Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 695296

Summary: net-proxy/obfs4proxy: potential GPL violation
Product: Gentoo Linux Reporter: Michał Górny <mgorny>
Component: Current packagesAssignee: Marek Szuba (RETIRED) <marecki>
Status: RESOLVED FIXED    
Severity: normal CC: blueness
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://gitlab.com/yawning/obfs4/issues/5
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 694792    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-21 10:47:03 UTC 
The listed packages seem to be bundling (vendoring) multiple dependencies, however the LICENSE variable does not seem to reflect that.  Please verify the licenses for all vendored dependencies, and include them in the LICENSE variable.  While at it, please be watchful for license conflicts.

See tracker bug for tips on how to do that.

===
Furthermore, utls is GPL.  I don't know how it's used but if it's linked into obfs4proxy, then obfs4proxy needs to be relicensed to GPL as well.
Comment 1 Larry the Git Cow gentoo-dev 2019-09-23 13:39:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b584589e52742e0b5d65c1e2d506a03d0ed2612

commit 6b584589e52742e0b5d65c1e2d506a03d0ed2612
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2019-09-23 12:55:23 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2019-09-23 13:39:35 +0000

    net-proxy/obfs4proxy: add licences of vendored packages to LICENSE
    
    Bug: https://bugs.gentoo.org/695296
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 net-proxy/obfs4proxy/obfs4proxy-0.0.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-23 14:00:00 UTC 
Do you need my help reporting that potential GPL violation upstream, or can you handle it?
Comment 3 Marek Szuba (RETIRED) archtester gentoo-dev 2019-09-23 14:19:50 UTC 
I think I'll manage for now, thanks. So far I have opened an issue in the upstream GitLab project (see the See Also link), will see how they react.
Comment 4 Larry the Git Cow gentoo-dev 2020-07-18 11:56:13 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f39d204778c8766a8788ef3e85aa60db4ed2b317

commit f39d204778c8766a8788ef3e85aa60db4ed2b317
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2020-07-18 11:36:59 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2020-07-18 11:55:54 +0000

    net-proxy/obfs4proxy: clarify the licence
    
    No official statement on this from upstream for almost 10 months now -
    but since out of the two possibilities (BSD-2 and GPL-3+) only one is
    actually legal, it is quite clear which one we should stand by.
    
    Closes: https://bugs.gentoo.org/695296
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 net-proxy/obfs4proxy/obfs4proxy-0.0.11-r1.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)