ssh: multiple license problems
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Debian) |
Fix Released
|
Unknown
|
|||
openssh (Ubuntu) |
Invalid
|
High
|
Colin Watson |
Bug Description
Automatically imported from Debian bug report #211644
http://
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : Re: Bug#211644: ssh: multiple license problems | #1 |
In Debian Bug tracker #211644, Jeff Bailey (jbailey-outpost) wrote : tagging 211644 | #2 |
tag 211644 + sid
tag 211644 + sarge
In Debian Bug tracker #211644, Sacrificial-spam-address (sacrificial-spam-address) wrote : If it helps, here's a copyright workaround | #3 |
It's so trivial it's hard to write a *really* different version,
but here's a tested, public-domain, implementation.
Note the slight interface change: the length is now a size_t, not
a u_int32_t. This doesn't break anything, and is the "right" type
for the size of a memory buffer.
Frankly, the original statement sure looks DFSG-free to me.
"You may use this program, or code or tables extracted from it, as
desired without restriction."
The only ambiguity is the definition of "use". Did the author mean
the narrow sense of "compile and run", or the broad sense of
"any use at all, including copying and distribution"?
Since the author clearly envisaged and permits derivative works ("code
or tables extracted from it"), it appears that the intention is the
broad sense.
(Note that ambiguity in contracts is resolved against the author of
the contract. This isn't a contract, due to the lack of consideration
on both sides, but the same principle seems to apply.)
But if somebody's going to get their panties in a bunch, "copyright
abandoned" should be clear enough.
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : Re: Bug#211644: If it helps, here's a copyright workaround | #4 |
On Tue, Sep 23, 2003 at 06:27:26PM -0400, <email address hidden> wrote:
> It's so trivial it's hard to write a *really* different version,
> but here's a tested, public-domain, implementation.
Did you see my followup to this bug?
--
Colin Watson [<email address hidden>]
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : | #5 |
On Tue, Sep 23, 2003 at 11:57:00PM +0100, Colin Watson wrote:
> On Tue, Sep 23, 2003 at 06:27:26PM -0400, <email address hidden> wrote:
> > It's so trivial it's hard to write a *really* different version,
> > but here's a tested, public-domain, implementation.
>
> Did you see my followup to this bug?
I'm sorry, that was a bit terse. Pretend that "Thanks for your efforts,
but" had been prepended to that. :)
--
Colin Watson [<email address hidden>]
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : Temporarily downgrading severity | #6 |
# I'm TEMPORARILY downgrading the severity of this bug because it also
# exists in testing and it's more important to get a security fix into
# testing. (I should have done this a day or two ago.)
severity 211644 important
thanks
--
Colin Watson [<email address hidden>]
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : back to serious | #7 |
# I meant to set this back to serious after a security-fixed version got
# into testing, which was a while ago now.
severity 211644 serious
thanks
--
Colin Watson [<email address hidden>]
In Debian Bug tracker #211644, Nathanael Nerode (neroden-twcny) wrote : Isn't this bug fixed yet? | #8 |
Um, status here? The CRC bit is apparently dealt with, so the only
question is: has the maintainer relicensed his Debian patches?
In Debian Bug tracker #211644, Nathanael Nerode (neroden-twcny) wrote : What's this bug waiting for? | #9 |
Ping again. Has the maintainer relicensed his Debian patches under an
OpenSSL compatible license? If so this bug can be closed.
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : Re: Bug#211644: What's this bug waiting for? | #10 |
On Thu, Dec 18, 2003 at 11:14:31AM -0500, Nathanael Nerode wrote:
> Ping again. Has the maintainer relicensed his Debian patches under an
> OpenSSL compatible license? If so this bug can be closed.
I believe Matthew was going to contact debian-legal about it to try to
find a compromise between two options neither of which I fully
understand. :) I think he's away for Christmas now, though ...
--
Colin Watson [<email address hidden>]
In Debian Bug tracker #211644, Nathanael Nerode (neroden-twcny) wrote : Bug report status? | #11 |
Maintainer! What is this waiting for?
