[Update] The issue has been fixed in the libsdl1.2 package (#814445), but copying this last bit of info in the case that it's useful for the future, in the case that we need to revisit the issue later.
2016-02-21 13:04 Ben Hutchings:
Gareth has now updated the licence text at <http://www.mccaughan.org.uk/g/software.html#qsort>
So Ben Hutchings contacted the author of the original code and the author promptly relicensed and clarified some aspects, so this doesn't seem to be a legal threat. In the meanwhile, we had notified SDL upstream and they had changed the implementation for another one, and when Gareth relicensed it they added back the new version of Gareth's qsort, so it will be present in the next releases: https://hg.libsdl.org/SDL/log/9cec5fe32bca/src/stdlib/SDL_qsort.c I tried to backport the fix but there are some technical problems to get this to work, it doesn't seem to compile right away, not even after several hacks. I'd rather wait for the next upstream release to happen rather than to keep spending time on this, now that things are clarified and that it seems largely a theoretical threat. Hopefully the next upstream release will arrive soon, but maybe the autoremoval process from testing will kick-in in between, and also I am not sure if it's a good idea to reduce the severity of this bug. This code has been there since forever with the same license for many many Debian releases, and as explained it doesn't seem to be a legal threat, but still. Cheers. -- Manuel A. Fernandez Montecelo <[email protected]>
