Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 695296 - net-proxy/obfs4proxy: potential GPL violation
Summary: net-proxy/obfs4proxy: potential GPL violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Marek Szuba (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 694792
  Show dependency tree
 
Reported: 2019-09-21 10:47 UTC by Michał Górny
Modified: 2020-07-18 11:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-21 10:47:03 UTC 
The listed packages seem to be bundling (vendoring) multiple dependencies, however the LICENSE variable does not seem to reflect that.  Please verify the licenses for all vendored dependencies, and include them in the LICENSE variable.  While at it, please be watchful for license conflicts.

See tracker bug for tips on how to do that.

===
Furthermore, utls is GPL.  I don't know how it's used but if it's linked into obfs4proxy, then obfs4proxy needs to be relicensed to GPL as well.
Comment 1 Larry the Git Cow gentoo-dev 2019-09-23 13:39:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b584589e52742e0b5d65c1e2d506a03d0ed2612

commit 6b584589e52742e0b5d65c1e2d506a03d0ed2612
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2019-09-23 12:55:23 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2019-09-23 13:39:35 +0000

    net-proxy/obfs4proxy: add licences of vendored packages to LICENSE
    
    Bug: https://bugs.gentoo.org/695296
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 net-proxy/obfs4proxy/obfs4proxy-0.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-23 14:00:00 UTC 
Do you need my help reporting that potential GPL violation upstream, or can you handle it?
Comment 3 Marek Szuba (RETIRED) archtester gentoo-dev 2019-09-23 14:19:50 UTC 
I think I'll manage for now, thanks. So far I have opened an issue in the upstream GitLab project (see the See Also link), will see how they react.
Comment 4 Larry the Git Cow gentoo-dev 2020-07-18 11:56:13 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f39d204778c8766a8788ef3e85aa60db4ed2b317

commit f39d204778c8766a8788ef3e85aa60db4ed2b317
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2020-07-18 11:36:59 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2020-07-18 11:55:54 +0000

    net-proxy/obfs4proxy: clarify the licence
    
    No official statement on this from upstream for almost 10 months now -
    but since out of the two possibilities (BSD-2 and GPL-3+) only one is
    actually legal, it is quite clear which one we should stand by.
    
    Closes: https://bugs.gentoo.org/695296
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 net-proxy/obfs4proxy/obfs4proxy-0.0.11-r1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)