[OE-core] gnutls/nettle/gmp licensing and versions
Jussi Kukkonen
jussi.kukkonen at intel.com
Thu Aug 13 12:42:45 UTC 2015
On 12 August 2015 at 17:14, Jussi Kukkonen <jussi.kukkonen at intel.com> wrote:
> Hi,
>
> I realise I'm a bit late (with the commit in master already) but I'm
> looking at upgrading this recipe and had some questions on this patch
> and the recipe in general.
>
> On 9 August 2015 at 08:28, Armin Kuster <akuster808 at gmail.com> wrote:
>> adding the license definitions on the few packages that
>> deviate from the overall package license.
>>
>> based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
>> and spot checking files.
>>
>> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
>> ---
>> meta/recipes-support/nettle/nettle_2.7.1.bb | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb
>> index f53afcc..f9d331f 100644
>> --- a/meta/recipes-support/nettle/nettle_2.7.1.bb
>> +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb
>> @@ -2,6 +2,15 @@ SUMMARY = "A low level cryptographic library"
>> HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
>> SECTION = "libs"
>> LICENSE = "LGPLv2.1 & GPLv2"
>
> I think this is wrong, whichever version you look at -- our current
> version is just "LGPLv2.1+", the current upstream release is "LGPLv3+
> | GPLv2+"
>
> I'm going to send a patch upgrading the recipe to the current upstream
> release (and setting license to "LGPLv3+ | GPLv2+"): it might seem
> like this makes gnutls effectively LGPLv3 but that actually happened
> last year with the gmp upgrade. Comments on this welcome.
Alexander just pointed out to me that there was a discussion on gnutls
and nettle already in July (which I missed in my
back-from-holiday-email-binge). It seems that the consensus was to
preserve LGPLv2 versions.
This is what the current situation looks to me -- please correct if I'm wrong:
* gmp is "GPLv2+ | LGPLv3+"
* nettle is "LGPLv2.1+" but depends on gmp
* gnutls "LGPLv2.1+" but depends on nettle
This effectively makes gnutls "GPLv2+ | LGPLv3+" as far as I can see.
If we want to preserve a LGPLv2 gnutls, we need to bring back an older
version of gmp (I think 4.2.1).
>> +LICENSE_${PN}-cast = "CC0"
>> +LICENSE_${PN}-gosthash = "MIT"
>> +
>> +# both public and GPL license listed
>> +LICENSE_${PN}-md2 = "CC0 & LGPLv2.1+"
>> +LICENSE_${PN}-md4 = "CC0 & LGPLv2.1+"
>
> From the reference I had the impression this "LICENSE_something"
> construct would imply there is a package "something". But the nettle
> recipe does not produce "nettle-cast" or any of these. What is the
> purpose here?
>
> Thanks,
> Jussi
>
>> +
>> +
>> LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \
>> file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \
>> file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d"
>> --
>> 2.3.5
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list