[pkg-bacula-devel] Bug#658326: Bug#658326: marked as done (bacula: sha implimentation is non-free)

Luca Capello luca at pca.it
Fri Jun 15 20:38:32 UTC 2012

found 658326 5.0.2-2.2
tags 658326 + squeeze
found 658326 5.0.3-1
tags 658326 + sid

Hi there!

On Fri, 15 Jun 2012 14:06:52 +0200, Karl Goetz wrote:
> On Wed, 02 May 2012 15:16:36 +0200
> Luca Capello <luca at pca.it> wrote:
> Sorry I missed this entire discussion; I forgot about the bug entirely
> until I saw the close email :/

No problem and actually thank you for the email, I just realized that I
forgot to fix it in stable, so Version:/Tags: added to the BTS and bug
fixed in squeeze-proposed-updates with the packages at:
$ sudo cat >/etc/apt/sources.list.d/people.debian.org_gismo.list
# <http://upsilon.cc/~zack/blog/posts/2009/04/howto:_uploading_to_people.d.o_using_dput/>
deb http://people.debian.org/~gismo/debian gismo-squeeze-proposed-updates/
deb-src http://people.debian.org/~gismo/debian gismo-squeeze-proposed-updates/
$ sudo wget -O /etc/apt/trusted.gpg.d/luca.pca.it-keyring.gpg \
$ sudo apt-get -t gismo-squeeze-proposed-updates $DEB

I am testing the above packages on my squeeze boxes, but any more
testing is appreciated.

>> 2) Have you seen that Karl (the original submitter) specifically
>> talked about stable and oldstable?  The problem should be fixed there
>> as well, but the first question above must be addressed first.
>>    Karl, given that the latest upstream sources still contain the
>>    incriminated files, have you already brought this problem up to the
>>    upstream authors?
>>      <http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.c>
>>      <http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.h>
> As you noted later (by filing a bug of your own) I had not done this -
> apologies.

No need to apologize :-)

Just to be clear about upstream reply:


  kern (administrator) 2012-05-24 07:25

  I am closing this bug report because it proposes making a change that
  is not necessary, and makes Bacula less free. My reasons are:

  1. This change doesn't make sense, because in the context of the code
  the reference to "this document" means the license, and it is quite
  standard to make the license text non-changable. It is clear from the
  wording of the license that it is not restrictive.

  2. This code does not contain an RFC. It contains an open and free
  implementation of an RFC.

  3. Implementing the proposed fix, in fact, adds an additional
  dependency on OpenSSL to build the base part of Bacula, which is not
  present in the current code. This is unacceptable to me.

  4. By requiring OpenSSL, you are making Bacula less free and also more
  incompatible with the GPL (even if I have made an exception for it).

  5. Bacula is unavailable from Source Forge for a good number of people
  in the world, because it has the possibility of using encryption
  software. Your patch makes it require encryption software, unless I
  misunderstand the proposed patch.

  We do not intend to change our code unless we hear from the Internet
  Society that we are somehow infringing on their license, which seems
  to me highly improbable.

  You are, of course, free to under our current license to make the
  changes you propose.

This means that Debian (and any derivative who wants to be DFSG-free)
should carry the modification.

Thx, bye,
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20120615/040b18e2/attachment-0001.pgp>

More information about the pkg-bacula-devel mailing list