Hi,
I was looking at the some of the dependencies generated by AutoReqProv in the RPMS in Fedora 11 and I noticed the following:
eclipse-swt (epl) requires: libxpcom.so provided-by: nspluginwrapper (gplv2+)
php-cli (php) requires: libreadline.so provided-by: readline (gplv2+)
How is this possible? I don't think EPL or PHP licenses are allowed to dynamically link to GPLV2+ libraries.
I see that neither of these dependency problems exist in RHEL 5.4 (eclipse-swt is known as libswt3-gtk2 in RHEL 5.4).
ps. I'm a B.Sc. student doing a research project on licensing problems in open source linux distros, so I'm excited to see if my techniques have actually found some real life licensing problems.
-- yours,
Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/logging.html
On 11/11/2009 06:40 PM, Julius Davies wrote:
Hi,
I was looking at the some of the dependencies generated by AutoReqProv in the RPMS in Fedora 11 and I noticed the following:
eclipse-swt (epl) requires: libxpcom.so provided-by: nspluginwrapper (gplv2+)
This is actually linked to xulrunner, which is "MPLv1.1 or GPLv2+ or LGPLv2+".
php-cli (php) requires: libreadline.so provided-by: readline (gplv2+)
This looks to be a genuine issue. I'm looking into it. (Readline is now GPLv3+, but I'm not sure it makes a difference.)
~spot
Thanks, Spot,
I was looking at the some of the dependencies generated by AutoReqProv in the RPMS in Fedora 11 and I noticed the following:
eclipse-swt (epl) requires: libxpcom.so provided-by: nspluginwrapper (gplv2+)
This is actually linked to xulrunner, which is "MPLv1.1 or GPLv2+ or LGPLv2+".
Thanks so much for this clarification! I see now where I made a mistake. Oops.
php-cli (php) requires: libreadline.so provided-by: readline (gplv2+)
This looks to be a genuine issue. I'm looking into it. (Readline is now GPLv3+, but I'm not sure it makes a difference.)
~spot
Hi, Fedora-Legal,
Congratulations on FC12 ! Can't wait to try it out.
Here's my question:
How does the package system (e.g. apt/up2date/yum???) deal with dependencies that can be satisfied by more than 1 package? Or does this just not matter in real life?
I put together a list of all pertinent "Provides" entries on the FC11 i386 DVD that can be satisfied in more than one way. The list is pretty small (25 entries) since I discarded things that never show up in "Requires". Any tips on how I should choose which package to depend on for what I'm doing (analyzing licensing between a package and its dependencies).
Ambiguous maintainer "provides": ------------------------------------- dbus-bluez-pin-helper java java-sasl jaxp_parser_impl jaxp_transform_impl jce jre jsp jsse kdelibs kernel kernel-devel kernel-drm-nouveau libproxy-pac pcsc-ifd-handler pinentry-gui policykit-authentication-agent qt servlet syslog text-www-browser
Ambiguous AutoReqProv "provides:" ------------------------------------- libbaconvideowidget.so.0 libjawt.so libjvm.so libxpcom.so
Here's a specific example for "Provides: jaxp_transform_impl":
saxon Java XSLT processor saxon-6.5.5-2.3.fc11.src.rpm http://saxon.sourceforge.net/ mplv1.0
xalan-j2 xalan-j2-2.7.0-8.5.fc11.src.rpm http://xalan.apache.org/ asl 1.1 and asl 2.0 and w3c
yours,
Julius
I was looking at the some of the dependencies generated by AutoReqProv in the RPMS in Fedora 11 and I noticed the following:
eclipse-swt (epl) requires: libxpcom.so provided-by: nspluginwrapper (gplv2+)
This is actually linked to xulrunner, which is "MPLv1.1 or GPLv2+ or LGPLv2+".
Thanks so much for this clarification! I see now where I made a mistake. Oops.
On 11/18/2009 12:31 PM, Julius Davies wrote:
I put together a list of all pertinent "Provides" entries on the FC11 i386 DVD that can be satisfied in more than one way. The list is pretty small (25 entries) since I discarded things that never show up in "Requires". Any tips on how I should choose which package to depend on for what I'm doing (analyzing licensing between a package and its dependencies).
We really should clean these up. While it is possible to have multiple packages provide the same component, in practice, it should be treated as a conflict.
For your testing, I would look at what packages were used in the buildroot when the dependent package was built.
Btw, the php-cli/readline issue has been addressed in F11+ (F10 is EOL shortly, so I didn't bother there). It now links to libedit instead.
Fedora 11: http://admin.fedoraproject.org/updates/php-5.2.11-2.fc11 Fedora 12: http://admin.fedoraproject.org/updates/php-5.3.0-7.fc12
~spot
Hi, Spot,
Thanks for the note! I don't yet know how to "look at what packages were used in the buildroot," but I'll try to figure that out.
Meanwhile here's my best guess at resolving these:
http://juliusdavies.ca/uvic/csc490-2009-fall-dmg/manual-deps.html
yours,
Julius
On Wed, Nov 18, 2009 at 10:35 AM, Tom "spot" Callaway tcallawa@redhat.com wrote:
On 11/18/2009 12:31 PM, Julius Davies wrote:
I put together a list of all pertinent "Provides" entries on the FC11 i386 DVD that can be satisfied in more than one way. The list is pretty small (25 entries) since I discarded things that never show up in "Requires". Any tips on how I should choose which package to depend on for what I'm doing (analyzing licensing between a package and its dependencies).
We really should clean these up. While it is possible to have multiple packages provide the same component, in practice, it should be treated as a conflict.
For your testing, I would look at what packages were used in the buildroot when the dependent package was built.
Btw, the php-cli/readline issue has been addressed in F11+ (F10 is EOL shortly, so I didn't bother there). It now links to libedit instead.
Fedora 11: http://admin.fedoraproject.org/updates/php-5.2.11-2.fc11 Fedora 12: http://admin.fedoraproject.org/updates/php-5.3.0-7.fc12
~spot
"JD" == Julius Davies juliusdavies@gmail.com writes:
JD> Hi, Spot, Thanks for the note! I don't yet know how to "look at JD> what packages were used in the buildroot," but I'll try to figure JD> that out.
At least the koji web interface can show you. If you start at a build, click on the Task, and then click on the buildArch descendent task, then on the Buildroot, and then on "Component RPMs".
- J<
On Wed, Nov 11, 2009 at 3:40 AM, Julius Davies wrote:
ps. I'm a B.Sc. student doing a research project on licensing problems in open source linux distros, so I'm excited to see if my techniques have actually found some real life licensing problems.
Would you consider joining Fedora's gach project? https://fedorahosted.org/gach/ The project aims to do an automated review of new packages submitted to Fedora review. There is a large number of elements that need to be checked in anew package before it gets accepted, and the license check is one of them. If you can code in python, I am sure you can write a license check script for this project, and this will be very much appreciated.
Orcan