[Bug 181244] Re: libcdio GPL/license violation
Schily
joerg.schilling at fokus.fraunhofer.de
Thu Jan 14 09:33:09 UTC 2010
The original problem has not been fixed:
- it is even worse now as the current libcdio is published under a supposed GPLv3 or
any later while it contains code that was published under "GPLv2 only".
The authors of the related code have not been asked and would not give their OK
for a license change (if asked).
- there is still the gstreamer library, being intentionally under LGPL because this is
needed to make it usable by the intended application code that calls libcdio.
A fix for audio playback is to use the replacement library (that calls cdda2wav) I wrote with Sun.
This library has a clean privilege separation and thus does not create the problems that make
users of libcdio a potential security risk.
In general, it is a conceptional mistake to put high level stuff like CD/DVD writing high level code
into a library as CD/DVD writing is a privileges operation that needs root privileges on most
platforms. Thus applications developed based on such a library (including all libraries they call)
would need a full in depth secutiry audit.
Conclusion, I recommend to stop distributing libcdio as Sun did in 2007.
--
libcdio GPL/license violation
https://bugs.launchpad.net/bugs/181244
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list