Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=569204 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tcallawa@xxxxxxxxxx --- Comment #9 from Tom "spot" Callaway <tcallawa@xxxxxxxxxx> 2010-03-08 16:54:51 EST --- There look to be several licensing questions in here, please let me know if I missed any: 1. There is not clear licensing on the included translations and themes. If upstream cannot clarify the licensing of those files, they need to be removed. 2. Several files have unclear licensing: rawtherapee-3.0/rtengine/iccjpeg.c: Copied 99% intact from lcms (jpegicc/iccjpeg.c) rawtherapee-3.0/rtengine/jdatasrc.c: Modified copy from libjpeg ( rawtherapee-3.0/rtengine/dcraw.c: Exact copy from dcraw (dcraw/dcraw.c) rawtherapee-3.0/rtengine/iccjpeg.h: Copied 99% intact from lcms (jpegicc/iccjpeg.h) The files copied from lcms are MIT. (I'm not crazy about the file copying, but this code chunk isn't in the lcms library.) The file copied from dcraw is GPLv2+. There is no dcraw library, because upstream thinks it is better for people to either copy the dcraw code into their application or fork off dcraw processes. I can't wait for the first major dcraw exploit to come out. :P The file copied from libjpeg is IJG. The rawtherapee upstream went to some trouble to fork this code and obfuscate the function names so it could link to libjpeg without conflicting. I have no idea why, but I suspect this is a security exploit waiting to happen. If I were the maintainer here, I'd try to patch this to use the system libjpeg instead. ***** Leaving FE-Legal in place until the translations/theme licensing is either clarified or the files are clearly removed. Nevertheless, from a strict licensing perspective, these files are all acceptably licensed, if poorly marked. License tag on this package should be: License: GPLv3 and MIT and IJG -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review