I believe you already contacted debian-legal. Do you need any more information
before relicensing your patches?
Replies to bug trail please.
Debian Bug Importer (debzilla) wrote : | #12 |
Automatically imported from Debian bug report #211644
http://
Debian Bug Importer (debzilla) wrote : | #13 |
Message-ID: <20030919071314
Date: Fri, 19 Sep 2003 07:13:14 +0000
From: "Brian M. Carlson" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: ssh: multiple license problems
--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: ssh
Version: 1:3.6.1p2-8
Severity: serious
In the copyright file, it is claimed that:
The Debian patch is distributed under the terms of the GPL, which you
can find in /usr/share/
If this is true, then there is a license conflict. ssh is linked with
libssl0.9.7, which is the openssl library. The terms of the GPL and
those of OpenSSL's license conflict and Debian does not consider OpenSSL
to fall under the "integral part of the system" exception. See -legal
for more information, or better yet, search the archives.
One of the copyright notices in the copyright file claims:
The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
Comments in the file indicate it may be used for any purpose without
restrictions:
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.
which does *absolutely nothing* for Debian. Use (at least in the US) is
already explicitly permitted by copyright law. This grants us no rights
to distribute, modify, or copy, and so *fails* virtually every provision
of the DFSG. This code may have already been replaced, and if so, you
can ignore this portion of the bug. I remember seeing something about
this on -legal. You may want to investigate whether this is the case.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux stonewall.
p 4 21:30:10 EST 2003 i686
Locale: LANG=3DC, LC_CTYPE=3DC (ignored: LC_ALL set to C)
Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.3.14 Debian configuration managemen=
t sy
ii libc6 2.3.2-7 GNU C Library: Shared librarie=
s an
ii libpam-modules 0.76-14 Pluggable Authentication Modul=
es f
ii libpam0g 0.76-14 Pluggable Authentication Modul=
es l
ii libssl0.9.7 0.9.7b-2 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers l=
ibra
ii zlib1g 1:1.1.4-15 compression library - runtime
-- debconf information excluded
--=20
Brian M. Carlson <email address hidden> 0x560553e7
"Let us think the unthinkable, let us do the undoable. Let us prepare
to grapple with the ineffable itself, and see if we may not eff it
after all." --Douglas Adams
--tThc/1wpZn/ma/RB
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE----- iQEVAwUBP2qsiuW
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Ubi libertas, ibi patria.
Debian Bug Importer (debzilla) wrote : | #14 |
Message-ID: <email address hidden>
Date: Fri, 19 Sep 2003 11:03:53 +0100
From: Colin Watson <email address hidden>
To: "Brian M. Carlson" <email address hidden>,
<email address hidden>
Cc: Matthew Vernon <email address hidden>
Subject: Re: Bug#211644: ssh: multiple license problems
On Fri, Sep 19, 2003 at 07:13:14AM +0000, Brian M. Carlson wrote:
> Package: ssh
> Version: 1:3.6.1p2-8
> Severity: serious
>
> In the copyright file, it is claimed that:
>
> The Debian patch is distributed under the terms of the GPL, which you
> can find in /usr/share/
>
> If this is true, then there is a license conflict. ssh is linked with
> libssl0.9.7, which is the openssl library. The terms of the GPL and
> those of OpenSSL's license conflict and Debian does not consider OpenSSL
> to fall under the "integral part of the system" exception. See -legal
> for more information, or better yet, search the archives.
Yeah, I'm aware of the problem. Matthew, are you happy for me to
substitute a simple 2-clause BSD licence instead? I think you're
responsible for most of the bits of the patch that actually affect code
linked into ssh.
> One of the copyright notices in the copyright file claims:
>
> The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
> Comments in the file indicate it may be used for any purpose without
> restrictions:
>
> * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
> * code or tables extracted from it, as desired without restriction.
>
> which does *absolutely nothing* for Debian. Use (at least in the US) is
> already explicitly permitted by copyright law. This grants us no rights
> to distribute, modify, or copy, and so *fails* virtually every provision
> of the DFSG. This code may have already been replaced, and if so, you
> can ignore this portion of the bug.
It has been replaced; the upstream copyright file is simply out of date.
They've done a licence audit in 3.7 which polishes this sort of thing
up.
Cheers,
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #15 |
Message-Id: <email address hidden>
Date: Tue, 23 Sep 2003 08:55:12 -0400
From: Jeff Bailey <email address hidden>
To: <email address hidden>
Subject: tagging 211644
tag 211644 + sid
tag 211644 + sarge
Debian Bug Importer (debzilla) wrote : | #17 |
Message-ID: <email address hidden>
Date: Tue, 23 Sep 2003 18:27:26 -0400
From: <email address hidden>
To: <email address hidden>
Subject: If it helps, here's a copyright workaround
--X4H711A9W6-
Content-Type: text/plain; charset=us-ascii
Content-
It's so trivial it's hard to write a *really* different version,
but here's a tested, public-domain, implementation.
Note the slight interface change: the length is now a size_t, not
a u_int32_t. This doesn't break anything, and is the "right" type
for the size of a memory buffer.
Frankly, the original statement sure looks DFSG-free to me.
"You may use this program, or code or tables extracted from it, as
desired without restriction."
The only ambiguity is the definition of "use". Did the author mean
the narrow sense of "compile and run", or the broad sense of
"any use at all, including copying and distribution"?
Since the author clearly envisaged and permits derivative works ("code
or tables extracted from it"), it appears that the intention is the
broad sense.
(Note that ambiguity in contracts is resolved against the author of
the contract. This isn't a contract, due to the lack of consideration
on both sides, but the same principle seems to apply.)
But if somebody's going to get their panties in a bunch, "copyright
abandoned" should be clear enough.
--X4H711A9W6-
Content-Type: text/x-csrc
Content-
Content-
filename="crc32.c"
/* This file is placed into the public domain. Copyright abandoned. */
#include "includes.h" /* For size_t, u_in32_t, u_char */
#include "crc32.h"
#define CRC32_DYNAMIC 0 /* Set to 0 or 1, as desired. */
#if CRC32_DYNAMIC /* Compute the table as needed */
static u_int32_t crc32table[256];
/* 1+x+x^2+
#define CRC32_POLY 0xedb88320
/*
* Fill in the crc32table with the correct values.
* Since crc32table[x^y] = crc32table[x] ^ crc32table[y] for all x and y,
* we can derive the entire table from 9 entries. We use 0, 1, 2, 4, ... 128
* to make life simple. Because of the endianness used, it's easiest to
* compute starting at 128.
*/
static void
ssh_crc32_
{
unsigned i, j;
u_int32_t crc = 1;
crc32table[0] = 0;
for (i = 128; i; i >>= 1) {
/* Compute the correct value for crc32table[i] */
crc = (crc >> 1) ^ (crc & 1 ? CRC32_POLY : 0);
for (j = 0; j < 256; j += 2*i)
crc32table[i+j] = crc32table[j] ^ crc;
}
}
#else /* Not dynamic; use a big precomputed table */
static u_int32_t const crc32table[256] = {
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50...
Debian Bug Importer (debzilla) wrote : | #18 |
Message-ID: <email address hidden>
Date: Tue, 23 Sep 2003 23:57:00 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#211644: If it helps, here's a copyright workaround
On Tue, Sep 23, 2003 at 06:27:26PM -0400, <email address hidden> wrote:
> It's so trivial it's hard to write a *really* different version,
> but here's a tested, public-domain, implementation.
Did you see my followup to this bug?
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #19 |
Message-ID: <email address hidden>
Date: Wed, 24 Sep 2003 00:03:34 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#211644: If it helps, here's a copyright workaround
On Tue, Sep 23, 2003 at 11:57:00PM +0100, Colin Watson wrote:
> On Tue, Sep 23, 2003 at 06:27:26PM -0400, <email address hidden> wrote:
> > It's so trivial it's hard to write a *really* different version,
> > but here's a tested, public-domain, implementation.
>
> Did you see my followup to this bug?
