Hello Alexandru, Alexandru Mihail <alexandru_mih...@protonmail.ch> writes:
> Hello Nicholas, > debian-legal replied, I could only find occurences of Rob McCool's NCSA > derived code in htpasswd.c as well. The NCSA license states we might(not > must) include a copy of their short legal excerpt on derivative works (and > mini-httpd is one) > Maybe we should include a mention of said excerpt in debian/copyright under > htpasswd: and include the excerpt somewhere ? > Anyway, it seems to me we're in the clear when it comes to DFSG. Sort of in the clear; however, from what I've read there isn't just one "The NCSA license"; there seem to be three. Rob McCool is still a copyright holder, and needs to be documented in debian/copyright. Because of the ambiguity as to which license (and license version) applies, and because Debian's copy of mini-httpd is now the defacto upstream, I insist that the applicable license is also documented. Also, the way I see it, if you've done the work, you might as well document your findings as well as the fact that you did the work. This type of work, while not immediately evident, is nonetheless copyrightable, so--if you want to--you will be able to add you own claim to the debian/* section of copyright. > Attaching debian-legal reply: > > On 2023-07-02 16:43, Alexandru Mihail wrote: >> mini-httpd contains early portions of code commited by Rob >> McCool which seem to originate from NCSA httpd. > > Just htpasswd.c (which is what I get when searching for Rob McCool), or > something else? > >> How do we proceed to clarify this situation? > > Figure out (from the history of the code, etc.) if that license applies. > > Looking into this a bit, I found this repository (which I am _assuming_, > but have not verified, is a faithful import of NCSA httpd): > https://github.com/TooDumbForAName/ncsa-httpd/ > > I definitely see some code from mini-httpd's htpasswd.c in > cgi-src/util.c in the HEAD of that repository above. > > Looking at git blame on that, it came from auth/htpasswd.c in httpd 1.1: > https://github.com/TooDumbForAName/ncsa-httpd/commit/9572b626b7f10ab57e4715b3f3ff41b3f0696684#diff-7c5a48b0225b3fd1048000f4dfe2c4d9f56faa29f74876ff724384244d6d099d > > So that seems to be the original source of the code in question. > > In that same version, the top-level README says: > > ---- > This code is in the public domain. Specifically, we give to the public > domain all rights for future licensing of the source code, all resale > rights, and all publishing rights. > > We ask, but do not require, that the following message be included in > all derived works: > > Portions developed at the National Center for Supercomputing > Applications at the University of Illinois at Urbana-Champaign. > > THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED, > FOR THE SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT > LIMITATION, WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A > PARTICULAR PURPOSE. > ---- Do you think that httpd 1.1, httpd 1.15, or some other version is the most likely source? If they're identical from the perspective of mini-httpd, then I think you can make an argument for either, even though it's probable that mini-httpd inherited whatever license was active at the NCSA at the time of mini-httpd's creation. Note that public domain doesn't exist in some countries. In this case ("public domain"), the mini-httpd author would need to have written mini-httpd (distribution might count too, but I'm not sure) in a country that recognises public domain; then, the relevant public domain bits would become implicitly relicensed under the primary license for mini-httpd. If this is the case, then a note should also be added to McCool's debian/copyright section. Cheers, Nicholas
signature.asc
Description: PGP signature
