Latest upstream release: 3.0rc5 Current version/release in rawhide: 2.9.5-5.fc31 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
An unexpected error occurred while creating the scratch build and has been automatically reported. Sorry!
Latest upstream release: 3.0rc6 Current version/release in rawhide: 2.9.5-5.fc31 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
An HTTP error occurred downloading the package's new Source URLs: Getting https://github.com/drwetter/testssl.sh/archive/v3.0rc6-1.tar.gz#/testssl-3.0rc6-1.tar.gz to ./testssl-3.0rc6-1.tar.gz
Latest upstream release: 3.0 Current version/release in rawhide: 2.9.5-5.fc31 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
An HTTP error occurred downloading the package's new Source URLs: Getting https://github.com/drwetter/testssl.sh/archive/v3.0-1.tar.gz#/testssl-3.0-1.tar.gz to ./testssl-3.0-1.tar.gz
I'd like to offer my help to update testssl to 3.0 - a koji scratch-build can be found here: https://koji.fedoraproject.org/koji/taskinfo?taskID=43398408 It would be great if I would be accepted as co-maintainer.
Latest upstream release: 3.0.1 Current version/release in rawhide: 2.9.5-6.fc32 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
An HTTP error occurred downloading the package's new Source URLs: Getting https://github.com/drwetter/testssl.sh/archive/v3.0.1-1.tar.gz#/testssl-3.0.1-1.tar.gz to ./testssl-3.0.1-1.tar.gz
I'm working on the update to 3.0.1. One minor concern is a about licensing: Current License of testssl 2.9.5: GPLv2 In testssl 3.0.1, the LICENSE file [1] seems to be still the regular GPLv2. However, the included the Readme.md [2] adds an additional requirement: "This software is free. You can use it under the terms of GPLv2, see LICENSE. In addition starting from version 3.0rc1 if you're offering a scanner based on testssl.sh as a public and / or paid service in the internet you need to mention to your audience that you're using this program and where to get this program from." Is that of any concern? I'm setting this bug report to block FE-Legal in order to get clarification. Thank you very much in advance. [1] https://github.com/drwetter/testssl.sh/blob/3.0.1/LICENSE [2] https://github.com/drwetter/testssl.sh/blob/3.0.1/Readme.md
Well, this one was interesting for sure. Upon audit, it was noticed that the license was GPLv2 plus _two_ additional restrictions: 1) (from the header of testssl.sh) # If you enclose this script or parts of it in your software, it has to # be accompanied by the same license (see link) and the place where to get # the recent version of this program. Do not violate the license and if # you do not agree to all of these terms, do not use it in the first place. 2) (from Readme.md in 3.0.1) In addition starting from version 3.0rc1 if you're offering a scanner based on testssl.sh as a public and / or paid service in the internet you need to mention to your audience that you're using this program and where to get this program from. Now, since this audit was done, upstream has modified item #2 to be a request instead of a requirement, realizing that this condition was GPL incompatible: https://github.com/drwetter/testssl.sh/commit/88c04f534525685da43f6d301e0be2f1a030274c This change changes #2 from a restriction to an optional request, which Fedora has no issue with. So we're left with #1. This has two parts: "it has to be accompanied by the same license" This seems to be a restatement of the GPLv2 requirement (Section 1). "and the place where to get the recent version of this program." However, this is not. GPLv2 requires that "the complete corresponding machine-readable source code" be distributed and/or offered. It does not require that anyone be told where to get "recent versions". I've added a comment to the upstream issue around licensing to clarify our concerns here, hopefully we can get this resolved as well: https://github.com/drwetter/testssl.sh/issues/1590
Upstream has resolved the licensing issues and now the license is unambiguously just GPLv2. He's also given permission for the licensing changes to be applied to 3.0.1 if you do not wish to wait for 3.0.2. Lifting FE-Legal (but do apply the license fixes if you go with 3.0.1).
Latest upstream release: 3.0.2 Current version/release in rawhide: 2.9.5-6.fc32 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
An HTTP error occurred downloading the package's new Source URLs: Getting https://github.com/drwetter/testssl.sh/archive/v3.0.2-1.tar.gz#/testssl-3.0.2-1.tar.gz to ./testssl-3.0.2-1.tar.gz
Latest upstream release: 3.0.3 Current version/release in rawhide: 3.0.2-2.fc33 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
Created attachment 1731049 [details] [patch] Update to 3.0.3 (#1750167)
the-new-hotness/release-monitoring.org's scratch build of testssl-3.0.3-1.fc32.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=55902156
Latest upstream release: 3.0.4 Current version/release in rawhide: 3.0.2-2.fc33 URL: https://testssl.sh/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/21565/
Created attachment 1731591 [details] [patch] Update to 3.0.4 (#1750167)
the-new-hotness/release-monitoring.org's scratch build of testssl-3.0.4-1.fc32.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=55991931
Package updated to 3.0.4 in RAWHIDE. Updates for F33 and F32 will follow.
FEDORA-2020-41967bfcf4 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-41967bfcf4
FEDORA-2020-d6cd08cc15 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d6cd08cc15
FEDORA-2020-41967bfcf4 has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-41967bfcf4` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-41967bfcf4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-d6cd08cc15 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d6cd08cc15` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d6cd08cc15 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-41967bfcf4 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-d6cd08cc15 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.