[Moving forward] copyrighted embedded ICC profiles in images
Hi, Le 10/05/2014 09:23, Jonas Smedegaard a écrit : I believe it violates DFSG to ship e.g. JFIF or GIF files which contains copyright-protected but not freely licensed ICC profiles. Thanks for raising the issue. Since I (co)maintain a few web related packages, I started submitting issues upstream and got mostly positive feedback. Some already fixed the issue [ACK], one has not included the fix yet [WIP], and one refuses to do so [NO] while others have not yet replied [WAIT]. The packages I’ve uploaded since the issue has been raised have been fixed in the archive regardless of upstream feedback. If the check were to end up in Lintian, it will probably increase significantly its dependency chain and its run time, so I’m not sure it will be included soon. Would it be welcome to investigate the issue on the whole archive (I’ll follow up on debian-qa to have input on the tools at our disposal to do so)? If so, I may initiate a MBF about it (and will follow up with a dd-list before doing so). I’m afraid there will be many affected packages, and it might be a challenge to get the archive in shape for Jessie, should these bugs be filled as jessie-ignore (I’ll also follow up on -relase for more guidance if the release team doesn’t reply until then)? In case we need to repack an upstream tarball with an ICC-free alternative of some files, it would be nice to be able to do it as easily as we can strip files with the Files-Excluded feature of uscan/mk-origtargz. I already opened #748474 about it, but feedback would be welcome (or other proposals, or patches). ACK:http://forums.informaction.com/viewtopic.php?f=10t=19657 fixed since 2.6.8.24rc4 http://anonscm.debian.org/viewvc/webwml/webwml/english/CD/artwork/ulrich-hansen.de-squeeze-cd.png?revision=1.2view=markup http://anonscm.debian.org/viewvc/webwml/webwml/english/CD/artwork/ulrich-hansen.de-squeeze-dvd.png?revision=1.2view=markup https://github.com/firebug/firebug/pull/140 http://zone.spip.org/trac/spip-zone/changeset/82425/ http://archives.rezo.net/archives/spip-zone.mbox/VW3XEQOUIXZGO7OO2FD6A2QAUBVFBHQU/ https://tracker.phpbb.com/browse/PHPBB3-12582 https://github.com/phpbb/phpbb/pull/2482 algobox fixed too (private exchange with upstream) WIP:https://github.com/danwent/Perspectives/pull/120 NO: https://github.com/owncloud/documentation/pull/345 https://github.com/owncloud/core/issues/8627 https://github.com/owncloud/example-files/pull/1 WAIT: https://github.com/dompdf/dompdf/pull/827 https://github.com/tapmodo/Jcrop/pull/149 https://github.com/jtackaberry/nosquint/pull/142 https://github.com/RequestPolicy/requestpolicy/pull/431 [ I may have forgotten a pair of issues fixed upstream since I didn’t actually kept track before today. ] Regards David signature.asc Description: OpenPGP digital signature
Re: copyrighted embedded ICC profiles in images
On Mon, 12 May 2014, James Cloos wrote: Note that you cannot just strip colour profiles from image containers. Doing so changes the output. You'd have to replace the profile with a Free equivilent. Or, if no free equivilent is available, edit the image to match a Free profile. Can you publish a “foolproof” guide how to ⓐ find out whether this needs to be done, and for which image types (JPG? PNG? others?), and ⓑ do so, at least scripted? Even when I’m upstream, I prefer my PNG files (output from SVG or something else, or hand-drawn) to be just bitmaps with colours, without any other magic involved (like Gamma or “profiles”). Also, where is a Free profile? ISTR that PDF/{A,X} creation requires a profile too; I’ve used one that came as example somewhere currently. Thanks, //mirabilos -- [16:04:33] bkix: veni vidi violini [16:04:45] bkix: ich kam, sah und vergeigte... -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.10.1405131132320.23...@tglase.lan.tarent.de
Re: copyrighted embedded ICC profiles in images
Hi, Le 13/05/2014 05:34, Thorsten Glaser a écrit : On Mon, 12 May 2014, James Cloos wrote: Note that you cannot just strip colour profiles from image containers. Doing so changes the output. You'd have to replace the profile with a Free equivilent. Or, if no free equivilent is available, edit the image to match a Free profile. Can you publish a “foolproof” guide how to ⓐ find out whether this needs to be done, and for which image types (JPG? PNG? others?), and I believe TIFF files may also be affected. Please note that the one liner provided in the beginning of this thread may be a good basis for the tool you’re looking for. ⓑ do so, at least scripted? The exiftool binary from the libimage-exiftool-perl package can remove or replace a profile (there are probably alternatives in the archive). Also, where is a Free profile? ISTR that PDF/{A,X} creation requires a profile too; I’ve used one that came as example somewhere currently. The icc-profiles-free package is in main. Regards David signature.asc Description: OpenPGP digital signature
Re: copyrighted embedded ICC profiles in images
