Learn more about these different git repos.
Other Git URLs
Since commit 5f26e2d "bcrypt" is a hard dependency for pagure. However bcrypt is licensed under "ASL 2.0 and ISC and BSD and BSD with advertising". The most important licenses here are are "ASL 2.0" and "BSD with advertising".
The "ASL 2.0" requirement could be satisfied by using pagure effectively under "GPLv3+" (and I think the project should do this as there is no way using pagure in an GPLv2 mode.
The more consequential thing is "BSD with advertising" though. bcrypt 3.0 added a blowfish implementation from OpenBSD so module is also covered under the traditional 4-clause BSD license.
upstream issue filed as https://github.com/pyca/bcrypt/issues/169
To be clear here, the issue is not the license of bcrypt, but the license of python-bcrypt.
Two files in python-bcrypt (src/_csrc/blf.c|h) are under BSD with advertising (and the copyright holder is not the Regents of the University of California.
BSD with advertising is widely considered to be incompatible with the GPL, meaning that this is a legitimate concern.
I've tweeted at Niels Provos to see if I can start a dialog about dropping the advertising clause: https://twitter.com/spotrh/status/1109093574384193536
Good news everyone. Niels has agreed to waive/remove the "advertising" clause in this code. I've pushed this change upstream in a Pull Request to python-bcrypt. His permission to relicense resolves this concern for pagure immediately, though, once this change lands upstream, pagure should use the newer python-bcrypt code so that others who see this will not be confused.
Upstream PR merged: https://github.com/pyca/bcrypt/pull/170 For my understanding, there is not much from a pagure side that can or need to be done at this point? So we can go ahead and close this issue? @fschwarz @spot
Metadata Update from @wombelix: - Issue assigned to wombelix
I see no reason why this cannot close. The licensing incompatibility was resolved 3 years ago. :)
Thanks for confirming @spot :thumbsup:
Metadata Update from @wombelix: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.