Bug 468604 - Review Request: echolinux - Linux echolink client
Review Request: echolinux - Linux echolink client
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-26 13:18 EDT by Lucian Langa
Modified: 2009-03-23 02:40 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-23 02:40:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Lucian Langa 2008-10-26 13:18:23 EDT
Spec URL: http://lucilanga.fedorapeople.org/echolinux.spec
SRPM URL: http://lucilanga.fedorapeople.org/echolinux-0.17a-1.fc10.src.rpm
Description: EchoLinux is a "command line" driven engine that performs all of the actions necessary to initiate sessions, accept connections and maintain connections with other echoLink users. It also handles the compression/decompression of the audio stream.
Comment 1 Jason Tibbitts 2008-11-20 16:33:03 EST
This builds fine for me and rpmlint is silent.  I cannot find any information about the GPL version in use; where did you see anything stating a GPL version?

While verifiying the licensing issue, I found echolinux/gsm.h, which says:

 * Copyright 1992 by Jutta Degener and Carsten Bormann, Technische
 * Universitaet Berlin.  See the accompanying file "COPYRIGHT" for
 * details.  THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.

However, there is no accompanying COPYRIGHT file anywhere in the tarball.  I think that without that, we have no rights to use or distribute this software.  Also, do you know what libgsm.a is?  It looks to me as if it is simply linked into the final application.

The above copyright issue and the libgsm.a thing make me seriously doubt that this software is acceptable for Fedora.
Comment 2 Lucian Langa 2008-11-21 08:42:07 EST
The name of the license is gpl.txt (included in the package).
The rest of the files (not all of them) have the following header:

/*****************************

This is an alpha release of echlinux.

Copyright 2002 Jeff Pierce wd4nmq.

This software is covered by the included GNU Public License, GPL.

$Log$

****************************/

(In reply to comment #1)
> However, there is no accompanying COPYRIGHT file anywhere in the tarball.  I
> think that without that, we have no rights to use or distribute this software. 

> 
> The above copyright issue and the libgsm.a thing make me seriously doubt that
> this software is acceptable for Fedora.
gsm.h comes from package gsm (hence the header). I could probably modify the include.

> Also, do you know what libgsm.a is?  It looks to me as if it is simply linked
> into the final application.
Some idiotic way of linking against a certain version of libgsm.
See my Patch2.
Comment 3 Jason Tibbitts 2008-11-21 13:08:08 EST
I know that other files have that header, but the file in question does not.  Without the accompanying COPYRIGHT file its not possible to determine what the license on that particular header is, and we have no redistribution rights at all.

Now, given context we can tell that it comes from the gsm package, which is already in Fedora and carries an MIT license.  However, I chatted with the legal expert and the bottom line is that unless we can go back in time and find something with that exact version of the header that has the COPYRIGHT file intact, we have no way to prove that the license didn't change at some point and hence the gsm.h and libgsm.a files need to be treated as prohibited source and actually removed from the tarball that gets packed into the srpm.  See http://fedoraproject.org/wiki/Packaging/SourceURL#When_Upstream_uses_Prohibited_Code for more details.
Comment 4 Lucian Langa 2008-11-21 13:28:34 EST
well,

gsm.h from this package contains the RCS tag

/*$Header: /home/kbs/jutta/src/gsm/gsm-1.0/inc/RCS/gsm.h,v 1.4 1993/01/29 20:07:38 jutta Exp $*/

here's a snippet from ChangeLog from that period:

Tue Jan 25 22:53:40 1994  Jutta Degener (jutta at kugelbus)

        * Release 1.0 Patchlevel 3
        changed rpe.c's STEP macro to work with 16-bit integers,
        thanks to Dr Alex Lee (alexlee@solomon.technet.sg);
        removed non-fatal bugs from add-test.dta, private.h
        and toast_audio.c, thanks to P. Emanuelsson.

Fri Jan 29 19:02:12 1993  Jutta Degener  (jutta at kraftbus)

        * Release 1.0 Patchlevel 2
        fixed L_add(0,-1) in src/add.c and inc/private.h,
        thanks to Raphael Trommer at AT&T Bell Laboratories;
        various other ANSI C compatibility details

Fri Oct 30 17:58:54 1992  Jutta Degener  (jutta at kraftbus)

        * Release 1.0 Patchlevel 1
        Switched uid/gid in toast's [f]chown calls.

Wed Oct 28 14:12:35 1992  Carsten Bormann  (cabo at kubus)

        * Release 1.0: released
        Copyright 1992 by Jutta Degener and Carsten Bormann, Technische
        Universitaet Berlin.  See the accompanying file "COPYRIGHT" for
        details.  THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.