Quoting David Prévot (2014-05-13 12:00:40) Le 13/05/2014 05:34, Thorsten Glaser a écrit : Also, where is a Free profile? ISTR that PDF/{A,X} creation requires a profile too; I’ve used one that came as example somewhere currently. The icc-profiles-free package is in main. ghostscript also includes DFSG-free ICC profiles. Annoyingly located in a directory tied to the version of Ghostscript. Next packaging release will have them provided below /usr/share/color/icc like the icc-profiles* packages. - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: copyrighted embedded ICC profiles in images
JS == Jonas Smedegaard d...@jones.dk writes: JS I believe it does not violate DFSG to ship e.g. JFIF or GIF files JS which was upstream distributed with copyright-protected but not JS freely licensed ICC profiles, if repackaged to strip those ICC JS profiles. Note that you cannot just strip colour profiles from image containers. Doing so changes the output. You'd have to replace the profile with a Free equivilent. Or, if no free equivilent is available, edit the image to match a Free profile. Such changes should be documented in the package's README.Debian, and probably in the image's metadata. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 0x997A9F17ED7DAEA6 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/m3ha4v3sld@carbon.jhcloos.org
Re: copyrighted embedded ICC profiles in images
Le 12 mai 2014 17:51, James Cloos cl...@jhcloos.com a écrit : JS == Jonas Smedegaard d...@jones.dk writes: JS I believe it does not violate DFSG to ship e.g. JFIF or GIF files JS which was upstream distributed with copyright-protected but not JS freely licensed ICC profiles, if repackaged to strip those ICC JS profiles. Note that you cannot just strip colour profiles from image containers. Doing so changes the output. You'd have to replace the profile with a Free equivilent. Or, if no free equivilent is available, edit the image to match a Free profile. ImageMagick could make the conversion easily to sRGB. Bastien Such changes should be documented in the package's README.Debian, and probably in the image's metadata. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 0x997A9F17ED7DAEA6 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/m3ha4v3sld@carbon.jhcloos.org
Re: copyrighted embedded ICC profiles in images
At Sun, 11 May 2014 19:04:07 -0400, David Prévot wrote: Q. Are profiles copyrighted? A. ICC has no formal position on the use of profiles. It is really up to the software vendor. However, since the software vendor effectively holds copyright on the profile (which is specified in a tag) the licence to use their software permits them to prohibit public posting of profiles. One of their motivations could be that if such profiles could be freely exchanged it would limit the number of sales of their software. Also, from a technical perspective it is dangerous to publish such profiles for many devices. A profile for a printer, for example, is only valid for the substrate and inks for which it was made and it is for this reason that few device manufacturers publish profiles for their devices. Any ICC profile is produced using proprietary software. All ICC define is the nature of the tags, which tags are mandatory and which are optional, and how the data should be defined in them. The contents of the tables are vendor specific and each uses different algorithms. It is this that gives the vendor something which they can copyright. That isn't really a clear and useful answer, but what I read is that: - Algorithms to generate ICC profiles can be copyrighted. (More precise would be to a specific implementation of such algorithm can be copyrighted) - Proprietary software vendors could prohibit public posting of included profiles in their software license. But if profiles are copyrightable they would not have to explicitely prohibit such action. According to wikipedia (http://en.wikipedia.org/wiki/ICC_profile) an ICC profile is set of data that characterizes a color input or output device, or a color space. It looks like an ICC profile contains just facts and mere facts aren't copyrightable. Kind regards, Jeroen Dekkers -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87lhu6ao0k.wl%jer...@dekkers.ch
Re: copyrighted embedded ICC profiles in images
Quoting James Cloos (2014-05-12 17:48:53) JS == Jonas Smedegaard d...@jones.dk writes: JS I believe it does not violate DFSG to ship e.g. JFIF or GIF files JS which was upstream distributed with copyright-protected but not JS freely licensed ICC profiles, if repackaged to strip those ICC JS profiles. Note that you cannot just strip colour profiles from image containers. Doing so changes the output. I believe this is the part you really wanted to quote: In many (but not all - need active decision by package maintainer) cases, ICC profiles can simply be stripped with no practical loss of functionality or quality. You are right that you cannot just strip ICC profiles. You'd have to replace the profile with a Free equivilent. Or, if no free equivilent is available, edit the image to match a Free profile. For most images targeted web browsers you can be more lax. - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: copyrighted embedded ICC profiles in images
