Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: unrar - RAR archive extractor https://bugzilla.redhat.com/show_bug.cgi?id=319831 kevin@xxxxxxxxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kevin@xxxxxxxxxxxxxxxx ------- Additional Comments From kevin@xxxxxxxxxxxxxxxx 2007-10-09 01:14 EST ------- Uh, looking at the code in the SRPM, this appears to be the same code used in clamav. The legal status of that code is not clear to me. (In fact, I considered bringing this up with respect to clamav, but seeing the same code used in another package makes this all the more urgent.) The file headers say: "This code is based on the work of Alexander L. Roshal". But then isn't it a derived work of the original unrar sources? If it is, it's illegal to distribute this under the GPL as they're doing because the original unrar license is non-Free and not GPL-compatible. This (libclamav unrar) code also has a history of sharing the security vulnerabilities of the non-Free unrar, which also sounds unlikely for a truely independent implementation. See for example http://www.securityfocus.com/archive/1/473373/100/0/threaded . -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review