Bug#992087: libfonts-java: contains a file with a non-free "disparaging to Sun" license
Pierre Gruet
pgt at debian.org
Wed Aug 11 21:27:27 BST 2021
Hi Tony,
Thanks for looking at this!
Le 11/08/2021 à 20:40, tony mancill a écrit :
> On Wed, Aug 11, 2021 at 02:25:45PM +0200, Pierre Gruet wrote:
>> Source: libfonts-java
>> Version: 1.1.6.dfsg-3
>> Severity: serious
>> Tags: bullseye sid stretch buster
>> Justification: Policy 2.2.1
>>
>> Dear Maintainer,
>>
>> The file patches/itext-1.5.2.patch incorporates a non-free license, stating
>>
>> Sun Microsystems grants you ("Licensee") a non-exclusive, royalty free, license
>> to use, modify and redistribute this software in source and binary code form,
>> provided that i) this copyright notice and license appear on all copies of the
>> software; and ii) Licensee does not utilize the software in a manner which is
>> disparaging to Sun Microsystems.
>>
>> This breaks at least DFSG-6, due to the "disparaging to Sun Microsystems"
>> clause.
>
> Hi Pierre,
>
> A couple of comments:
>
> 1) In that patch file, I see:
>
>> Some classes in iText are based on code samples provided by SUN.
>> A copyright notice is always included in the source code of the specific class.
>> The license is either SUN's samples license (1), or the license marked with (2)
>> ...
>
> The non-DFSG phrase referring to "disparaging" is from SUN's samples
> license (1). License (2) (again, merely quoting that sun.txt file)
> includes the problematic clause:
>
>> You acknowledge that Software is not designed,licensed or intended for use in
>> the design, construction, operation or maintenance of any nuclear facility.
>
> However, when I search the patch, the Java source files included don't
> refer to either of those licenses explicitly. The only file that does
> include a copyright and license statement is DFSG-free, but I'm not sure
> about the other files.
I must say I submitted a batch of 6 bugs with this "disparaging to Sun"
clause and did not go that much into details for each package. Arguably
neither of those licenses is suitable for us... yet I just attempted a
build of libfonts-java while repacking to remove the patches/ directory,
and it succeeded. Of course this is not enough, but I think it might be
worth looking at it more carefully to check this directory can be safely
removed.
In any case, we will have to rely on a point release of Bullseye to fix
this in stable, so I guess we have a bit of time.
>
> 2) I'm wondering what such a clause would mean anyway now that "Sun
> Microsystems" is defunct since 2010. How would a licensee disparage a
> non-existent entity?
>
> My second question is more just wondering what happens... I guess we
> will have to figure out the files that are (presumably) licensed under
> the problematic licenses.
I also don't know, but who knows who holds the assets now?
Presumably the risk is low, but still...
I share your concerns.
>
> Cheers,
> tony
>
Best regards,
--
Pierre
More information about the pkg-java-maintainers
mailing list