot (1.05-2) unstable; urgency=medium
.
* Add myself as co-maintainer with maintainer's agreement.
* Convert from cdbs to dh.
* Cherry-pick fix from upstream for OpenSSL 1.1 and newer glib,
new patch: openssl-1.1+new-glib.patch (Closes: #828503)
* Avoid needlessly linking Xapian backend with OpenSSL, new patch:
fix-gpl-openssl-clash.patch (Closes: #833692)
* debian/control,debian/copyright,debian/watch: Update for upstream's
move to github.
* debian/control: Switch dbus-x11 dependency to default-dbus-session-bus |
dbus-session-bus. (Closes: #836287)
* Update to debhelper compat 11.
- Enables parallel building. (Closes: #759122)
* Update standards-version to 4.1.4:
- debian/menu: Drop obsolete menu file.
* Drop workaround for compilers which don't default to C++11.
* debian/copyright: Use https for format URL.
* Drop patch which is no longer needed: boost1.48.patch
* debian/control: Comment out old collab-maint Vcs info.
* debian/NEWS: Remove asterisk to placate lintian.
Checksums-Sha1:
3b6ea1b5abdaaf4daa8651f8142abbbcc65fe14b 2123 pinot_1.05-2.dsc
2d11dd0f8adc1095dd000678bd247ec924cf8cb5 17496 pinot_1.05-2.debian.tar.xz
b839bf6b9cbb8279b42e6c7d76363e7e6904cbcc 12990 pinot_1.05-2_amd64.buildinfo
Checksums-Sha256:
e9eb1ddb1a9e5136196959fbdf8906c26a73319b9e0b2f862377373d3dabd72d 2123
pinot_1.05-2.dsc
ad8ada943ea8b2e0f4cddba7e8c253a7891d167e8a39d19e353ff2a7cb399e29 17496
pinot_1.05-2.debian.tar.xz
5a7d9cd3052a3e0f1da1d2f7fcdcd2115a41a8ad95b2ac5b8ee0e3977fae9034 12990
pinot_1.05-2_amd64.buildinfo
Files:
1c6587e0b033508bfd15cebbb94fac1f 2123 x11 optional pinot_1.05-2.dsc
a52d5cc580a46e4881d1664bc82fa9bc 17496 x11 optional pinot_1.05-2.debian.tar.xz
e52dc007a5e6627025ca65b4fe53dbc4 12990 x11 optional
pinot_1.05-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECOJAD/f+j+3jrLUoGBR7BzutKwcFAlsh/PgACgkQGBR7Bzut
KwcHXw//b9jDkPfd4pfAys4pR/1kdSsGHlK0rTHtqRmK7KJTa4fNWVIMA7z+kXxo
wXcbEFdADg4Rp/ll+uqcLmmMN9DneSG0CruxLjT+xCiB4/dDmHZuHKDz5KDYzwog
ycIGoYC9a3uJ9KSF7OHaTJcK37XP0MGCK92lQI3jh5oMq5YCzm4C9U7wtmXHudO/
NNv2HQxDdoBpm+UUFlOno5B9xaQfJtWOO/HiPm5zKLpZ6/oMrFwb+P20Jl8mp/jv
ajbuHf6QNGu51SwHcHzeYJ9umJlzcijW7tMs69BonJiKO3e1ncNm1yQFqn9lJS9f
DMmPNHTurcwDYvzJZxIZLfQkv02D1RwJVW0k26HQdxH7KKeJJ1Ps1G4epCPyG5Oy
WO9LOgFc17JYw/pzWmSH6MwUtEHbTSEIQIdSiW4bpBj1hUUIoPiDonh9DX29exLt
h/v71iP+k7hNIZRkGubltDbN4I8PYdoc3Ed9r+4UMNrJdKQyHyV6hG0yxvufpeND
aP4VAAh5jvMcgaeQRk8C5q0Z4nK5qDZmSgvKohT28SJ+s3MPRqMq09Met9gcN2An
LPbE2RJuW/MZu9/bbNN5nF4BrLL7JKPN8uEKD1XX41zVc6wU6Pr90oAiwtQaHioE
cRoiDVybDXo3xfEodUslepj1ttByXUrxSniGFquowVQ2XJ+0DJw=
=/eUU
-----END PGP SIGNATURE-----
--- End Message ---
