[licence] specific licenses for backdoor-factory software
Ian Jackson
ijackson at chiark.greenend.org.uk
Wed May 31 13:08:51 UTC 2017
phil at reseau-libre.net writes ("[licence] specific licenses for backdoor-factory software"):
> I'm currently packaging "backdoor-factory" for the pkg-security team.
> The tool is already in kali.
> The upstream sources are hosted here:
> https://github.com/secretsquirrel/the-backdoor-factory
>
> The main tool is based on the following license file (LICENSE.txt) :
> -------------------8<-------------------
> Copyright (c) 2013-2016, Joshua Pitts
> All rights reserved.
>
> Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions
> are met:
This is a perfectly fine licence very like the 3-clause BSD.
However:
> The upstream sources also contain a subdir (not required for the tool
> but existing in the upstream git repository), containing the tool aPlib
> (a compression library).
> This tool is using the following license (looks like common license),
> file aPLib/readme.txt:
This is evidently a homegrown licence text written by someone without
the necessary legal knowledge.
Unfortunately:
> You may not edit or reverse engineer any of the files (except the
> header files and the decompression code, which you may edit as long
> as you do not remove the copyright notice).
This is clearly non-free. It forbids modification.
> - Is the main software legaly acceptable for Debian ?
The upstream part is fine. But:
> - Do i need to clean the upstream (deleting aPlib dir) making a dfsg
> package
Yes.
> or the upstream can be kept in the source package untouched if
> the aPlib is not installed in the bin packages ?
No. Debian's practice is to require the removal of non-free
components from source packages, even if they are supposedly not
touched by the build. This ensures that there is no accidental
dependency of the non-free parts.
Will the program build and work without aPlib ? Why would it ship
with its own compression library ?
In the medium to long term it might be worth asking upstream to either
drop their special compression library, or fix the licence (best done
by choosing an existing widely-used Free Software licence).
Regards,
Ian.
More information about the Pkg-security-team
mailing list