Here's the content of COPYING:

Copyright 1992, 1993, 1994 by Jutta Degener and Carsten Bormann,
Technische Universitaet Berlin

Any use of this software is permitted provided that this notice is not
removed and that neither the authors nor the Technische Universitaet Berlin
are deemed to have made any representations as to the suitability of this
software for any purpose nor are held responsible for any defects of
this software.  THERE IS ABSOLUTELY NO WARRANTY FOR THIS SOFTWARE.

As a matter of courtesy, the authors request to be informed about uses
this software has found, about bugs in this software, and about any
improvements that may be of general interest.

Berlin, 28.11.1994
Jutta Degener
Carsten Bormann
Comment 5 Jason Tibbitts 2008-11-21 14:47:12 EST
Blocking FE-Legal, then.  Dropping the files was discussed as the best way to handle this, but if you really want to have it passed before the lawyers then I guess we can wait for that.
Comment 6 Tom "spot" Callaway 2008-12-01 11:32:46 EST
Either find the gsm source tree that contains both the COPYRIGHT file and that version of the header or replace it with a header that we know the licensing for (either via the COPYRIGHT file in the gsm package or in the file itself).

Until one of those occurs, I'm leaving FE-Legal in place.
Comment 7 Lucian Langa 2008-12-11 04:53:59 EST
Removed gsm.h and libgsm.a from the tarball.

new version:
http://lucilanga.fedorapeople.org/echolinux.spec
http://lucilanga.fedorapeople.org/echolinux-0.17a-2.fc10.src.rpm
Comment 8 Jason Tibbitts 2009-03-12 01:51:41 EDT
The "generate-tarball.sh" script seems to be made for some other package.
Comment 9 Lucian Langa 2009-03-12 02:41:42 EDT
using this generic name I accidentally mix-up files.

new version:

http://lucilanga.fedorapeople.org/echolinux.spec
http://lucilanga.fedorapeople.org/echolinux-0.17a-3.fc10.src.rpm
Comment 10 Tom "spot" Callaway 2009-03-12 11:28:10 EDT
With the files removed, there is no longer a need for FE-Legal. Lifting it.
Comment 11 Jason Tibbitts 2009-03-12 23:47:14 EDT
I cannot find anywhere in the source where the version of the GPL in use is mentioned, which means (according to the gpl.txt file) any version can be used.  This implies that the license should be "GPL+".  Do you see some place in the source where "GPLv2 (only)" is mentioned?

I'm seeing testgui_cb.c, testgui.c, servercode.c and threadFuncs.c compiled with the wrong compiler flags.  Not coincidentally, these files are missing from the debuginfo package.

rpmlint says:
  echolinux.src: W: strange-permission generate-echolinux-tarball.sh 0755
rpmlint doesn't like to see executable files in an srpm, but I don't really understand why.  I don't think it's a problem.

* source files match upstream (compared manually).
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field does not match the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
X compiler flags are not correct.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
X debuginfo package is incomplete.
* rpmlint has acceptable complaints.
* final provides and requires are sane:
   config(echolinux) = 0.17a-3.fc11
   echolinux = 0.17a-3.fc11
   echolinux(x86-64) = 0.17a-3.fc11
  =
   config(echolinux) = 0.17a-3.fc11
   libX11.so.6()(64bit)
   libXpm.so.4()(64bit)
   libforms.so.1()(64bit)
   libgsm.so.1()(64bit)

* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* no headers.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
* desktop files valid and installed properly.
Comment 12 Lucian Langa 2009-03-13 02:20:59 EDT
(In reply to comment #11)
>  This implies that the license should be "GPL+".  Do you see some place in the
> source where "GPLv2 (only)" is mentioned?
License updated to GPL+

> I'm seeing testgui_cb.c, testgui.c, servercode.c and threadFuncs.c compiled
> with the wrong compiler flags.  Not coincidentally, these files are missing
> from the debuginfo package.
Fixed.

http://lucilanga.fedorapeople.org/echolinux.spec
http://lucilanga.fedorapeople.org/echolinux-0.17a-4.fc10.src.rpm
Comment 13 Jason Tibbitts 2009-03-16 15:01:18 EDT
Yes, this looks fine now.

APPROVED
Comment 14 Lucian Langa 2009-03-17 01:44:40 EDT
Thank you for the review.

New Package CVS Request
=======================
Package Name: echolinux
Short Description: Linux echolink client
Owners: lucilanga
Branches: F-9 F-10 EL-5
InitialCC:
Comment 15 Kevin Fenzi 2009-03-17 23:38:09 EDT
cvs done.

Note You need to log in before you can comment on or make changes to this bug.