-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible LGPL Violation by Idemia #2462
Comments
@eID-LV ? |
The source code needs to be available along with the binaries - whether or not someone is the "maintainer" of the software doesn't matter. If the source code isn't available with the software, then the violation is done by the distributor. The package doesn't hide its origin (in contrast to #1992), so let's hope they react on the requests and just publish the code. |
@martinpaljak , do you want to take the lead for getting the communication started? |
I imagine they just forgot to publish the new version of the code given that they published the previous version. Relevant points of contact, https://www.eparaksts.lv/en/about_us/Kontakti I've contacted all of them. Only eparaksts replied, but said they didn't have the source code. Maybe you will get better luck if you have some official opensc.org email or something. They are releasing new versions of the package, so someone has the source code. |
@kaaposc Do you happen to know how to get the source code for your the Latvian eID middleware? I see you maintain https://github.com/kaaposc/latvia-eid-middleware/ |
Sorry, don't know about the source code. My maintained package uses the deb package from eparaksts.lv repository, it just extracts and copies already built binaries. ETA: sorry used wrong github account to reply, I'm @kaaposc 🤦♂️ |
https://www.eparaksts.lv/files/ep3updates/debian/dists/focal/InRelease
https://www.eparaksts.lv/files/ep3updates/debian/public.key info@euso.lv might be the distributor |
This is source of the packages |
I contacted all the organizations referenced above, we'll see... |
The current source code of the software has now been released here: This includes the changes made to their variant of OpenSC (seemingly based on version 0.19.0). All their code seems to be licensed with LGPL v2.1, so this should allow others to port their driver to a recent version of OpenSC... I think this fulfills the license restrictions. |
For the Latvian eID card, Latvia has a deb package you install. The log lines below were produced with the previous version latvia-eid-middleware_2.0.6-1_amd64.deb.gz. Link to most recent version is maintained at the Arch AUR
This package is maintained by Idemia,
If you install DigiDoc with the Latvian middleware, then when executing the software with the environment variable set
LATVIAEID_DEBUG=9
, I got thebelow logs,
The logged lines do not exist in their released source code. I cannot find other source code anywhere. eParaksts responded that they don't maintain the middleware, therefore do not have access to the source code.
Perhaps this is already known, but as Idemia has a business in national ID cards, they may have violated LGPL for other cards. For example, French eID
The text was updated successfully, but these errors were encountered: