Package: gnome-screensaver Severity: normal Dear Maintainer,
under [1] the author of XScreenSaver (BSD license) claims that one of the authors of gnome-screensaver copied his code and replaced the original licensing and copyright information with a GPL-2 stanza and added his own copyright statement in the process. Thus probably all versions of gnome-screensaver are affected, and the originating version would be either XSS 4.23, 4.24, 5.00 or 5.01 as those were the releases made in 2006, the earliest year in the GPL-2 copyright stanza. A quick comparison of gnome-screensaver/src/gs-grab-x11.c and xscreensaver-5.45+dfsg1/driver/lock.c appears to corroborate this: xfree_lock_grab_smasher() in XSS and xorg_lock_smasher_set_active() in GSS are preceded by an identical comment and have common variable names. I haven't looked further into this, but I wouldn't be surprised if a lot more was copied. Furthermore, cinnamon-screensaver and mint-screensaver are affected by the same issue since they are apparently forks of gnome-screensaver. It seems advisable to consult debian-legal to see how big of a problem this is and if it renders these packages undistributable. Regards. 1: https://www.jwz.org/blog/2021/01/i-told-you-so-2021-edition/
