Bug 453703

Your srpm doe not build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=691542

Note:
You can try to rebuild your package beforehand on koji by
$ koji build --scratch <target> <srpm_you_want_to_try>
where <target> can be either dist-f10, dist-f9-updates-candidate or
dist-f8-updates-candidate.
If the build ends successfully, the rebuilt binary rpms and some logs are put under
http://koji.fedoraproject.org/scratch/<your_FAS_name>/task_<task_id>/ .

I only just tried to rebuild this package, and it may be that I have no time to
review this
package.

The updated srpm below does build in dist-f9-updates-candidate on koji

Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-8.0.7-2.fc9.src.rpm

Still failing on dist-f10:
http://koji.fedoraproject.org/koji/taskinfo?taskID=692663

(In reply to comment #3)
> Still failing on dist-f10:
> http://koji.fedoraproject.org/koji/taskinfo?taskID=692663

Yes, because lam library location have just been moved around in rawhide. The
below will build on dist-f10;
Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-8.0.7-3.fc9.src.rpm

Just in case you find it useful, a koji scrath build of
trilinos-8.0.7-3.fc9.src.rpm on dist-f10 is at
http://koji.fedoraproject.org/koji/taskinfo?taskID=692807 .

Well, would you check the license issue first?

Actually the trilinos-8.0.7.tar.gz contains 7205 files and while I am trying
hard to check the license of this package but it needs verification by other person.
As far as I checked this package, some files has different licenses than LGPLv2+:
-------------------------------------------------------------------------------
packages/amesos/src/UFsparse/CCOLAMD/	LGPLv2
packages/amesos/src/UFsparse/CHOLMOD/	LGPLv2
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_matrixops.h	GPLv2
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_modify.h		GPLv2
packages/amesos/src/UFsparse/COLAMD/colamd_global.c	LGPLv2
packages/amesos/src/UFsparse/PARAKLETE/	LGPLv2
packages/aztecoo/src/az_matvec_mult.c	GPLv2+
packages/ml/				GPLv2+
packages/trilinoscouplings/examples/ml/NonlinML/ml_nox_1Delasticity_example.cpp
GPLv2+
packages/trilinoscouplings/src/ml/	GPLv2+
---------------------------------------------------------------------------------

At first I checked the header inclusion/linkage issue of GPLv2 part, then as far
as I checked it the following files are affected by GPLv2 license "pollution":
---------------------------------------------------------------------------------
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_matrixops.h
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_modify.h
->
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod.h
->
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_internal.h
packages/amesos/src/UFsparse/PARAKLETE/paraklete.h
->
packages/amesos/src/UFsparse/CHOLMOD/Cholesky/
packages/amesos/src/UFsparse/CHOLMOD/Core/
packages/amesos/src/UFsparse/PARAKLETE/
->
libamesos.a
->
libamesos.so
libifpack.so
libml.so
libnox.so
libnoxepetra.so
PyTrilinos/_Amesos.so
PyTrilinos/_IFPACK.so
PyTrilinos/_ML.so
NOX/___init__.so
NOX/_Abstract.so
NOX/_Solver.so
NOX/_StatusTest.so
NOX/Epetra/___init__.so
NOX/Epetra/_Interface.so
---------------------------------------------------------------------------------------

I have not checked GPLv2+, LGPLv2 license pollution yet.

(In reply to comment #6)
> Well, would you check the license issue first?
> 
> Actually the trilinos-8.0.7.tar.gz contains 7205 files and while I am trying
> hard to check the license of this package but it needs verification by other
person.
> As far as I checked this package, some files has different licenses than LGPLv2+:
> 
...
---------------------------------------------------------------------------------
> 
> At first I checked the header inclusion/linkage issue of GPLv2 part, then as far
> as I checked it the following files are affected by GPLv2 license "pollution":
> 

What exactly do you mean by license "polution" ?

When you link GPLv2+ code with GPLv2 code, the result is GPLv2.  Thus you have
to carefully check the extent that the limitation to v2 only extends throughout
all of the object files and executables.  Mamoru is not using the word
"pollution" with a negative connotation.

As explained by Jason:
If a source code includes a file licensed by GPL, the code including the file
should also be under GPL. Also if a binary links to a library licensed under
GPL, the binary should be under GPL.
So we have to check how the codes in the tarball licensed under GPL (v2 or v2+
must be distinguished here) affects other codes or the rebuilt binaries.
My comment 6 says, for example, that the fact some codes are under GPLv2 makes
the licenses of some binaries  GPLv2.

Created attachment 311284 [details]
LIcense check list

Created attachment 311285 [details]
Check list how licenses extend between source codes

Created attachment 311287 [details]
Licensing conclusion check list

The licenses of the files included in rebuild binary rpms.
Would you check this list?

Actually I've been in touch with package's upstream concerning the license
issue, and they promised to fix it and to release an update with the fix soon-ish.
Sorry I didn't state this earlier and spare you from the license checks.

Any update from upstream?

(In reply to comment #14)
> Any update from upstream?

They are working on it. A couple of the affected source codes have already been properly 're-licensed' to LGPLv2+ .

Marking this as not being ready for review; please clear the status whiteboard when the situation changes.

Upstream has put out a new release with a substantial fixes to the license 'pollution' issue. There are now no more source codes with GPL licence (to the best of my knowledge). However a small portion of it still caries LGPL only, so I've resorted to using LGPLv2 in the specfile license tag. Upstream has indicated their interest to resolve all the remaining license issues, and when that happens we may update the license tag to LGPLv2+ .
I hope the review can continue now, Thanks.

Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-9.0.0-1.fc10.src.rpm

Note: The packaging have undergone some changes since it was first introduced, mainly that it now builds with MPI support, and enables all the subpackages available in the trilinos suite.

Would you try koji scratch build again? (see my comment 1)
The build fails on dist-f10, both on i386 and x86_64.
http://koji.fedoraproject.org/koji/taskinfo?taskID=876308

It was missing a BR on gcc-gfortran (used to be pulled in by lam-devel, but that has now been replaced by openmpi-devel).

Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-9.0.0-2.fc10.src.rpm

The scratch build below has completed successfully for i386 and x86_64;
http://koji.fedoraproject.org/koji/taskinfo?taskID=877310

Well, I may have overlooked the following issue before, however:

while I just glanced at the source codes quickly and I have not examined
this package yet, now I have some concern about this package so I want to
ask spot.

@ spot:
Would you check some codes I write below?
A. 
packages/anasazi/epetra/util/ModeLaplace/BlockPCGSolver.cpp or so
These files have the license terms like below:
------------------------------------------------------------
// The distribution of this software follows also the rules defined in Trilinos.
// This notice shall be marked on any reproduction of this software, in whole or
// in part.
//
// Under terms of Contract DE-AC04-94AL85000, there is a non-exclusive
// license for use of this work by or on behalf of the U.S. Government.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-------------------------------------------------------------
I am not a lawyer and know almost nothing about US law. Then
what does this "Contract DE-AC04-94AL85000" mean?

B. Perhaps more issue:
Trilinos_version.h
packages/fei/base/FEI_Implementation.cpp
and even more:

These files have the license terms like below:
/*--------------------------------------------------------------------*/
/*    Copyright 2005 Sandia Corporation.                              */
/*    Under the terms of Contract DE-AC04-94AL85000, there is a       */
/*    non-exclusive license for use of this work by or on behalf      */
/*    of the U.S. Government.  Export of this program may require     */
/*    a license from the United States Government.                    */
/*--------------------------------------------------------------------*/
Especially I am concerned about the sentence "Export of this program
may require a license from..". What does this mean?
By the way the upstream is http://trilinos.sandia.gov/.


@ deji:
I found that some files like:
packages/zoltan/src/postprocessing/ordering/order_eval.c 
(I could not find this file in 8.0.7 tarball) are licensed
under CeCILL-C. While this license does not conflict with LGPL,
this surely conflicts with GPL, so this may be against what
you want. Would you check how these codes are used?

I'm more concerned about B, since I also have no idea what Contract DE-AC04-94AL85000 means. We'd need upstream to clarify this for us.

So this was marked as being ready for review, but there's still a license concern.     I'm going to mark this again as not being ready.  It has also been two months since the last set of questions with no response from the submitter.  Are you still working out the license issues with upstream?

More than an entire year later, I'm going ahead and closing this.