From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1keZWV-0001bL-4X for ptxdist@pengutronix.de; Mon, 16 Nov 2020 09:06:03 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.thorsis.com (Postfix) with ESMTP id E81314AA2 for ; Mon, 16 Nov 2020 09:06:01 +0100 (CET) Received: from mail.thorsis.com ([127.0.0.1]) by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qjm_4gWX2ue for ; Mon, 16 Nov 2020 09:06:01 +0100 (CET) Received: from adahl by ada.ifak-system.com with local (Exim 4.92) (envelope-from ) id 1keZWK-0006WX-HN for ptxdist@pengutronix.de; Mon, 16 Nov 2020 09:05:52 +0100 From: Alexander Dahl Date: Mon, 16 Nov 2020 09:05:48 +0100 Message-Id: <20201116080552.25031-2-ada@thorsis.com> In-Reply-To: <20201116080552.25031-1-ada@thorsis.com> References: <20201116080552.25031-1-ada@thorsis.com> Subject: [ptxdist] [PATCH v3 1/5] dropbear: Consider licenses of bundled libs List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Since 673655b40733 ("dropbear: clean up the rule file and add bugfix") it's explicitly stated, bundled libtomcrypt and libtommath are used in the ptxdist dropbear package. Before very likely also the bundled libs were used, because no separate packages exist in ptxdist. So the dropbear package should consider the licenses of the bundled libs. As of dropbear 2019.78, dropbear itself states in its 'LICENSE' file those libs are public domain, but in fact those libs are dual licensed public_domain and WTFPL, as their license files state. Adding hashes for the bundled libs will help detect future changes, as long as the dropbear package uses the bundled variant of that libs. Signed-off-by: Alexander Dahl --- rules/dropbear.make | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rules/dropbear.make b/rules/dropbear.make index d52efa396..acd9ef5f9 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -23,9 +23,12 @@ DROPBEAR_SUFFIX := tar.bz2 DROPBEAR_URL := http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX) DROPBEAR_SOURCE := $(SRCDIR)/$(DROPBEAR).$(DROPBEAR_SUFFIX) DROPBEAR_DIR := $(BUILDDIR)/$(DROPBEAR) -DROPBEAR_LICENSE := MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short +DROPBEAR_LICENSE := \ + MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short AND (public_domain OR WTFPL) DROPBEAR_LICENSE_FILES := \ file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01 \ + file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \ + file://libtommath/LICENSE;md5=f72771f4af5e8c382974750f9f8701ad \ file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1 # ---------------------------------------------------------------------------- -- 2.27.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de