[Fedora-legal-list] Re: Legal Problem: md5 implementation
Tom "spot" Callaway
tcallawa at redhat.com
Tue Sep 18 13:31:53 UTC 2007
On Tue, 2007-09-18 at 09:02 +0200, Thorsten Leemhuis wrote:
> My package mail-notification is GPL and uses it. :-/
>
> But why are "*we* going to need to replace it"? Is the issue that urgent
> so there is not even 24 or 72 hours to talk to upstream to make them
> aware of the issue first? Then maybe upstream can fix it quickly once
> and for all and for all distributions? Or are we not allowed to talk
> about this in public bug trackers?
No, the issue is not that urgent. We (Fedora) need to take action to
remedy this. This could be in the form of writing a patch and submitting
it upstream for review, or simply pointing to upstream and having them
resolve it, then taking in the same changes in Fedora.
Ultimately, upstream is responsible for this problem, but by helping
make them aware of it (and possibly fixing it for them), we're being
good community participants.
I would love to have all of these cases resolved by F8, but
realistically, I'm not going to require it until F9.
~spot
More information about the legal
mailing list