Here it says the following:

"While the Tarsnap code itself has not been released under an open source license, some of the "reusable components" have been published separately under a BSD license..."

This is the license they use. Doesn't permit modification.

We need to make sure their custom license isn't in violation of GPL compliance before this can be included.

Well it doesn't allow modification.

These are the freedoms necessary for Free Software:

• The freedom to run the program as you wish, for any purpose (freedom 0).
• The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Therefore, this is a proprietary license.

That has nothing to do with whether or not the license is GPL compatible.

I checked the tarball of tarsnap. It bundled the following source packages:

• bsdtar: BSD license
• libarchive: BSD license
• libcperciva: BSD license
• scryptenc: BSD license
• bash completion scripts: permissive custom license

I checked tarsnap's Makefile as well as the ldd result of the compiled binary. It dynamically links to:

• linux-vdso.so.1
• liblzma.so.5 : public domain (https://github.com/kobolabs/liblzma/blob/master/COPYING)
• libcrypto.so.1.0.0 : OpenSSL license (https://www.openssl.org/source/license.html).
• libz.so.1 : zlib license (https://zlib.net/zlib_license.html)
• librt.so.1 : part of glibc, LGPL
• libc.so.6 : LGPL
• libpthread.so.0 : LGPL
• libdl.so.2
• /usr/lib64/ld-linux-x86-64.so.2

There is no GPL code used, as far as I can see. Please let me know if there is any other possible compliance issues to look for.

Are the licensing issues with this resolved? I have this packaged and ready to submit if they have. I had a quick conversation with cperciva on IRC earlier and he had this to say.

[14:25] <UMonad> I'm trying to get tarsnap packaged for Solus and was wondering what SPDX license I should use (also am I allowed to package tarsnap?)
[14:26] <UMonad> More accurately: what SPDX licence identifier I should use
[14:38] <UMonad> The reason being that Solus requires an SPDX licence identifier in order to package code.
[14:39] <@cperciva> UMonad: yes, you can package tarsnap
[14:39] <@cperciva> UMonad: let me look up SPDX...
[14:39] <UMonad> This is the link I'm looking at: https://spdx.org/licenses/
[14:42] <@cperciva> UMonad: hmm, that seems to be a list of open source licenses but doesn't include any "not open source software" category
[14:45] <@cperciva> UMonad: the package.yml(5) man page says "this should in most cases be a recognzied SPDX license name", so maybe tarsnap just isn't one of those cases?
[14:48] <UMonad> @cperciva: hmm. I see other proprietary programs (discord specifically) are using "Distributable". would this be ok?
[14:52] <@cperciva> UMonad: sounds right to me :-)

I created an initial package here: D3477