From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52135) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fF3sb-0007kd-EZ for guix-patches@gnu.org; Sat, 05 May 2018 16:34:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fF3sY-0006Et-4h for guix-patches@gnu.org; Sat, 05 May 2018 16:34:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:42968) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fF3sY-0006Eg-0c for guix-patches@gnu.org; Sat, 05 May 2018 16:34:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fF3sX-0002XM-LY for guix-patches@gnu.org; Sat, 05 May 2018 16:34:01 -0400 Subject: [bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum Resent-Message-ID: From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87wowrj9kq.fsf@gmail.com> Date: Sat, 05 May 2018 22:33:45 +0200 In-Reply-To: <87wowrj9kq.fsf@gmail.com> (Chris Marusich's message of "Sat, 28 Apr 2018 14:38:13 -0700") Message-ID: <877eohrgeu.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Chris Marusich Cc: 31307@debbugs.gnu.org Hello Chris, Chris Marusich skribis: > Should we refrain from adding this package simply because the author is > not maintaining it any more? I'm inclined to say "no", but one also has > to consider whether it is a a good idea to encourage people to use an > unmaintained tool for protecting their privacy/anonymity. I'm not sure. It=E2=80=99s risky, indeed. As time passes it=E2=80=99s likely to have mor= e and more known-but-unfixed security issues, which isn=E2=80=99t great. Leo, thought= s on this situation? > In addition, I notice that the license is GPL 2, but it seems the author > did not specify whether "any later version" can be used. Therefore, I > have listed this as gpl2, instead of gpl2+. Note that unless authors explicitly removed the =E2=80=9Cor any later versi= on=E2=80=9D phrase from license headers in source files, we write =E2=80=98gpl2+=E2=80= =99; specifically, Section 9 of GPLv2 reads: If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. Thanks, Ludo=E2=80=99.