I'm sorry, that was a bit terse. Pretend that "Thanks for your efforts,
but" had been prepended to that. :)
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #20 |
Message-ID: <email address hidden>
Date: Sun, 28 Sep 2003 01:03:30 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>
Subject: Temporarily downgrading severity
# I'm TEMPORARILY downgrading the severity of this bug because it also
# exists in testing and it's more important to get a security fix into
# testing. (I should have done this a day or two ago.)
severity 211644 important
thanks
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #21 |
Message-ID: <email address hidden>
Date: Wed, 15 Oct 2003 16:17:06 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>
Subject: back to serious
# I meant to set this back to serious after a security-fixed version got
# into testing, which was a while ago now.
severity 211644 serious
thanks
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #22 |
Message-ID: <email address hidden>
Date: Wed, 19 Nov 2003 00:35:34 -0500
From: Nathanael Nerode <email address hidden>
To: <email address hidden>
Subject: Isn't this bug fixed yet?
Um, status here? The CRC bit is apparently dealt with, so the only
question is: has the maintainer relicensed his Debian patches?
Debian Bug Importer (debzilla) wrote : | #23 |
Message-ID: <email address hidden>
Date: Thu, 18 Dec 2003 11:14:31 -0500
From: Nathanael Nerode <email address hidden>
To: <email address hidden>
Subject: What's this bug waiting for?
Ping again. Has the maintainer relicensed his Debian patches under an
OpenSSL compatible license? If so this bug can be closed.
Debian Bug Importer (debzilla) wrote : | #24 |
Message-ID: <email address hidden>
Date: Thu, 25 Dec 2003 11:41:27 +0000
From: Colin Watson <email address hidden>
To: Nathanael Nerode <email address hidden>, <email address hidden>
Subject: Re: Bug#211644: What's this bug waiting for?
On Thu, Dec 18, 2003 at 11:14:31AM -0500, Nathanael Nerode wrote:
> Ping again. Has the maintainer relicensed his Debian patches under an
> OpenSSL compatible license? If so this bug can be closed.
I believe Matthew was going to contact debian-legal about it to try to
find a compromise between two options neither of which I fully
understand. :) I think he's away for Christmas now, though ...
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #25 |
Message-Id: <email address hidden>
Date: Mon, 8 Mar 2004 22:06:39 -0500
From: Nathanael Nerode <email address hidden>
To: <email address hidden>
Subject: Bug report status?
Maintainer! What is this waiting for?
I believe you already contacted debian-legal. Do you need any more information
before relicensing your patches?
Replies to bug trail please.
Matt Zimmerman (mdz) wrote : | #26 |
Remove myself from all these CCs now that we have the warty-bugs mailing list
Matt Zimmerman (mdz) wrote : | #27 |
Increase severity of RC bugs to major, now that we have other, non-RC bugs in
the list
Matt Zimmerman (mdz) wrote : | #28 |
The likelihood of this becoming a problem for us is nearly zero. Consensus
among James, Colin, Mark and myself is that we ignore it.
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : remove entirely pointless tag combination | #29 |
tags 211644 - sarge sid
thanks
--
Colin Watson [<email address hidden>]
In Debian Bug tracker #211644, Colin Watson (cjwatson) wrote : Bug#211644: fixed in openssh 1:3.8.1p1-8 | #30 |
Source: openssh
Source-Version: 1:3.8.1p1-8
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-
to pool/main/
openssh-
to pool/main/
openssh_
to pool/main/
openssh_
to pool/main/
ssh-askpass-
to pool/main/
ssh_3.8.
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <email address hidden> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 29 Jul 2004 13:28:47 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server-udeb
Architecture: source powerpc
Version: 1:3.8.1p1-8
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <email address hidden>
Changed-By: Colin Watson <email address hidden>
Description:
openssh-
openssh-
ssh - Secure rlogin/rsh/rcp replacement (OpenSSH)
ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 211644
Changes:
openssh (1:3.8.1p1-8) unstable; urgency=high
.
* Matthew Vernon:
- Add a GPL exception to the licensing terms of the Debian patch
(closes: #211644).
