Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1023717 - xl2tpd-1.3.3 is available
Summary: xl2tpd-1.3.3 is available
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: xl2tpd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
 
Reported: 2013-10-27 10:03 UTC by Upstream Release Monitoring
Modified: 2014-01-22 22:18 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-01-22 22:18:54 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Upstream Release Monitoring 2013-10-27 10:03:21 UTC 
Latest upstream release: 1.3.2rc4
Current version/release in Fedora Rawhide: 1.3.1-14.fc20
URL: https://github.com/xelerance/xl2tpd/tags

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 1 Upstream Release Monitoring 2013-11-16 10:52:26 UTC 
Latest upstream release: 1.3.2
Current version/release in Fedora Rawhide: 1.3.1-14.fc20
URL: https://github.com/xelerance/xl2tpd/tags

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 2 Upstream Release Monitoring 2014-01-04 11:09:05 UTC 
Latest upstream release: 1.3.3
Current version/release in Fedora Rawhide: 1.3.1-14.fc20
URL: https://github.com/xelerance/xl2tpd/tags

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Comment 3 Paul Wouters 2014-01-04 20:52:46 UTC 
CC:ing fe-legal on this bug:


There is an interesting change in license of xl2tpd 1.3.3:

https://github.com/xelerance/xl2tpd/commit/f039398af5d97921ade559c0e6d5b11a818ddff5

+Special exception for linking xl2tpd with OpenSSL:
+
+  In addition, as a special exception, Xelerance Corporation gives
+  permission to link the code of this program with the OpenSSL
+  library (or with modified versions of OpenSSL that use the same
+  license as OpenSSL), and distribute linked combinations including
+  the two. You must obey the GNU General Public License in all
+  respects for all of the code used other than OpenSSL. If you modify
+  this file, you may extend this exception to your version of the
+  file, but you are not obligated to do so. If you do not wish to
+  do so, delete this exception statement from your version.

However, I worked at Xelerance, when we forked Mark Spencer's l2tpd code which is licensed under GPLv2+. There are also significant contributions made by other people under the GPL. I am not aware of authors having been contacted about this change of license. Neither I nor Tuomo Soini have been contacted.

This change was done when they merged in one of my FIPS patches from the fedora branch that removed native md5 code to use openssl's md5 code to ensure FIPS compliance. This might have caused a license problem by mixing GPL and the openssl license?

Should I change the code in fedora to use nss instead of openssl?

Am I correct in that we should not ship version 1.3.3 if we know this license change is dubious at best?
Comment 4 Tom "spot" Callaway 2014-01-22 22:18:54 UTC 
Eh, we don't use the openssl exception, so its not a Fedora blocker (we'd just no-op it away), because we consider openssl to be a system library.

You should definitely talk to the upstream about the inappropriateness of changing the license without clearing it through all the copyright holders (assuming you didn't assign your copyright in that work to them). The change they made is reasonably non-controversial (its the standard FSF openssl exception), but still.

Closing this as NOTABUG.
Note You need to log in before you can comment on or make changes to this bug.