Open dvzrv opened 2 years ago
@Gargy007 do you have an update on this issue? The way the files are provided in this repository is very problematic for downstream packaging.
Hello, I have to disappoint you - No , I don't have those source files. The author of the source files is directly PEMicro company and they just provides me the precompiled libraries.
If you want try to ask them on they support - they know this PyPEMicro package - maybe they changed mind since last time.
Petr
I have to disappoint you - No , I don't have those source files. The author of the source files is directly PEMicro company and they just provides me the precompiled libraries.
If you want try to ask them on they support - they know this PyPEMicro package - maybe they changed mind since last time.
Are you certain it is even legal to redistribute those files under the BSD-3-clause given the circumstances?
Hi good question, I have a statement from PEMicro to redistribute them (the libraries), but if this is OK under BSD3 - I have to check that. Thanks for good point
út 25. 1. 2022 v 14:55 odesílatel David Runge @.***> napsal:
I have to disappoint you - No , I don't have those source files. The author of the source files is directly PEMicro company and they just provides me the precompiled libraries.
If you want try to ask them on they support - they know this PyPEMicro package - maybe they changed mind since last time.
Are you certain it is even legal to redistribute those files under the BSD-3-clause given the circumstances?
— Reply to this email directly, view it on GitHub https://github.com/NXPmicro/pypemicro/issues/10#issuecomment-1021205771, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABS2LTBLNJOPA3RVZRVMSCTUX2TTPANCNFSM5MNX5GLQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
I have a statement from PEMicro to redistribute them (the libraries), but if this is OK under BSD3 - I have to check that.
Please also do note, that even if you are allowed to redistribute these binaries, does this mean anyone else (e.g. a Linux distribution) is allowed to do so as well?
As it stands currently, there is unfortunately no way of knowing whether these shared libraries are malicious, what their origin are, how they were built and whether (if they are non-malicious) can even be re-distributed by someone else but you.
Please don't get this the wrong way, but all anyone has is your word that these are non-harmful shared libraries by a company called PEMicro. This is unfortunately not enough to go on for these files to be considered trustworthy and I will not package them until this issue is resolved and ideally the source code for these files can be obtained as well.
Hi! I would like to package this project for Arch Linux (as this is a dependency for spsdk).
Unfortunately this repository carries prebuilt binaries, which I would rather build from source instead, given that the sources of this repository fall under the terms of the BSD 3-clause.
However, there seems to be no source code available for these files. Where do they originate from? How have they been built? The Linux libraries lack full RELRO. Are the binaries and their sources also covered by the BSD 3-clause license, as the initial commit implies?