Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 268796

Summary: xfce4.eclass using packages with missing, and therefore, incorrect licenses
Product: Gentoo Linux Reporter: James Rowe <jnrowe>
Component: New packagesAssignee: XFCE Team <xfce>
Status: RESOLVED DUPLICATE    
Severity: trivial    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description James Rowe 2009-05-06 08:24:45 UTC 
Some of the xfce packages are licensed differently, whereas the eclass
sets GPL-2 and the only ebuild that changes is it is pyxfce.  After
spotting the incorrect gtk-engines-xfce license I poked at a few of the
other packages I had locally, I've not been through all ~70 of the xfce
eclass using packages.

  GPL-3:

    >=x11-themes/gtk-engines-xfce-2.4.3
    >=x11-themes/xfwm4-themes-4.6.0

  LGPL-2:

    xfce-base/libxfce4util
    xfce-base/libxfcegui4

  BSD:

    xfce-extra/xfce4-cpugraph

  BSD-2:

    xfce-extra/xfce4-systemload
    xfce-extra/xfce4-wavelan
    xfce-extra/xfce4-weather
    xfce-extra/xfce4-xkb
    net-print/xfprint

  Split licensed:

    xfce-base/libxfce4menu LGPL-2 FDL-1.1
    xfce-base/thunar LGPL-2 GPL-2
    xfce-base/xfce4-panel LGPL-2 GPL-2
    xfce-extra/exo LGPL-2 GPL-2

Cheers,

James


Reproducible: Always
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-05-11 17:30:16 UTC 
Thanks for spotting this. It is quite concerning.

angelos: Any historical reason for this? Or was it just oversight?
Comment 2 Christoph Mende (RETIRED) gentoo-dev 2009-05-11 21:23:30 UTC 
The license prolly was GPL2 at some point and nobody noticed the change. So no reason why it's set to GPL2 instead of the correct one
Comment 3 James Rowe 2009-05-12 04:28:31 UTC 
* Christoph Mende (angelos@gentoo.org) wrote:
> The license prolly was GPL2 at some point and nobody noticed the change. So no
> reason why it's set to GPL2 instead of the correct one

  I don't think that really make sense for the libraries, they appear to have 
always been LGPL.  The quick example being that libxfcegui4[1] and 
libxfce4mcs[2] last licensing change predate the eclass by a couple of years.
It also doesn't seem to be the case for the packages from goodies such as 
xfce4-cpu-graph[3] or xfce4-system-load[4] as the BSD-type licensing there
predates inclusion in the tree by years too.

  And now that I decided to take a look in to the source repository
I think the GPL-3 license I spotted is probably unintentional, as
they've not included it in the repository so autogen.sh will just
include whatever the automake they are using is packages with(likely v3
for any automake released in the past 18 months).

  Finding this I've stopped looking because I can't see how it could be
reconciled short of going through all the sources files to see what they
actually say, or the better solution of getting upstreams answers on the
packages that are just autoincluding COPYING at least.

  1. http://svn.xfce.org/index.cgi/xfce?view=revision&revision=1029
  2. http://svn.xfce.org/index.cgi/xfce?view=revision&revision=500
  3. http://svn.xfce.org/index.cgi/goodies/xfce4-cpugraph-plugin/trunk/COPYING?revision=91&view=markup
  4. http://svn.xfce.org/index.cgi/goodies/xfce4-systemload-plugin/trunk/COPYING?revision=447&view=markup
Comment 4 James Rowe 2009-05-12 04:37:00 UTC 
* James Rowe (jnrowe@gmail.com) wrote:
<stuff>

  Uh, now that I've read that through in my bugmail it may have sounded
quite accusatory.  It wasn't meant that way, I was just trying to
present the facts from the source repo.
Comment 5 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-05-20 01:58:13 UTC 
yea, this is gonna take some time =/ thx for bringing it to our attention.
Comment 6 Christoph Mende (RETIRED) gentoo-dev 2009-05-21 20:11:17 UTC 
fixed xfce-base
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2009-08-25 15:50:08 UTC 

*** This bug has been marked as a duplicate of bug 279837 ***