[Pkg-citadel-devel] Bug#518500: GPLv2/GPLv3 mix makes source undistributable
Mike O'Connor
stew at debian.org
Fri Mar 6 16:44:36 UTC 2009
Package: webcit
Version: 7.37-dfsg-6
Severity: serious
Justification: 12.5
I was asked to review this source package in NEW, and found problems
with this package which caused me to reject the package. It appears
that some of the problems with this source also exist in the packages in
stable, testing, and unstable.
./po/da.po, README.txt say:
This program is released under the terms of the GNU General Public License v3
however debian/copyright is not referring to
/usr/share/common-licenses/GPL-3. None of the lcense texts in
debian/copyright refer to GPL v3. he references to the gpl in
debian/copyright refer to version 2 or later.
--
./static/BubbleTooltips.js says:
* version is distributed as part of the Citadel system
* under the terms of the GNU General Public License v2.
This is a problem in that GPLv3 is not compatible with GPLv2. If
this is GPLv2 and we have code which is GPLv3 or GPLv3+, this is not
redistributable.
Also, this file being GPLv2 only is not mentioned in debian/copyright
--
./static/dragdrop.js says:
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi at oriontransfer.co.nz)
but Sammi Williams is not mentioned in debian/copyright
--
./static/datepicker-dev.js says:
* (c) 2007 Mathieu Jondet <mathieu at eulerian.com>
* DatePicker is freely distributable under the same terms as Prototype.
Mathieu Jondet is not mentioned in debian/copyright
--
./static/slider.js says:
// Copyright (c) 2005-2007 Marty Haught, Thomas Fuchs
but Marty Haught is not mentioned in debian/copyright
--
./static/controls.js says:
// (c) 2005-2007 Ivan Krstic (http://blogs.law.harvard.edu/ivan)
// (c) 2005-2007 Jon Tirsen (http://www.tirsen.com)
neither of these copyright holders is mentioned in debian/copyright.
------
More minor things:
./static/scriptaculous.js says:
// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
so the copyright notice in debian/copyright should expand the years covered for Thomas Fuchs.
---
upstream should be notified of the mistakes in many of the po files:
"# This file is distributed under the same license as the PACKAGE package."
They probably mean "Citadel package" or "webcit package", or something similar.
bye,
stew
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-citadel-devel/attachments/20090306/c6350031/attachment.pgp
More information about the Pkg-citadel-devel
mailing list