http://bugzilla.novell.com/show_bug.cgi?id=494804 Summary: OpenSUSE 11.1 distribution DVD appears in violation of GPLv2 license it released under Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: Other OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jim.foris@med.ge.com QAContact: qa@suse.de Found By: --- Created an attachment (id=285641) --> (http://bugzilla.novell.com/attachment.cgi?id=285641) List of source and binary RPM packages involved. User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.6) Gecko/2009020414 CentOS/3.0.6-1.el5.centos Firefox/3.0.6 Examined all 3627 RPM packages on openSUSE 11.1 x86_64 DVD to identify source RPMS they were built from. Found 859 source packages that are not available on any distribution site, but were referenced by one (or more) of the binaries. Of these, found 329 source RPMS which had different version numbers, but same changelog as the associated distribution binaries - leaving 530 package that I can not find a source with a matching changelog for - meaning, there is no way for someone else to actually build that binary or know exactly what they are installing. GPLv2 (the license used for the aggregate distribution) requires that the exact sources used to build the binaries be available - which appears NOT to be the case for 25% (best case) to 40% (worst case) of the sources. With such a large portion of the ISO affected (this corresponds to 24% to 37% of the binaries) it appears something in the build / distribution system is significantly broken and the resulting ISOs are not in compliance with their license, or the licenses of a significant amount of the software they contain. I have not looked at the full repository to see if this pattern holds, but since the ISO sources and binaries both came from it, I suspect that that it does and that the same problem exists for the release as a whole (and all the ISOs distributed from it). To summarize, for the x86_64 ISO: 3627 binary RPMs in the distribution 2063 required SRPMs Of the needed SRPMs: 859 missing (do not exactly match binary reference) Of these missing SRPMs: 329 may match (package version same, release number different, but changelogs match) 485 binaries reference these sources 530 close (package version same, release number different, changelogs are different) 880 binaries reference these sources 1365 binaries affected by above. (Attached are list of relevant packages.) Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.