FS#68561 - [v2ray] Redistribting XTLS in V2Ray Violates Its Open Source License

Attached to Project: Community Packages
Opened by James Lorenz (JLorenz) - Sunday, 08 November 2020, 01:44 GMT
Last edited by Morten Linderud (Foxboron) - Wednesday, 25 November 2020, 23:38 GMT
Task Type General Gripe
Category Packages
Status Closed
Assigned To Morten Linderud (Foxboron)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

XTLS is a library being used by V2Ray (/bin/v2ray)

Forwarded From Debian Developers:
https://github.com/XTLS/Go/issues/9
https://github.com/v2ray/v2ray-core/issues/2789

A component, XTLS, of V2Ray is using a "Private" license, which itself forbids the redistribution of XTLS.
https://github.com/XTLS/Go/blob/main/LICENSE

One cannot redistribute V2Ray under this license anymore.
Please consider a patch to remove this dependency or remove V2Ray from community repo.


Additional info:

* package version(s)
V2Ray v4.28+

* config and/or log files etc.

* link to the upstream bug reports, if any
https://github.com/XTLS/Go/issues/9
https://github.com/v2ray/v2ray-core/issues/2789

Steps to reproduce:
This task depends upon

Closed by  Morten Linderud (Foxboron)
Wednesday, 25 November 2020, 23:38 GMT
Reason for closing:  Won't fix
Additional comments about closing:  We don't list licenses of vendored deps.
Comment by Ram Pani (DuckSoft) - Sunday, 08 November 2020, 04:30 GMT
They've made a change.

See: https://github.com/XTLS/Go/commit/4c3710394d5e83f942b009e247b017abb4614654

---------
ps:

@rprx, the author of XTLS is actually one maintainer of V2Ray (V2Fly).
It's more like a not-so-specific license problem, rather than some license bomb.
Comment by Icenowy Zheng (icenowy) - Monday, 09 November 2020, 00:05 GMT
After this change, the XTLS part is still not free software, so the license field should not be MIT, it should be something like "MIT with non-free component", etc.
Comment by Morten Linderud (Foxboron) - Wednesday, 25 November 2020, 23:37 GMT
We don't list licenses of vendored dependencies in license fields, it would be unreasonable for the average package.

This can maybe be fixed if we eventually migrate to SPDX license fields, but until then I'm closing as "Won't Fix"

Loading...