Bug 892111 - zeromq is non-free (licensed under AFPL) file included
Summary: zeromq is non-free (licensed under AFPL) file included
Alias: None
Product: Fedora
Classification: Fedora
Component: zeromq (Show other bugs)
(Show other bugs)
Version: 17
Hardware: Unspecified Unspecified
Target Milestone: ---
Assignee: Thomas Spura
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
Reported: 2013-01-05 09:00 UTC by mejiko
Modified: 2013-02-01 13:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-01-23 16:09:21 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description mejiko 2013-01-05 09:00:54 UTC

zeromq included non-free files

Source RPM is "zeromq-2.1.11-1.fc17.src.rpm"

Files and Licenses:



License: AFPL and BSD

But BSD license apply is "project specific". (see "zeromq-2.1.11/foreign/xmlParser/*" datails.)

Its non-free.


1. Remove non-free file and rebuild.
2. replace to fedora-free code. (e.g libxml)
3. Remove to fedora repos.




Comment 1 mejiko 2013-01-05 09:01:37 UTC
Blocking FE-Legal, This is license problem.

Comment 2 Thomas Spura 2013-01-05 14:43:11 UTC
Thanks for the bug report.

I can't find any reference, where this xmlparser is actually in use in the build log, e.g.:

Furthermore, these files are redistributed along zeromq ('redistributed' means bundled in the tar ball and provided for downloading on fedora infrastructure in this case.). As I see it, this is allowed as zeromq is allowed to use it under the terms of BSD, so I don't need to remove it from the tar ball before uploading it, isn't it?

I'd suggest removing them in %prep and then not using them (as we already do now AFAIK).

I wait for a final decision by FE-Legal before either:
* removing them in %prep and still ship it in the uploaded tar ball.
* removing them before uploading and request rel-eng to remove all tar balls, which contain those files from fedora infrastructure.

Comment 3 Tom "spot" Callaway 2013-01-07 18:34:02 UTC
I agree with Thomas. If these files are unused, they can be removed in %prep, we do not need to make a new tarball. Additionally, RH Legal confirms that we can safely treat these files as being under BSD.

Comment 4 Fedora Update System 2013-01-14 08:54:56 UTC
zeromq-2.2.0-4.fc17 has been submitted as an update for Fedora 17.

Comment 5 Fedora Update System 2013-01-14 08:55:08 UTC
zeromq-2.2.0-4.el6 has been submitted as an update for Fedora EPEL 6.

Comment 6 Fedora Update System 2013-01-14 08:55:19 UTC
zeromq-2.2.0-4.fc18 has been submitted as an update for Fedora 18.

Comment 7 Fedora Update System 2013-01-14 09:06:10 UTC
zeromq-2.2.0-4.el5 has been submitted as an update for Fedora EPEL 5.

Comment 8 Fedora Update System 2013-01-14 09:06:20 UTC
zeromq-2.2.0-4.fc16 has been submitted as an update for Fedora 16.

Comment 9 Thomas Spura 2013-01-14 09:59:00 UTC
zeromq3 is not affected by this as it does not ship "foreign/xmlParser/".

Comment 10 Fedora Update System 2013-01-15 02:21:14 UTC
Package zeromq-2.2.0-4.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing zeromq-2.2.0-4.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 11 Fedora Update System 2013-01-23 16:09:25 UTC
zeromq-2.2.0-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2013-01-23 16:28:25 UTC
zeromq-2.2.0-4.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2013-02-01 13:18:53 UTC
zeromq-2.2.0-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.