On Sat, May 10, 2014 at 11:10 AM, Jérémy Lal kapo...@melix.org wrote: Hi, Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. Note that lintian detect these naked (not embeded) profile by default. Since it's something that not many people seems to be aware of, maybe it might be useful to have a lintian check for that. That command [1] shows positives on my /usr/share/ Most of them are HP or Apple embedded profiles. Regards, Jérémy [0] http://www.color.org/profile_embedding.xalter [1] find . -regextype posix-extended -iregex '.*\.(jpg|png)' -exec sh -c 'identify -verbose $0 | grep -i copyright echo $0' {} \; (this shows also false positives with an empty Copyright field). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1399713019.31695.3.camel@imac.chaumes -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAE2SPAaEj=t3orseprugagbv+vybwxkimnzgxvb5d_ecy44...@mail.gmail.com
Re: copyrighted embedded ICC profiles in images
On Sun, May 11, 2014 at 5:58 PM, Bastien ROUCARIES roucaries.bast...@gmail.com wrote: On Sat, May 10, 2014 at 11:10 AM, Jérémy Lal kapo...@melix.org wrote: Hi, Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. Note that lintian detect these naked (not embeded) profile by default. Since it's something that not many people seems to be aware of, maybe it might be useful to have a lintian check for that. That command [1] shows positives on my /usr/share/ Most of them are HP or Apple embedded profiles. Note that pdf are also affected ... Regards, Jérémy [0] http://www.color.org/profile_embedding.xalter [1] find . -regextype posix-extended -iregex '.*\.(jpg|png)' -exec sh -c 'identify -verbose $0 | grep -i copyright echo $0' {} \; (this shows also false positives with an empty Copyright field). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1399713019.31695.3.camel@imac.chaumes -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAE2SPAauMTKKjMmm=wu2hhj22yrdzgx6174fcngtfoymcjc...@mail.gmail.com
Re: copyrighted embedded ICC profiles in images
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Le samedi 10 mai 2014 à 13:37 +0100, Ben Hutchings a écrit : This sounds like a ludicrous overreach of copyright. Isn't an ICC descriptive, rather than creative? According to the International Color Consortium, profiles provide content that “vendor […] can copyright.” [0] 0: http://www.color.org/faqs.xalter#p14 Regards David P.-S.: Full quote of the FAQ item for d-d readers benefits follows. Q. Are profiles copyrighted? A. ICC has no formal position on the use of profiles. It is really up to the software vendor. However, since the software vendor effectively holds copyright on the profile (which is specified in a tag) the licence to use their software permits them to prohibit public posting of profiles. One of their motivations could be that if such profiles could be freely exchanged it would limit the number of sales of their software. Also, from a technical perspective it is dangerous to publish such profiles for many devices. A profile for a printer, for example, is only valid for the substrate and inks for which it was made and it is for this reason that few device manufacturers publish profiles for their devices. Any ICC profile is produced using proprietary software. All ICC define is the nature of the tags, which tags are mandatory and which are optional, and how the data should be defined in them. The contents of the tables are vendor specific and each uses different algorithms. It is this that gives the vendor something which they can copyright. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJTcAHmAAoJEAWMHPlE9r08FaMIAJT9hrc2hcNPqeKAypkBzF1m yRQNrt1WhI+JMH5Fb+vTIJiT5gXtBVuHX3g33fsP3P60wIEjH+VX8hZ2nm0nUa+V /Kjb1YqNTKbIXF8pOS3L719dX9PmylESmokGzCRnLc7OLEopHrFV5Mfu4CRyFy8M s5BhECwnhELih8i0vPKYhiCSFe/HW9WATTXGe+v8BVfuZy2dkA7HVVoJfv/Vf1s5 OoOBZP8q371in9ttsNg0QSbcqkmSXRk9O1L8e/NYm0N83IDENOOL0Q92kl4KPUUb tBvaAyj8hkIeXzHo8G0Oldlw04M24TVYzyaQgy+A4MONE6x6Px4Lww2KC3sTb1c= =ok8T -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/537001e7.8080...@debian.org
copyrighted embedded ICC profiles in images
Hi, Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. Since it's something that not many people seems to be aware of, maybe it might be useful to have a lintian check for that. That command [1] shows positives on my /usr/share/ Most of them are HP or Apple embedded profiles. Regards, Jérémy [0] http://www.color.org/profile_embedding.xalter [1] find . -regextype posix-extended -iregex '.*\.(jpg|png)' -exec sh -c 'identify -verbose $0 | grep -i copyright echo $0' {} \; (this shows also false positives with an empty Copyright field). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1399713019.31695.3.camel@imac.chaumes
Re: copyrighted embedded ICC profiles in images
