FS#56703 - [cryptsetup] Use system Argon2 library
Attached to Project:
Arch Linux
Opened by David McAdoo (geecroof) - Wednesday, 13 December 2017, 12:47 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 10 January 2018, 15:08 GMT
Opened by David McAdoo (geecroof) - Wednesday, 13 December 2017, 12:47 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 10 January 2018, 15:08 GMT
|
Details
Description:
Upstream recommends using system-wide Argon2 implementation as internal one is very slow[1] To build with system-wide Argon2 it needs "--enable-libargon2" configure parameter. Also adding Argon2 dependency and moving Argon2 package to core would be necessary. http://www.saout.de/pipermail/dm-crypt/2017-December/005773.html |
Closed by Eli Schwartz (eschwartz)
Wednesday, 10 January 2018, 15:08 GMT
Reason for closing: Fixed
Additional comments about closing: cryptsetup 2.0.0-5
Wednesday, 10 January 2018, 15:08 GMT
Reason for closing: Fixed
Additional comments about closing: cryptsetup 2.0.0-5
or the argon2 package marked as Apache/CC0 some of the code seems CC0 only see [2]
[1] https://github.com/P-H-C/phc-winner-argon2/blob/master/LICENSE
[2] https://github.com/P-H-C/phc-winner-argon2/blob/master/README.md
[3] https://www.gnu.org/licenses/license-list.html#apache2
If you have any licenses questions ask upstream as Arch can't change licenses of packages it provides.
Why do believe arch can not follow the licence and distribute under version 3 as permitted by the text of the version 2 or later licence?
As the file you linked to is dual licensed Apache 2.0 / CC0 and there is no conflict between CCO and GPL2 what issue do you believe exists there?
The issue I raised was the arch argon2 package being under Apache 2.0 only https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/argon2#n9
So arch has picked one of the two licences for argon2 instead of using both which is incompatible with the GPL2 at least that is the position of the FSF.
You also did not address only some of the argon2 source appearing to be be CC0 which by arch distributing it under Apache 2 would be a license change anyway.
As a basic principal any licensee can change the licence provided such a license change is permitted by the existing licence(s) or by the copyright holder.
Such a GPL change from 2 to 3 would also be needed for executables linking against cups when cups switches from GPL to Apache 2 provided they permit updating to a later version of the GPL
unless arch finds the Apache 2 license is compatible with the GPL 2 license.
@loqs so you can open an issue for argon2 package for adding additional license and problem solved.
FS#56897Give it some good testing.