[Secureideas-base-devel] BASE and Debian

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all,

I just wanted to post a quick note explaining that as of right now  
BASE is no longer available
via the Debian repositories.  There is one reason for this and sadly,  
I do not know how to
fix it.

First, I am not the person who submitted BASE to be included in  
Debian but I was excited
that it had become popular enough that someone would want it there.   
This has been one of
the many places you could get BASE for quite awhile now.

As of 1.2.7 (karen), it was rejected due to license constraints.  Now  
I am sure that most of you
are thinking: "What the heck, BASE is GPL!?!?"  And that would be a  
valid thought.  The
issue is that BASE uses Image_Graph, which by the way is LGPL.   
Image_Graph then
makes use of Image_Canvas, which is also LGPL.  So far we are fine.   
But then Image_Canvas
uses Image_Color.  Image_Color is licensed with the PHP 2.0.2  
license.  While this license is
approved by the Open Source Initiative, Debian has a problem with  
it.  They consider it fine
for PHP but it has a couple of trademark clauses that appear to make  
it invalid for programs that
are not PHP.  I do not mean written in PHP, I mean actually PHP.   
Now, I am not sure this is
accurate of them, because I am not a lawyer.  But I think they, of  
any one, would know.  They
have asked the maintainer of Image_Color to relicense and he has said  
no as he has only
written some of the code and the original authors are no longer  
around to ask if they are
ok with the change.

So as of Etch, BASE, which they refer to as acidbase, will not longer  
be available via
the main repositories.

The question I have is do we do something to fix this?  I have had a  
number of email discussions
where I have pointed out that graphing is not a required feature,  
that users can install the PEAR
libraries after we are installed, and that Debian themselves do not  
consistently apply this type
of decision.  They have asked us to rewrite the graphing system to  
use a different library, one that
Debian approves of.

My opinion is, that we have nothing to do.  The libraries we use are  
open source and any user
can download BASE from the Sourceforge site and install it.  But I  
think as an open source project
I have a requirement to bring this to the developers as a group.  So  
here it is....

What do you guys all think?

Thanks
Kevin

Kevin Johnson GCIA, GCIH, CISSP, CEH
Principal Consultant
Secure Ideas
http://www.secureideas.net