Feeds

Debian components breach terms of GPLv2

You want source code with that?

Mobile application security vulnerability report

A top Debian contributor has been left "pretty disappointed" by elements of the Debian community for failing to comply with the conditions of the GNU GPLv2 license.

Daniel Baumann, who maintains the Debian Syslinux bootloader package, has said Debian components were being released only in binary form without source code - resulting in problems for Apple Macintosh users.

"I don't want to blame individual persons," Baumann said. "This is just a note of how disappointed I'm about some parts of Debian that are not complying to licenses when it comes to distributing software."

One problem concerns Debian CD - the toolkit used to build new versions of Debian for public release. Baumann found the toolkit was using an embedded binary version of Syslinux rather than taking a full version with source code from the official Debian archive. Another instance involved the Sarge release of Debian that shipped with Syslinux 2.04 in binary and Syslinux 2.11 in source.

Baumann also found that source code for some components was missing from last November's beta version of KDE 4 - although this has now been removed from the Debian Live CDs distribution list.

The problem of synchronizing source and binary versions of Debian packages affected some Apple users last week when they tried to install the first beta release of the Lenny, the latest version Debian. Some users found their keyboard freezing up as a result of the wrong binary-only version of Syslinux being included in the package. In this case the current archive version of Syslinux (3.71) did not work - while an earlier version (3.63) embedded in Debian Installer worked fine.

Baumann has acknowledged that the problem is most likely the result of the increasingly heavy workload faced by the Debian community and the growing popularity of Debian-based Linux distros.

"It appears that as good as our package checks are, we spend little to no time to check our resulting products made from these packages," Baumann said.®

The Essential Guide to IT Transformation

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.