Red Hat Bugzilla – Bug 468604
Review Request: echolinux - Linux echolink client
Last modified: 2009-03-23 02:40:08 EDT
Spec URL: http://lucilanga.fedorapeople.org/echolinux.spec
SRPM URL: http://lucilanga.fedorapeople.org/echolinux-0.17a-1.fc10.src.rpm
Description: EchoLinux is a "command line" driven engine that performs all of the actions necessary to initiate sessions, accept connections and maintain connections with other echoLink users. It also handles the compression/decompression of the audio stream.
This builds fine for me and rpmlint is silent. I cannot find any information about the GPL version in use; where did you see anything stating a GPL version?
While verifiying the licensing issue, I found echolinux/gsm.h, which says:
* Copyright 1992 by Jutta Degener and Carsten Bormann, Technische
* Universitaet Berlin. See the accompanying file "COPYRIGHT" for
* details. THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.
However, there is no accompanying COPYRIGHT file anywhere in the tarball. I think that without that, we have no rights to use or distribute this software. Also, do you know what libgsm.a is? It looks to me as if it is simply linked into the final application.
The above copyright issue and the libgsm.a thing make me seriously doubt that this software is acceptable for Fedora.
The name of the license is gpl.txt (included in the package).
The rest of the files (not all of them) have the following header:
This is an alpha release of echlinux.
Copyright 2002 Jeff Pierce wd4nmq.
This software is covered by the included GNU Public License, GPL.
(In reply to comment #1)
> However, there is no accompanying COPYRIGHT file anywhere in the tarball. I
> think that without that, we have no rights to use or distribute this software.
> The above copyright issue and the libgsm.a thing make me seriously doubt that
> this software is acceptable for Fedora.
gsm.h comes from package gsm (hence the header). I could probably modify the include.
> Also, do you know what libgsm.a is? It looks to me as if it is simply linked
> into the final application.
Some idiotic way of linking against a certain version of libgsm.
See my Patch2.
I know that other files have that header, but the file in question does not. Without the accompanying COPYRIGHT file its not possible to determine what the license on that particular header is, and we have no redistribution rights at all.
Now, given context we can tell that it comes from the gsm package, which is already in Fedora and carries an MIT license. However, I chatted with the legal expert and the bottom line is that unless we can go back in time and find something with that exact version of the header that has the COPYRIGHT file intact, we have no way to prove that the license didn't change at some point and hence the gsm.h and libgsm.a files need to be treated as prohibited source and actually removed from the tarball that gets packed into the srpm. See http://fedoraproject.org/wiki/Packaging/SourceURL#When_Upstream_uses_Prohibited_Code for more details.
gsm.h from this package contains the RCS tag
/*$Header: /home/kbs/jutta/src/gsm/gsm-1.0/inc/RCS/gsm.h,v 1.4 1993/01/29 20:07:38 jutta Exp $*/
here's a snippet from ChangeLog from that period:
Tue Jan 25 22:53:40 1994 Jutta Degener (jutta at kugelbus)
* Release 1.0 Patchlevel 3
changed rpe.c's STEP macro to work with 16-bit integers,
thanks to Dr Alex Lee (firstname.lastname@example.org);
removed non-fatal bugs from add-test.dta, private.h
and toast_audio.c, thanks to P. Emanuelsson.
Fri Jan 29 19:02:12 1993 Jutta Degener (jutta at kraftbus)
* Release 1.0 Patchlevel 2
fixed L_add(0,-1) in src/add.c and inc/private.h,
thanks to Raphael Trommer at AT&T Bell Laboratories;
various other ANSI C compatibility details
Fri Oct 30 17:58:54 1992 Jutta Degener (jutta at kraftbus)
* Release 1.0 Patchlevel 1
Switched uid/gid in toast's [f]chown calls.
Wed Oct 28 14:12:35 1992 Carsten Bormann (cabo at kubus)
* Release 1.0: released
Copyright 1992 by Jutta Degener and Carsten Bormann, Technische
Universitaet Berlin. See the accompanying file "COPYRIGHT" for
details. THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.
Here's the content of COPYING:
Copyright 1992, 1993, 1994 by Jutta Degener and Carsten Bormann,
Technische Universitaet Berlin
Any use of this software is permitted provided that this notice is not
removed and that neither the authors nor the Technische Universitaet Berlin
are deemed to have made any representations as to the suitability of this
software for any purpose nor are held responsible for any defects of
this software. THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.
As a matter of courtesy, the authors request to be informed about uses
this software has found, about bugs in this software, and about any
improvements that may be of general interest.
Blocking FE-Legal, then. Dropping the files was discussed as the best way to handle this, but if you really want to have it passed before the lawyers then I guess we can wait for that.
Either find the gsm source tree that contains both the COPYRIGHT file and that version of the header or replace it with a header that we know the licensing for (either via the COPYRIGHT file in the gsm package or in the file itself).
Until one of those occurs, I'm leaving FE-Legal in place.
Removed gsm.h and libgsm.a from the tarball.
The "generate-tarball.sh" script seems to be made for some other package.
using this generic name I accidentally mix-up files.
With the files removed, there is no longer a need for FE-Legal. Lifting it.
I cannot find anywhere in the source where the version of the GPL in use is mentioned, which means (according to the gpl.txt file) any version can be used. This implies that the license should be "GPL+". Do you see some place in the source where "GPLv2 (only)" is mentioned?
I'm seeing testgui_cb.c, testgui.c, servercode.c and threadFuncs.c compiled with the wrong compiler flags. Not coincidentally, these files are missing from the debuginfo package.
echolinux.src: W: strange-permission generate-echolinux-tarball.sh 0755
rpmlint doesn't like to see executable files in an srpm, but I don't really understand why. I don't think it's a problem.
* source files match upstream (compared manually).
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field does not match the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
X compiler flags are not correct.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
X debuginfo package is incomplete.
* rpmlint has acceptable complaints.
* final provides and requires are sane:
config(echolinux) = 0.17a-3.fc11
echolinux = 0.17a-3.fc11
echolinux(x86-64) = 0.17a-3.fc11
config(echolinux) = 0.17a-3.fc11
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* no headers.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
* desktop files valid and installed properly.
(In reply to comment #11)
> This implies that the license should be "GPL+". Do you see some place in the
> source where "GPLv2 (only)" is mentioned?
License updated to GPL+
> I'm seeing testgui_cb.c, testgui.c, servercode.c and threadFuncs.c compiled
> with the wrong compiler flags. Not coincidentally, these files are missing
> from the debuginfo package.
Yes, this looks fine now.
Thank you for the review.
New Package CVS Request
Package Name: echolinux
Short Description: Linux echolink client
Branches: F-9 F-10 EL-5