On Sat, 2014-05-10 at 11:10 +0200, Jérémy Lal wrote: Hi, Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. [...] This sounds like a ludicrous overreach of copyright. Isn't an ICC descriptive, rather than creative? And the idea that vendors could claim images made with their products (very likely with no explicit action to use the profile) to be derivative works is appalling. Ben. -- Ben Hutchings Horngren's Observation: Among economists, the real world is often a special case. signature.asc Description: This is a digitally signed message part
Re: copyrighted embedded ICC profiles in images
Le samedi 10 mai 2014 à 13:37 +0100, Ben Hutchings a écrit : On Sat, 2014-05-10 at 11:10 +0200, Jérémy Lal wrote: Hi, Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. [...] This sounds like a ludicrous overreach of copyright. Isn't an ICC descriptive, rather than creative? And the idea that vendors could claim images made with their products (very likely with no explicit action to use the profile) to be derivative works is appalling. On [2] one can find some examples of licenses one embedded icc profile can be put under: To anyone who acknowledges that the files sRGB_IEC61966-2-1_no_black_scaling.icc and sRGB_IEC61966-2-1_black scaled.icc are provided AS IS WITH NO EXPRESS OR IMPLIED WARRANTY, permission to use, copy and distribute these file for any purpose is hereby granted without fee, provided that the files are not changed including the ICC copyright notice tag, and that the name of ICC shall not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. ICC makes no representations about the suitability of this software for any purpose. So, even if the license was distributed along with the image using it, this license clearly violates DFSG 3 (here, no modifications of embedded icc profile are allowed). Jérémy. [2] http://www.color.org/srgbprofiles.xalter -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1399726509.31695.17.camel@imac.chaumes
Re: copyrighted embedded ICC profiles in images
Quoting Ben Hutchings (2014-05-10 14:37:35) On Sat, 2014-05-10 at 11:10 +0200, Jérémy Lal wrote: Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. [...] This sounds like a ludicrous overreach of copyright. Isn't an ICC descriptive, rather than creative? And the idea that vendors could claim images made with their products (very likely with no explicit action to use the profile) to be derivative works is appalling. I see it as two works embedded into same container: If a camera embeds a copyright-protected ICC profile each time is generates a JFIF file, I would consider only the ICC profile protected by that copyright, not the image data also embedded into same file. I believe Debian cannot ship the contents of Debian package icc-profiles in main. I believe it violates DFSG to ship e.g. JFIF or GIF files which contains copyright-protected but not freely licensed ICC profiles. I believe it does not violate DFSG to ship e.g. JFIF or GIF files which was upstream distributed with copyright-protected but not freely licensed ICC profiles, if repackaged to strip those ICC profiles. In many (but not all - need active decision by package maintainer) cases, ICC profiles can simply be stripped with no practical loss of functionality or quality. - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: copyrighted embedded ICC profiles in images
On Sat, May 10, 2014 at 02:55:09PM +0200, Jérémy Lal wrote: Le samedi 10 mai 2014 à 13:37 +0100, Ben Hutchings a écrit : On Sat, 2014-05-10 at 11:10 +0200, Jérémy Lal wrote: Hi, Jonas Smedegaard brought to my attention that an image file [0] can embed a copyrighted ICC profile without license. [...] This sounds like a ludicrous overreach of copyright. Isn't an ICC descriptive, rather than creative? And the idea that vendors could claim images made with their products (very likely with no explicit action to use the profile) to be derivative works is appalling. On [2] one can find some examples of licenses one embedded icc profile can be put under: To anyone who acknowledges that the files sRGB_IEC61966-2-1_no_black_scaling.icc and sRGB_IEC61966-2-1_black scaled.icc are provided AS IS WITH NO EXPRESS OR IMPLIED WARRANTY, permission to use, copy and distribute these file for any purpose is hereby granted without fee, provided that the files are not changed including the ICC copyright notice tag, and that the name of ICC shall not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. ICC makes no representations about the suitability of this software for any purpose. So, even if the license was distributed along with the image using it, this license clearly violates DFSG 3 (here, no modifications of embedded icc profile are allowed). The license only matters if the work in question is copyrightable in the first place. If it's not copyrightable, then you don't need a license and should ignore any license being offered to you. The fact that someone is trying to *claim* copyright and offer you a license you don't need is not what's relevant. I haven't looked at what these ICC profiles are and whether we should consider them creative or not, but that's the question Ben is asking here. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature