[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-hackers] Re: Backdoor GPL in message-digest

From: Kon Lovett
Subject: [Chicken-hackers] Re: Backdoor GPL in message-digest
Date: Mon, 23 Aug 2010 12:43:21 -0700

On Aug 23, 2010, at 7:48 AM, Jim Ursetto wrote:


The addition of the GPL-3 format-compiler-base to check-errors in SVN
r19227 has tainted amb, apropos, box, directory-utils,
err5rs-arithmetic, list-utils, locale, lookup-table, macosx, mailbox,
message-digest, moremacros, multimethod, pandora,
procedure-description, remote-mailbox, sqlite3, srfi-19, srfi-27,
srfi-29, srfi-41, srfi-45, stack, string-utils, symbol-utils, and

Assume a component of package A uses something that is GPL'ed, but no other component in that package uses the GPL tainted component (it is "just along for the ride"). Then all components of package A are tainted?

Doesn't this reasoning lead to the absurd conclusion that any software installation with a GPL'ed component somewhere is tainted? Or is it just the act of packaging? Then the Chicken svn repo is tainted since it can be delivered as a package?

Obviously I don't know what constitutes a "package" in this context.

Primarily we are concerned about message-digest because it taints sha1
and from there, qwiki and http-session.  For example, see

We'd appreciate it if you would remove this dependency.



Best Wishes,

P.S. err5rs-arithmetic is not released & multimethod probably will never have a release.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]