Source code for shared libraries? #10
Comments
|
@Gargy007 do you have an update on this issue? The way the files are provided in this repository is very problematic for downstream packaging. |
|
Hello, If you want try to ask them on they support - they know this PyPEMicro package - maybe they changed mind since last time. Petr |
Are you certain it is even legal to redistribute those files under the BSD-3-clause given the circumstances? |
|
Hi good question,
I have a statement from PEMicro to redistribute them (the libraries), but
if this is OK under BSD3 - I have to check that.
Thanks for good point
út 25. 1. 2022 v 14:55 odesílatel David Runge ***@***.***>
napsal:
… I have to disappoint you - No , I don't have those source files. The
author of the source files is directly PEMicro company and they just
provides me the precompiled libraries.
If you want try to ask them on they support - they know this PyPEMicro
package - maybe they changed mind since last time.
Are you certain it is even legal to redistribute those files under the
BSD-3-clause given the circumstances?
—
Reply to this email directly, view it on GitHub
<#10 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABS2LTBLNJOPA3RVZRVMSCTUX2TTPANCNFSM5MNX5GLQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Please also do note, that even if you are allowed to redistribute these binaries, does this mean anyone else (e.g. a Linux distribution) is allowed to do so as well? As it stands currently, there is unfortunately no way of knowing whether these shared libraries are malicious, what their origin are, how they were built and whether (if they are non-malicious) can even be re-distributed by someone else but you. Please don't get this the wrong way, but all anyone has is your word that these are non-harmful shared libraries by a company called PEMicro. This is unfortunately not enough to go on for these files to be considered trustworthy and I will not package them until this issue is resolved and ideally the source code for these files can be obtained as well. |
Remove version pinning: nxp-mcuxpresso/spsdk#35 Remove use of pypemicro: nxp-mcuxpresso/pypemicro#10 nxp-mcuxpresso/spsdk#30 Remove use of pyocd-pemicro: pyocd/pyOCD#1319 Remove use of libusbsio: nxp-mcuxpresso/spsdk#36 git-svn-id: file:///srv/repos/svn-community/svn@1133098 9fca08f4-af9d-4005-b8df-a31f2cc04f65
Remove version pinning: nxp-mcuxpresso/spsdk#35 Remove use of pypemicro: nxp-mcuxpresso/pypemicro#10 nxp-mcuxpresso/spsdk#30 Remove use of pyocd-pemicro: pyocd/pyOCD#1319 Remove use of libusbsio: nxp-mcuxpresso/spsdk#36 git-svn-id: file:///srv/repos/svn-community/svn@1133098 9fca08f4-af9d-4005-b8df-a31f2cc04f65
Hi! I would like to package this project for Arch Linux (as this is a dependency for spsdk).
Unfortunately this repository carries prebuilt binaries, which I would rather build from source instead, given that the sources of this repository fall under the terms of the BSD 3-clause.
However, there seems to be no source code available for these files. Where do they originate from? How have they been built? The Linux libraries lack full RELRO.
Are the binaries and their sources also covered by the BSD 3-clause license, as the initial commit implies?
The text was updated successfully, but these errors were encountered: