Bug 1023717 - xl2tpd-1.3.3 is available
xl2tpd-1.3.3 is available
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: xl2tpd (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Paul Wouters
Fedora Extras Quality Assurance
: FutureFeature, Triaged
Depends On:
Blocks: FE-Legal
  Show dependency treegraph
 
Reported: 2013-10-27 06:03 EDT by Upstream Release Monitoring
Modified: 2014-01-22 17:18 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-22 17:18:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Upstream Release Monitoring 2013-10-27 06:03:21 EDT
Latest upstream release: 1.3.2rc4
Current version/release in Fedora Rawhide: 1.3.1-14.fc20
URL: https://github.com/xelerance/xl2tpd/tags

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 1 Upstream Release Monitoring 2013-11-16 05:52:26 EST
Latest upstream release: 1.3.2
Current version/release in Fedora Rawhide: 1.3.1-14.fc20
URL: https://github.com/xelerance/xl2tpd/tags

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 2 Upstream Release Monitoring 2014-01-04 06:09:05 EST
Latest upstream release: 1.3.3
Current version/release in Fedora Rawhide: 1.3.1-14.fc20
URL: https://github.com/xelerance/xl2tpd/tags

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 3 Paul Wouters 2014-01-04 15:52:46 EST
CC:ing fe-legal on this bug:


There is an interesting change in license of xl2tpd 1.3.3:

https://github.com/xelerance/xl2tpd/commit/f039398af5d97921ade559c0e6d5b11a818ddff5

+Special exception for linking xl2tpd with OpenSSL:
+
+  In addition, as a special exception, Xelerance Corporation gives
+  permission to link the code of this program with the OpenSSL
+  library (or with modified versions of OpenSSL that use the same
+  license as OpenSSL), and distribute linked combinations including
+  the two. You must obey the GNU General Public License in all
+  respects for all of the code used other than OpenSSL. If you modify
+  this file, you may extend this exception to your version of the
+  file, but you are not obligated to do so. If you do not wish to
+  do so, delete this exception statement from your version.

However, I worked at Xelerance, when we forked Mark Spencer's l2tpd code which is licensed under GPLv2+. There are also significant contributions made by other people under the GPL. I am not aware of authors having been contacted about this change of license. Neither I nor Tuomo Soini have been contacted.

This change was done when they merged in one of my FIPS patches from the fedora branch that removed native md5 code to use openssl's md5 code to ensure FIPS compliance. This might have caused a license problem by mixing GPL and the openssl license?

Should I change the code in fedora to use nss instead of openssl?

Am I correct in that we should not ship version 1.3.3 if we know this license change is dubious at best?
Comment 4 Tom "spot" Callaway 2014-01-22 17:18:54 EST
Eh, we don't use the openssl exception, so its not a Fedora blocker (we'd just no-op it away), because we consider openssl to be a system library.

You should definitely talk to the upstream about the inappropriateness of changing the license without clearing it through all the copyright holders (assuming you didn't assign your copyright in that work to them). The change they made is reasonably non-controversial (its the standard FSF openssl exception), but still.

Closing this as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.