Files:
162f151f8eb551
8e3fcc08d957c5
7733d6b8b49b6f
997a1eeb4608e0
abcb55c6c5d412
9351138305583b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Colin Watson <email address hidden> -- Debian developer
iD8DBQFBCPDz9t0
oQeB0xAGGB+
=D0G1
-----END PGP SIGNATURE-----
Colin Watson (cjwatson) wrote : | #31 |
Matthew's added a GPL exception to the patch (I still think he's mad for using
the GPL, but anyway); if we want to sync 1:3.8.1p1-8 or backport the copyright
diff, we can.
Debian Bug Importer (debzilla) wrote : | #32 |
Message-ID: <email address hidden>
Date: Thu, 29 Jul 2004 13:55:40 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>
Subject: remove entirely pointless tag combination
tags 211644 - sarge sid
thanks
--
Colin Watson [<email address hidden>]
Debian Bug Importer (debzilla) wrote : | #33 |
Message-Id: <email address hidden>
Date: Thu, 29 Jul 2004 09:02:04 -0400
From: Colin Watson <email address hidden>
To: <email address hidden>
Subject: Bug#211644: fixed in openssh 1:3.8.1p1-8
Source: openssh
Source-Version: 1:3.8.1p1-8
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-
to pool/main/
openssh-
to pool/main/
openssh_
to pool/main/
openssh_
to pool/main/
ssh-askpass-
to pool/main/
ssh_3.8.
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <email address hidden> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 29 Jul 2004 13:28:47 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server-udeb
Architecture: source powerpc
Version: 1:3.8.1p1-8
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <email address hidden>
Changed-By: Colin Watson <email address hidden>
Description:
openssh-
openssh-
ssh - Secure rlogin/rsh/rcp replacement (OpenSSH)
ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 211644
Changes:
openssh (1:3.8.1p1-8) unstable; urgency=high
.
* Matthew Vernon:
- Add a GPL exception to the licensing terms of the Debian patch
(closes: #211644).
Files:
162f151f8eb551
8e3fcc08d957c5
7733d6b8b49b6f
997a1eeb4608e0
abcb55c6c5d412
9351138305583b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Colin Watson <email address hidden> -- Debian developer
iD8DBQFBCPDz9t0
oQeB0xAGGB+
=D0G1
-----END PGP SIGNATURE-----
Daniel Robitaille (robitaille) wrote : | #34 |
Was fixed in Debian in 2004.
Changed in openssh: | |
status: | Unconfirmed → Fix Released |
Changed in openssh: | |
status: | Unknown → Fix Released |
On Fri, Sep 19, 2003 at 07:13:14AM +0000, Brian M. Carlson wrote: common- licenses/ GPL.
> Package: ssh
> Version: 1:3.6.1p2-8
> Severity: serious
>
> In the copyright file, it is claimed that:
>
> The Debian patch is distributed under the terms of the GPL, which you
> can find in /usr/share/
>
> If this is true, then there is a license conflict. ssh is linked with
> libssl0.9.7, which is the openssl library. The terms of the GPL and
> those of OpenSSL's license conflict and Debian does not consider OpenSSL
> to fall under the "integral part of the system" exception. See -legal
> for more information, or better yet, search the archives.
Yeah, I'm aware of the problem. Matthew, are you happy for me to
substitute a simple 2-clause BSD licence instead? I think you're
responsible for most of the bits of the patch that actually affect code
linked into ssh.
> One of the copyright notices in the copyright file claims:
>
> The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
> Comments in the file indicate it may be used for any purpose without
> restrictions:
>
> * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
> * code or tables extracted from it, as desired without restriction.
>
> which does *absolutely nothing* for Debian. Use (at least in the US) is
> already explicitly permitted by copyright law. This grants us no rights
> to distribute, modify, or copy, and so *fails* virtually every provision
> of the DFSG. This code may have already been replaced, and if so, you
> can ignore this portion of the bug.
It has been replaced; the upstream copyright file is simply out of date.
They've done a licence audit in 3.7 which polishes this sort of thing
up.
Cheers,
--
Colin Watson [<email address hidden>]