[Bug 569204] Review Request: rawtherapee - Raw image processing software

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=569204

Tom "spot" Callaway <tcallawa@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tcallawa@xxxxxxxxxx

--- Comment #9 from Tom "spot" Callaway <tcallawa@xxxxxxxxxx> 2010-03-08 16:54:51 EST ---
There look to be several licensing questions in here, please let me know if I
missed any:

1. There is not clear licensing on the included translations and themes. If
upstream cannot clarify the licensing of those files, they need to be removed.

2. Several files have unclear licensing:

rawtherapee-3.0/rtengine/iccjpeg.c: Copied 99% intact from lcms
(jpegicc/iccjpeg.c)
rawtherapee-3.0/rtengine/jdatasrc.c: Modified copy from libjpeg (
rawtherapee-3.0/rtengine/dcraw.c: Exact copy from dcraw (dcraw/dcraw.c)
rawtherapee-3.0/rtengine/iccjpeg.h: Copied 99% intact from lcms
(jpegicc/iccjpeg.h)

The files copied from lcms are MIT. (I'm not crazy about the file copying, but
this code chunk isn't in the lcms library.)
The file copied from dcraw is GPLv2+. There is no dcraw library, because
upstream thinks it is better for people to either copy the dcraw code into
their application or fork off dcraw processes. I can't wait for the first major
dcraw exploit to come out. :P
The file copied from libjpeg is IJG. The rawtherapee upstream went to some
trouble to fork this code and obfuscate the function names so it could link to
libjpeg without conflicting. I have no idea why, but I suspect this is a
security exploit waiting to happen. If I were the maintainer here, I'd try to
patch this to use the system libjpeg instead.

*****
Leaving FE-Legal in place until the translations/theme licensing is either
clarified or the files are clearly removed.

Nevertheless, from a strict licensing perspective, these files are all
acceptably licensed, if poorly marked. License tag on this package should be:

License: GPLv3 and MIT and IJG

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]