Bug#393404: marked as done (Source package contains non-free IETF RFC/I-D's)

Sat, 11 Nov 2006 03:21:01 -0800 

Your message dated Sat, 11 Nov 2006 03:02:19 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#393404: fixed in openldap2.3 2.3.29-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: openldap2.3
Version: 2.3.25-1
Severity: serious

Hi!

This bug has been filed on multiple packages, and general discussions
are kindly requested to take place on debian-legal or debian-devel in
the thread with Subject: "Non-free IETF RFC/I-Ds in source packages".

It seems this source package contains the following files from the
IETF under non-free license terms:

openldap-2.3.25/doc/rfc/rfc1274.txt 
openldap-2.3.25/doc/rfc/rfc2079.txt 
openldap-2.3.25/doc/rfc/rfc2247.txt 
openldap-2.3.25/doc/rfc/rfc2251.txt 
openldap-2.3.25/doc/rfc/rfc2252.txt 
openldap-2.3.25/doc/rfc/rfc2253.txt 
openldap-2.3.25/doc/rfc/rfc2254.txt 
openldap-2.3.25/doc/rfc/rfc2255.txt 
openldap-2.3.25/doc/rfc/rfc2256.txt 
openldap-2.3.25/doc/rfc/rfc2293.txt 
openldap-2.3.25/doc/rfc/rfc2294.txt 
openldap-2.3.25/doc/rfc/rfc2307.txt 
openldap-2.3.25/doc/rfc/rfc2377.txt 
openldap-2.3.25/doc/rfc/rfc2587.txt 
openldap-2.3.25/doc/rfc/rfc2589.txt 
openldap-2.3.25/doc/rfc/rfc2649.txt 
openldap-2.3.25/doc/rfc/rfc2696.txt 
openldap-2.3.25/doc/rfc/rfc2713.txt 
openldap-2.3.25/doc/rfc/rfc2714.txt 
openldap-2.3.25/doc/rfc/rfc2798.txt 
openldap-2.3.25/doc/rfc/rfc2829.txt 
openldap-2.3.25/doc/rfc/rfc2830.txt 
openldap-2.3.25/doc/rfc/rfc2849.txt 
openldap-2.3.25/doc/rfc/rfc2891.txt 
openldap-2.3.25/doc/rfc/rfc2926.txt 
openldap-2.3.25/doc/rfc/rfc3045.txt 
openldap-2.3.25/doc/rfc/rfc3062.txt 
openldap-2.3.25/doc/rfc/rfc3088.txt 
openldap-2.3.25/doc/rfc/rfc3112.txt 
openldap-2.3.25/doc/rfc/rfc3296.txt 
openldap-2.3.25/doc/rfc/rfc3377.txt 
openldap-2.3.25/doc/rfc/rfc3383.txt 
openldap-2.3.25/doc/rfc/rfc3663.txt 
openldap-2.3.25/doc/rfc/rfc3671.txt 
openldap-2.3.25/doc/rfc/rfc3672.txt 
openldap-2.3.25/doc/rfc/rfc3673.txt 
openldap-2.3.25/doc/rfc/rfc3674.txt 
openldap-2.3.25/doc/rfc/rfc3687.txt 
openldap-2.3.25/doc/rfc/rfc3698.txt 
openldap-2.3.25/doc/rfc/rfc3703.txt 
openldap-2.3.25/doc/rfc/rfc3712.txt 
openldap-2.3.25/doc/rfc/rfc3727.txt 
openldap-2.3.25/doc/rfc/rfc3771.txt 
openldap-2.3.25/doc/rfc/rfc3829.txt 
openldap-2.3.25/doc/rfc/rfc3866.txt 
openldap-2.3.25/doc/rfc/rfc3876.txt 
openldap-2.3.25/doc/rfc/rfc3909.txt 
openldap-2.3.25/doc/rfc/rfc3928.txt 
openldap-2.3.25/doc/rfc/rfc4013.txt 
openldap-2.3.25/doc/rfc/rfc4370.txt 
openldap-2.3.25/doc/rfc/rfc4373.txt 
openldap-2.3.25/doc/rfc/rfc4403.txt 

The license on RFC/I-Ds is not DFSG-free, see:
 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810
 * http://release.debian.org/removing-non-free-documentation
 * http://wiki.debian.org/NonFreeIETFDocuments

The etch release policy says binary and source packages must each be free:
 * http://release.debian.org/etch_rc_policy.txt

The severity is serious, because this violates the Debian policy:
 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem.  In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license.  A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding a 'dfsg' version name to it.

3. Move the package to non-free.

I went over many packages looking for names of likely non-free files,
and there may be false positives.  If this is the case for your
package, I'm sorry for the noise.  I'll modify the scripts to take
into account false positives when I learn of them, and publish the
list of exceptions under "Known exceptions" at
<http://wiki.debian.org/NonFreeIETFDocuments>.

Thanks,
Simon

--- End Message ---
--- Begin Message --- 
Source: openldap2.3
Source-Version: 2.3.29-1

We believe that the bug you reported is fixed in the latest version of
openldap2.3, which is due to be installed in the Debian FTP archive:

ldap-utils_2.3.29-1_i386.deb
  to pool/main/o/openldap2.3/ldap-utils_2.3.29-1_i386.deb
libldap-2.3-0_2.3.29-1_i386.deb
  to pool/main/o/openldap2.3/libldap-2.3-0_2.3.29-1_i386.deb
openldap2.3_2.3.29-1.diff.gz
  to pool/main/o/openldap2.3/openldap2.3_2.3.29-1.diff.gz
openldap2.3_2.3.29-1.dsc
  to pool/main/o/openldap2.3/openldap2.3_2.3.29-1.dsc
openldap2.3_2.3.29.orig.tar.gz
  to pool/main/o/openldap2.3/openldap2.3_2.3.29.orig.tar.gz
slapd_2.3.29-1_i386.deb
  to pool/main/o/openldap2.3/slapd_2.3.29-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthijs Mohlmann <[EMAIL PROTECTED]> (supplier of updated openldap2.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 11 Nov 2006 11:24:42 +0100
Source: openldap2.3
Binary: slapd ldap-utils libldap-2.3-0
Architecture: source i386
Version: 2.3.29-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers <[EMAIL PROTECTED]>
Changed-By: Matthijs Mohlmann <[EMAIL PROTECTED]>
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.3-0 - OpenLDAP libraries
 slapd      - OpenLDAP server (slapd)
Closes: 389369 393404 396096 397673
Changes: 
 openldap2.3 (2.3.29-1) unstable; urgency=medium
 .
   [ Matthijs Mohlmann ]
   * New upstream release.
     - Fixes Denial of Service through a certain combination of LDAP BIND
       requests (CVE-2006-5779) (Closes: #397673)
   * LSB section added to the init script.
   * Updated README.Debian about running as non-root user (Closes: #389369)
   * Updated de translation (Closes: #396096)
   * Added some documentation / warning when running slapindex as root.
   * Remove drafts and rfc from the tarball. (Closes: #393404)
Files: 
 2f7bdb16f4784415951a903eb9ce2907 1193 net optional openldap2.3_2.3.29-1.dsc
 b06a8cd1229d2089e82f9fe44460c3bf 2971010 net optional 
openldap2.3_2.3.29.orig.tar.gz
 cdb02597058efc0a27ca24a454a77f1b 581376 net optional 
openldap2.3_2.3.29-1.diff.gz
 9e21644f9284d6c81ff1fbbf1af49a5c 1150090 net optional slapd_2.3.29-1_i386.deb
 84a6b78bf230ec0337a558afa8611622 153016 net optional 
ldap-utils_2.3.29-1_i386.deb
 5c92bd695aa7cf2978953988cf7cd84d 264812 libs optional 
libldap-2.3-0_2.3.29-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFVajU2n1ROIkXqbARAttxAJ4qidqVx5WcT8xdcNkr06FGCJ2ULgCfSSpe
hefYT8RA35wO4E/ImHPZRX0=
=dQkm
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to