Arch Linux

The argon2 package needs some polishing before this can happen...

https://github.com/P-H-C/phc-winner-argon2/pull/236

@eworm It seems your PR is merged and new release available https://github.com/P-H-C/phc-winner-argon2/releases/tag/20171227

If cryptsetup is linked against argon2 which is licensed Apache 2.0 / CC0 1.0 Universal [1] then should cryptsetup not be changed to GPL 3.0 [3]
or the argon2 package marked as Apache/CC0 some of the code seems CC0 only see [2]
[1] https://github.com/P-H-C/phc-winner-argon2/blob/master/LICENSE
[2] https://github.com/P-H-C/phc-winner-argon2/blob/master/README.md
[3] https://www.gnu.org/licenses/license-list.html#apache2

@loqs Cryptsetup is GPL2 and has already build-in argon2 library under licenses you linked https://gitlab.com/cryptsetup/cryptsetup/blob/master/lib/crypto_backend/argon2/argon2.h

If you have any licenses questions ask upstream as Arch can't change licenses of packages it provides.

@geecroof cryptsetup is gpl2 or later https://gitlab.com/cryptsetup/cryptsetup/blob/master/src/cryptsetup.c#L12
Why do believe arch can not follow the licence and distribute under version 3 as permitted by the text of the version 2 or later licence?
As the file you linked to is dual licensed Apache 2.0 / CC0 and there is no conflict between CCO and GPL2 what issue do you believe exists there?
The issue I raised was the arch argon2 package being under Apache 2.0 only https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/argon2#n9
So arch has picked one of the two licences for argon2 instead of using both which is incompatible with the GPL2 at least that is the position of the FSF.
You also did not address only some of the argon2 source appearing to be be CC0 which by arch distributing it under Apache 2 would be a license change anyway.

Two additional notes:
As a basic principal any licensee can change the licence provided such a license change is permitted by the existing licence(s) or by the copyright holder.
Such a GPL change from 2 to 3 would also be needed for executables linking against cups when cups switches from GPL to Apache 2 provided they permit updating to a later version of the GPL
unless arch finds the Apache 2 license is compatible with the GPL 2 license.

I'm not sure if PKGBUILD allows for adding two licenses. If that's true then second license can be added easily. I doubt that maintainer explicitly wanted Apache.

The license field in a PKGBUILD is an array... there are many packages that list multiple licenses.

@eschwartz thx for the info.

@loqs so you can open an issue for argon2 package for adding additional license and problem solved.

Created  FS#56897 

New package cryptsetup 2.0.0-4 in [testing] has been built with argon2.
Give it some good testing.