floss Posted October 4, 2016 Share Posted October 4, 2016 GateHub wallet frontend code includes the minified version of the OpenPGP JS library. This software was released under LGPL license. Free Software Foundation holds copyright. From: https://github.com/openpgpjs/openpgpjs/blob/master/LICENSE Quote ... A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. .... 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. Where can I see this prominent notice? Quote Accompany the Combined Work with a copy of the GNU GPL and this license document. Where can I find accompanied copy of the GNU GPL and LGPL license? Quote c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. GateHub site shows (copyright) GateHub. But where is the copyright notice for the OpenPGP JS library? Quote d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. Where can I find Corresponding Application Code in a form suitable for the user to recombine Application with a modified version of OpenPGP JS library? Quote 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) T8493 1 Link to comment Share on other sites More sharing options...
oz_bolt Posted October 6, 2016 Share Posted October 6, 2016 It looks like someone has recently reported (alleged) LGPL license violation to Free Software Foundation. @gatehub? @gregor? Link to comment Share on other sites More sharing options...
floss Posted October 10, 2016 Author Share Posted October 10, 2016 Any chance for a reply from @gatehub? @enej? Link to comment Share on other sites More sharing options...
T8493 Posted October 10, 2016 Share Posted October 10, 2016 (edited) 3 hours ago, floss said: Any chance for a reply from @gatehub? @enej? Do you really expect anyone from GateHub will answer your questions? If they violate LGPL license terms, they certainly won't write this on a public forum. However, I must admit it would be interesting to see "Corresponding Application Code" (bullet d) 0) of LGPL) of their wallet. It would probably make third party reviews of their wallet a lot easier. Maybe bullet d) 0) will also "force" them to reconsider licensing of their wallet and release its source code under some reasonable open source license. Edited October 10, 2016 by T8493 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now