Re: valgrind devel headers license tag (bzip2-1.0.6?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Richard,

On Fri, 2023-11-17 at 13:52 -0500, Richard Fontana wrote:
> This seems indeed to match bzip2-1.06 -- Jilayne, I assume the full
> text of what is wrapped in the <copyrightText> tag could be ignored
> for purposes of matching? i.e.
> https://github.com/spdx/license-list-XML/blob/main/src/bzip2-1.0.6.xml#L10-L13
> 
> The SPDX Matching Guidelines say: "To avoid a license mismatch merely
> because the copyright notice (usually found above the actual license
> or exception text) is different. The copyright notice is important
> information to be recorded elsewhere in the SPDX document, but for the
> purposes of matching a license to the SPDX License List, it should be
> ignored because it is not part of the substantive license text."
> 
> but this does not define what a "copyright notice" is.  If we don't
> hear from Jilayne, I'd go ahead with assuming that this is a perfect
> match. :)

OK, but can we use a more appropriate tag. bzip2-1.0.6 seems a little
odd (it is a version of bzip2 with a CVE[*] from a couple of years
back). Maybe just call it 'bzip2' or 'Hybrid-BSD' as Fedora used to
call it (although it seems to still use the plain 'BSD' tag for it)
since it seems to be a generic license used by different projects:
https://fedoraproject.org/wiki/Licensing:BSD#Hybrid_BSD_(half_BSD,_half_zlib)

Thanks,

Mark

[*] NVD assigned it a 9.8 Critcal score (!), but it really isn't a
security issue (and even if it was a bug, it really didn't have any
impact), still hope people have updated their bzip2 though:
https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/
--
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux