[Bug 467237] Review Request: globus-gssapi-gsi - Globus Toolkit - GSSAPI library

bugzilla at redhat.com bugzilla at redhat.com
Mon May 11 07:57:31 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=467237





--- Comment #8 from Mattias Ellert <mattias.ellert at fysast.uu.se>  2009-05-11 03:57:29 EDT ---
(In reply to comment #7)
> Here is my review for this one:
> 
> ? This is possibly an inconsistency: globus-gsi-credential package has
>    BuildRequires: globus-gsi-cert-utils-devel >= 1
> whereas this package has
>    BuildRequires: globus-gsi-cert-utils-devel >= 5
> Is this intentional?
>    $ rpm -q globus-gsi-cert-utils
>    globus-gsi-cert-utils-5.5-1.fc10.x86_64

This is not inconsistent. This package uses features that were introduce in
version 5 of globus-gsi-cert-utils, while globus-gsi-credential only uses
features that have been in the library since version 1.

The GPT source package description for globus-gsi-credential says:

        <Source_Dependencies Type="compile">
            <Dependency Name="globus_gsi_cert_utils">
                <Version>
                    <Simple_Version Major="1"/>
                </Version>
            </Dependency>
        </Source_Dependencies>

While for this package it says:

        <Source_Dependencies Type="compile">
            <Dependency Name="globus_gsi_cert_utils">
                <Version>
                    <Simple_Version Major="5"/>
                </Version>
            </Dependency>
        </Source_Dependencies>

The rpm build requires reflect this.

> - rpmlint
>    globus-gssapi-gsi-devel.x86_64: W: no-documentation
> can be ignored.
> 
> - koji rawhide build is fine:
>    http://koji.fedoraproject.org/koji/taskinfo?taskID=1346454
> 
> ? library/ssl_locl.h contains a copy of BSD with advertising. Does that make
> this package "ASL 2.0 and BSD" ?  

As far as I can tell - no. The file is not installed as part of the binary
package, so its license does not influence the license of the package directly.
So the question is whether the license of this file influences the license of
the package indirectly from being part of the compilation of the library.

The file as included in the source tarball has three license statements:

1. Apache 2.0
2. BSD with advertising
3. OpenSSL

So when compiling this (Apache 2.0 or BSD with advertising or OpenSSL) with all
the other files which are Apache 2.0 the resulting binary is Apache 2.0.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list