Hi Karen, At the Cambridge BSP (Jan 27/28 2017) we have been looking at the following bugs pertaining to non-DFSG compliance with fonts embedded with non-free code: * http://bugs.debian.org/665334 opened 23 Mar 2012, last update 01 Aug 2016 modulo spam * http://bugs.debian.org/694320 opened 25 Nov 2012, last update 30 Aug 2014 blocked by #665334 * http://bugs.debian.org/694323 opened 25 Nov 2012, last update 30 Aug 2014 blocked by #665334
Synopsis: Type 1 fonts that are made using the package FontForge include font hinting code which is marked "copyright Adobe all rights reserved". This issue logically extends to every package that contains fonts that have been made using FontForge. Current State Reading #665334 it appears that FontForge historically contained fragments of code with Adobe asserted rights. We believe that this is now resolved with "autohint code is now all open source". The github repo is top licensed Apache 2.0 [1] It is our belief that this is sufficient; that the package FontForge, and type 1 fonts generated by this package are now DFSG compliant because Apache 2.0 is GPL2+ compatible. * Is our understanding of the above correct? i.e. Does the github repository top-licensing (to Apache) of the Adobe 'hinting' properly apply? * Are the font hinting fragments, that are Adobe copyright, embedded into fonts produced in FontForge, the same code as in the above repository (we *think* that this is the case)? * Thus, are these fonts (generated by the above) now covered by Apache 2.0? * And, consequently: are the fonts in the Debian archive, produced by FontForge, now to be considered under Apache 2.0; and is this sufficient to cover the embedded fragments under Apache 2.0? Assuming the above is all correct then, in order to resolve this issue, we believe that all packages that contain fonts that are generated using FontForge should contain an appropriate licence text for the font. A Mass bug filing could then be made against these packages requesting the appropriate update to the licence file. However we see this a potential minefield, and therefore seek clarification and advice before we continue. /Andy PP Debian BSP Cambridge Jan 2017 [2] [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665334#168 [2] https://wiki.debian.org/BSP/2017/01/gb/Cambridge
signature.asc
Description: OpenPGP digital signature
