GateHub & OpenPGPjs LGPL license terms

[floss]

GateHub wallet frontend code includes the minified version of the OpenPGP JS library. This software was released under LGPL license. Free Software Foundation holds copyright.

From:

https://github.com/openpgpjs/openpgpjs/blob/master/LICENSE
 

Quote

 

...

 A "Combined Work" is a work produced by combining or linking an
Application with the Library.  The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".

The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.

....

4. Combined Works.

  You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:

   a) Give prominent notice with each copy of the Combined Work that
   the Library is used in it and that the Library and its use are
   covered by this License.

Where can I see this prominent notice?

 

Quote

   Accompany the Combined Work with a copy of the GNU GPL and this license
   document.

Where can I find accompanied copy of the GNU GPL and LGPL license?

 

Quote

 

   c) For a Combined Work that displays copyright notices during
   execution, include the copyright notice for the Library among
   these notices, as well as a reference directing the user to the
   copies of the GNU GPL and this license document.

GateHub site shows (copyright) GateHub. But where is the copyright notice for the OpenPGP JS library?

 

Quote

 

   d) Do one of the following:

       0) Convey the Minimal Corresponding Source under the terms of this
       License, and the Corresponding Application Code in a form
       suitable for, and under terms that permit, the user to
       recombine or relink the Application with a modified version of
       the Linked Version to produce a modified Combined Work, in the
       manner specified by section 6 of the GNU GPL for conveying
       Corresponding Source.

Where can I find Corresponding Application Code in a form suitable for the user to recombine Application with a modified version of OpenPGP JS library?

 

Quote

 

 

       1) Use a suitable shared library mechanism for linking with the
       Library.  A suitable mechanism is one that (a) uses at run time
       a copy of the Library already present on the user's computer
       system, and (b) will operate properly with a modified version
       of the Library that is interface-compatible with the Linked
       Version.

   e) Provide Installation Information, but only if you would otherwise
   be required to provide such information under section 6 of the
   GNU GPL, and only to the extent that such information is
   necessary to install and execute a modified version of the
   Combined Work produced by recombining or relinking the
   Application with a modified version of the Linked Version. (If
   you use option 4d0, the Installation Information must accompany
   the Minimal Corresponding Source and Corresponding Application
   Code. If you use option 4d1, you must provide the Installation
   Information in the manner specified by section 6 of the GNU GPL
   for conveying Corresponding Source.)

 

 

[oz_bolt]

It looks like someone has recently reported (alleged) LGPL license violation to Free Software Foundation. @gatehub? @gregor?

[floss]

Any chance for a reply from @gatehub? @enej?

[T8493]

3 hours ago, floss said:

Any chance for a reply from @gatehub? @enej?

Do you really expect anyone from GateHub will answer your questions? If they violate LGPL license terms, they certainly won't write this on a public forum.

However, I must admit it would be interesting to see "Corresponding Application Code" (bullet d) 0) of LGPL) of their wallet. It would probably make third party reviews of their wallet a lot easier. Maybe bullet d) 0) will also "force" them to reconsider licensing of their wallet and release its source code under some reasonable open source license.

 

 

Edited October 10, 2016 by T8493