[Secureideas-base-devel] BASE and Debian
Brought to you by:
secureideas,
sinukas
From: Kevin J. <kjo...@se...> - 2006-12-12 04:35:21
|
Hi all, I just wanted to post a quick note explaining that as of right now BASE is no longer available via the Debian repositories. There is one reason for this and sadly, I do not know how to fix it. First, I am not the person who submitted BASE to be included in Debian but I was excited that it had become popular enough that someone would want it there. This has been one of the many places you could get BASE for quite awhile now. As of 1.2.7 (karen), it was rejected due to license constraints. Now I am sure that most of you are thinking: "What the heck, BASE is GPL!?!?" And that would be a valid thought. The issue is that BASE uses Image_Graph, which by the way is LGPL. Image_Graph then makes use of Image_Canvas, which is also LGPL. So far we are fine. But then Image_Canvas uses Image_Color. Image_Color is licensed with the PHP 2.0.2 license. While this license is approved by the Open Source Initiative, Debian has a problem with it. They consider it fine for PHP but it has a couple of trademark clauses that appear to make it invalid for programs that are not PHP. I do not mean written in PHP, I mean actually PHP. Now, I am not sure this is accurate of them, because I am not a lawyer. But I think they, of any one, would know. They have asked the maintainer of Image_Color to relicense and he has said no as he has only written some of the code and the original authors are no longer around to ask if they are ok with the change. So as of Etch, BASE, which they refer to as acidbase, will not longer be available via the main repositories. The question I have is do we do something to fix this? I have had a number of email discussions where I have pointed out that graphing is not a required feature, that users can install the PEAR libraries after we are installed, and that Debian themselves do not consistently apply this type of decision. They have asked us to rewrite the graphing system to use a different library, one that Debian approves of. My opinion is, that we have nothing to do. The libraries we use are open source and any user can download BASE from the Sourceforge site and install it. But I think as an open source project I have a requirement to bring this to the developers as a group. So here it is.... What do you guys all think? Thanks Kevin Kevin Johnson GCIA, GCIH, CISSP, CEH Principal Consultant Secure Ideas http://www.secureideas.net |