https://bugzilla.redhat.com/show_bug.cgi?id=2264510 Petr Pisar <ppisar@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |182235 (FE-Legal) --- Comment #1 from Petr Pisar <ppisar@xxxxxxxxxx> --- URL and Source0 addresses are Ok. Source0 archive (SHA-512: 91e3798d01e20d4e455b33a822107ee9709eba326fef3d9ffe0cdc8d21f12a5e6840a41196027b653851bfebacbbcfd4e683c196f5f8bf9bcc21bc227f5fd6fa) is original. Ok. Summary verified from lib/Alt/Digest/MD5/OpenSSL.pm. Ok. Description verified from lib/Alt/Digest/MD5/OpenSSL.pm. Ok. Found licenses: lib/Digest/MD5.pm: (GPL-1.0-or-later OR Artistic-1.0-Perl) AND RSA-MD MD5.xs: (GPL-1.0-or-later OR Artistic-1.0-Perl) AND RSA-MD README: GPL-1.0-or-later OR Artistic-1.0-Perl rfc1321.txt: RSA-MD AND "mddriver.c proprietary license" FIX: rfc1321:868: mddriver.c license is missing the grant paragraph of RSA-MD license. I hope this is just an author's mistake. But as it is spelled now it makes it nonfree. Strip it from the source archive. FIX: RSA-MD is not an approved Fedora license. Either removed the affected files from the source archive, or work with Fedora legal to approve the license <https://docs.fedoraproject.org/en-US/legal/license-review-process/>. TODO: Report to an upstream that "This implementation is derived from the reference C code in RFC 1321" documentation in lib/Digest/MD5.pm is not true. It uses OpenSSL which is not based on the RFC 1321 implementation. I will continue with this review once the licensing issues are cleared. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=182235 [Bug 182235] Fedora Legal Tracker -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2264510 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202264510%23c1 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue