Tzafrir Cohen wrote: > format_mp3: > """""""""" > License is GPL according to format_mp3.c and to > MPGLIB_README . The mp3 code is based on libmpg from > http://www.mpg123.org/ . > > However the front-page of that site claims: > > News > 12. Jan. 2005 > > Yes! The project is not maintained at the moment and there are > some serious security problems in the latest player > versions. It > is highly recommended to not use the source code you > can download > from this site. Check Debian Advisory[1] or Gentoo > Advisory[2] for more > information. Thanx. > > Old News > 2004 > > FAQ: The license of the mpg123 player is GPL and the > license > of the mpglib/ inside the mpg123 package is LGPL. > > [1] > http://packages.debian.org/changelogs/pool/non-free/m/mpg123/mpg123_0.59r-18/changelog > [2] http://www.gentoo.org/security/en/glsa/glsa-200501-14.xml > > The Debian package mpg123 is still in non-free. I figure it had enough > attention with that advisory, and if the license change were relevant it > would have been moved to main.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292260 , which requests that mpg123 be moved to main on the basis of this statement. The maintainer responded to that bug on January 26, 2005, stating that they "felt that a statement on a website was not sufficient to supercede the license distributed with the code itself.". (They were open to being convinced otherwise.) - Josh Triplett
signature.asc
Description: OpenPGP digital signature
