Wait a minute... You are a maintainer for cyrus-sasl.
You have already addressed the BSD-4-clause-KTH in the latest upload.You also fixed debian/copyright to reference BSD-3-Clause-Attribution in the latest upload. That license is fine for the reasons I mentioned.
That just leaves the MD5 stuff, right? You have authored a fix for that, which it looks like will be merged shortly:
https://github.com/cyrusimap/cyrus-sasl/pull/767It seems like you can have this fixed any time (by merging in upstream #767) and will have it fixed shortly.
So why do I need to do anything? -- Richard
OpenPGP_signature
Description: OpenPGP digital signature
