[Live-devel] License issues (was liblivemedia_2020.08.19-1_multi.changes REJECTED)
Sebastian Ramacher
sebastian+lists at ramacher.at
Sun Oct 18 07:32:40 PDT 2020
Hi Ross,
during a routine copyright and license review of the live555 package in
Debian, some issues have been discovered.
That ones that are easy to fix: Could you please add the (L)GPL headers to the following files?
* livemedia/include/liveMedia_version.hh
* groupsock/include/groupsock_version.hh
* UsageEnvironment/include/UsageEnvironment_version.hh
* BasicUsageEnvironment/include/BasicUsageEnvironment_version.hh
* mediaServer/version.hh
The followng files are not licensed under the (L)GPL:
* liveMedia/include/HMAC_SHA1.hh
* liveMedia/include/HMAC_hash.hh
* liveMedia/HMAC_SHA1.cpp
* liveMedia/SRTPCryptographicContext.cpp
Would it be possible to change the license to match the rest of the code
base? If not, it shouldn't be a problem on the Debian side to remove
these files since we build the packages with NO_OPENSSL.
The more problematic one is the code copied from RFC 3550. I'm not sure
what the best course of action is for liveMedia/rtcp_from_spec.*. In any
case, the discussion of why Debian considers RFC's prior to 2005
non-free can be found at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=92810
Below you can find the comments from the review.
Could you please have a look at these issues and help us with fixing them? Thank you!
Cheers
----- Forwarded message from Joerg Jaspert <ftpmaster at ftp-master.debian.org> -----
Date: Thu, 15 Oct 2020 21:00:09 +0000
From: Joerg Jaspert <ftpmaster at ftp-master.debian.org>
To: Sebastian Ramacher <sramacher at debian.org>, Debian Multimedia Maintainers <debian-multimedia at lists.debian.org>
Subject: liblivemedia_2020.08.19-1_multi.changes REJECTED
Message-Id: <E1kTAM5-0002v6-Ra at fasolo.debian.org>
Hi,
unfortunately we have to reject this package:
This package contains non-free code copied from RFC 3550.
RFC 3550 was written in 2003, prior to the modifications to the relicensing
of RFCs in 2005 to make the code written in RFC licensed under an open
source license. Debian confirmed this non-free interpretation in bug 92810.
Additionally, in this package, there are several files that have a
copyright header but no explicit license attached, other than "all
rights reserved". Two even state "this code may not be copied or used in
any form without permission from Live Networks, Inc."
Installed by liblivemedia-dev:
- usr/include/livemedia/HMAC_SHA1.hh ("this code may not...")
- usr/include/livemedia/HMAC_hash.hh ("this code may not...")
- usr/include/livemedia/liveMedia_version.hh (just version #defines)
- usr/include/groupsock/groupsock_version.hh (just version #defines)
- usr/include/UsageEnvironment/UsageEnvironment_version.hh (just version #defines)
- usr/include/BasicUsageEnvironment/BasicUsageEnvironment_version.hh (just version #defines)
orig.tar.gz (excludes files mentioned above):
- live/liveMedia/HMAC_SHA1.cpp ("this code may not...")
- live/liveMedia/SRTPCryptographicContext.cpp ("this code may not...")
- live/liveMedia/rtcp_from_spec.{c,h} is copied from RFC 3550 and draft-ietf-avt-rtp-new-11 which were written prior to 2005 and are thus non-free per bug 92810.
- live/mediaServer/version.hh (All rights reserved, but only version #defines)
--
bye Joerg
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
----- End forwarded message -----
--
Sebastian Ramacher
More information about the live-devel
mailing list