Bug#914291: jaxrs-api: copyright file wrong
Markus Koschany
apo at debian.org
Wed Nov 21 18:02:15 GMT 2018
Control: severity -1 normal
Am 21.11.18 um 18:15 schrieb Thorsten Glaser:
> Source: jaxrs-api
> Version: 2.1.2-2
> Severity: serious
> Justification: Policy 2.3, 12.5, possibly 2.1
>
> In an internal Java™ project of $dayjob I was checking licences
> of updated components and found that javax.ws.rs:javax.ws.rs-api
> 2.1.1 has a new, different, licence I am unfamiliar with. I de‐
> cided to see whether it’s in Debian and what its thoughts on it
> are.
>
> The Debian source package for the same component, however, has
> still the old licence listed. I looked into the source code, and
> lo and behold, it carries the NEW one. (This means that the DD
> who uploaded it did not read the diff between the versions care‐
> fully enough).
>
> Broken copyright information is at least RC and serious. If the
> new licence (EPLv2 something) is not DFSG-free this makes it
> grave and grounds for archive and snapshot removal.
Further investigation into the issue would have yielded the following:
The project is still dual-licensed under EPL-2.0 and
GPL-2+-with-class-path-exception. See the NOTICE file. The EPL license
is very similar to CDDL. There is also a EPL FAQ that answers most of
the common licensing questions:
https://www.eclipse.org/legal/epl-2.0/faq.php#h.nmhx2u70socl
In any case since it is available under GPL-2+with-class-path-exception
we comply with the Debian Policy. Thus I am downgrading the severity to
normal because it is a documentation bug and not a serious Policy violation.
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20181121/2af8e18b/attachment.sig>
More information about the pkg-java-maintainers
mailing list