Re: [arch-dev-public] licensing issues with DB 6.0
I suggest the quick solution to drop the db v6 rebuild and stay with old db 5.3.21 to be on the safe side. We should check all packages on the rebuild list if they can be build without linking to Berkeley db at all (new Todo list). Maybe that way we can move db in a first step to extra and drop it later completely. -Andy signature.asc Description: PGP signature
Re: [arch-dev-public] licensing issues with DB 6.0
Am 09.08.2013 19:54, schrieb Andreas Radke: > After some reading the AGPLv3 license is not different from GPLv3 > with one addition. Since many services now run in the cloud in AGPLv3 > this is also covered as "distribution" of the code and must be done > under the same rights that GPLv3 would require when shipping software > as binary builds via some storage media. > > We do not change anything to the "db v6" code base. A quick overview > over the rebuilt packages I can't see a pkg that is published under a > non-free license. > > If we would be allowed to link to DBv6 if it would be under GPLv3 then > we are also allowed to link to it under AGPLv3. > > I see no serious reason to not accept that license change. If I got it right, the problem is that it's not possible to link to AGPL code within a program which has an incompatible license. So the linking exception does not apply here (as it does for e.g. LGPL). So only packages that are either AGPL3 themselves or GL3 can use DB6. Even GPL2 would not be possible; which is why Debian would need to relicense their apt package in order to use DB 6. Greetings, Pierre -- Pierre Schmitz, https://pierre-schmitz.com
Re: [arch-dev-public] licensing issues with DB 6.0
After some reading the AGPLv3 license is not different from GPLv3 with one addition. Since many services now run in the cloud in AGPLv3 this is also covered as "distribution" of the code and must be done under the same rights that GPLv3 would require when shipping software as binary builds via some storage media. We do not change anything to the "db v6" code base. A quick overview over the rebuilt packages I can't see a pkg that is published under a non-free license. If we would be allowed to link to DBv6 if it would be under GPLv3 then we are also allowed to link to it under AGPLv3. I see no serious reason to not accept that license change. http://en.wikipedia.org/wiki/Affero_General_Public_License#Compatibility_with_the_GPL http://lwn.net/Articles/557820/ http://en.wikipedia.org/wiki/GPL_linking_exception I'm no expert in that stuff. Maybe someone dealing day by day with such stuff has more knowledge here. -Andy signature.asc Description: PGP signature
[arch-dev-public] Integrity Check x86_64: core, extra, community, multilib 09-08-2013
Warning : the repository multilib does not exist in /srv/abs/rsync/any === = Integrity Check x86_64 of core,extra,community,multilib = === Performing integrity checks... ==> parsing pkgbuilds ==> parsing db files ==> checking mismatches ==> checking archs ==> checking dependencies ==> checking makedepends ==> checking hierarchy ==> checking for circular dependencies ==> checking for differences between db files and pkgbuilds Missing PKGBUILDs --- /srv/abs/rsync/any/multilib Missing Dependencies -- community/emesene --> 'pylint' community/neatx --> 'nxserver' extra/archboot --> 'amd-ucode>=2012.01.17-3' Missing Makedepends - community/classpath --> 'openjdk6' community/widelands-data --> 'ggz-client-libs' community/xosd --> 'bmp' extra/gnome-speech --> 'openjdk6' Repo Hierarchy for Dependencies - community/playonlinux depends on multilib/wine (97 extra (make)deps to pull) extra/archboot depends on community/arch-wiki-lite (22 extra (make)deps to pull) extra/archboot depends on community/arch-wiki-lite (22 extra (make)deps to pull) extra/archboot depends on community/chntpw (20 extra (make)deps to pull) extra/archboot depends on community/cpupower (23 extra (make)deps to pull) extra/archboot depends on community/haveged (20 extra (make)deps to pull) extra/archboot depends on community/squashfs-tools (20 extra (make)deps to pull) extra/archboot depends on community/usb_modeswitch (20 extra (make)deps to pull) extra/archboot depends on community/wvdial (23 extra (make)deps to pull) extra/archboot depends on community/xl2tpd (20 extra (make)deps to pull) extra/archiso depends on community/squashfs-tools (20 extra (make)deps to pull) extra/ardour depends on community/libsmf (20 extra (make)deps to pull) extra/audacity depends on community/ffmpeg-compat (20 extra (make)deps to pull) extra/brltty depends on community/cython (20 extra (make)deps to pull) extra/calligra-krita depends on community/opencolorio (20 extra (make)deps to pull) extra/cyrus-sasl-sql depends on community/sqlite2 (20 extra (make)deps to pull) extra/evas_generic_loaders depends on community/libraw (20 extra (make)deps to pull) extra/fvwm-crystal depends on community/hsetroot (20 extra (make)deps to pull) extra/gnucash depends on community/aqbanking (22 extra (make)deps to pull) extra/gnucash depends on community/libdbi-drivers (21 extra (make)deps to pull) extra/hefur depends on community/protobuf (20 extra (make)deps to pull) extra/mod_perl depends on community/perl-linux-pid (20 extra (make)deps to pull) extra/octave depends on community/arpack (20 extra (make)deps to pull) extra/python2-metacity depends on community/metacity (20 extra (make)deps to pull) extra/python2-rdflib depends on community/python2-isodate (20 extra (make)deps to pull) extra/ruby depends on community/libyaml (0 extra (make)deps to pull) extra/vlc depends on community/ffmpeg-compat (20 extra (make)deps to pull) Repo Hierarchy for Makedepends community/virtualbox depends on multilib/dev86 (6 extra (make)deps to pull : lib32-glibc gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-gcc-libs) community/virtualbox depends on multilib/gcc-multilib (6 extra (make)deps to pull : gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc gcc-multilib lib32-gcc-libs) community/virtualbox depends on multilib/lib32-glibc (6 extra (make)deps to pull : gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc lib32-gcc-libs) community/virtualbox-ext-vnc depends on multilib/dev86 (6 extra (make)deps to pull : lib32-glibc gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-gcc-libs) community/virtualbox-ext-vnc depends on multilib/gcc-multilib (6 extra (make)deps to pull : gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc gcc-multilib lib32-gcc-libs) community/virtualbox-ext-vnc depends on multilib/lib32-glibc (6 extra (make)deps to pull : gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc lib32-gcc-libs) community/virtualbox-guest-dkms depends on multilib/dev86 (6 extra (make)deps to pull : lib32-glibc gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-gcc-libs) community/virtualbox-guest-dkms depends on multilib/gcc-multilib (6 extra (make)deps to pull : gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc gcc-multilib lib32-gcc-libs) community/virtualbox-guest-dkms depends on multilib/lib32-glibc (6 extra (make)deps to pull : gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc lib32-gcc-libs) community/virtualbox-guest-utils depends on multilib/dev86 (6 extra (make)deps to pull : lib32-glibc gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib li
[arch-dev-public] Integrity Check i686: core, extra, community 09-08-2013
= Integrity Check i686 of core,extra,community = Performing integrity checks... ==> parsing pkgbuilds ==> parsing db files ==> checking mismatches ==> checking archs ==> checking dependencies ==> checking makedepends ==> checking hierarchy ==> checking for circular dependencies ==> checking for differences between db files and pkgbuilds Missing Dependencies -- community/emesene --> 'pylint' community/neatx --> 'nxserver' extra/archboot --> 'amd-ucode>=2012.01.17-3' Missing Makedepends - community/classpath --> 'openjdk6' community/widelands-data --> 'ggz-client-libs' community/xosd --> 'bmp' extra/gnome-speech --> 'openjdk6' Repo Hierarchy for Dependencies - extra/archboot depends on community/arch-wiki-lite (30 extra (make)deps to pull) extra/archboot depends on community/arch-wiki-lite (30 extra (make)deps to pull) extra/archboot depends on community/chntpw (28 extra (make)deps to pull) extra/archboot depends on community/cpupower (31 extra (make)deps to pull) extra/archboot depends on community/haveged (28 extra (make)deps to pull) extra/archboot depends on community/squashfs-tools (28 extra (make)deps to pull) extra/archboot depends on community/usb_modeswitch (28 extra (make)deps to pull) extra/archboot depends on community/wvdial (31 extra (make)deps to pull) extra/archboot depends on community/xl2tpd (28 extra (make)deps to pull) extra/archiso depends on community/squashfs-tools (28 extra (make)deps to pull) extra/ardour depends on community/libsmf (28 extra (make)deps to pull) extra/audacity depends on community/ffmpeg-compat (28 extra (make)deps to pull) extra/brltty depends on community/cython (28 extra (make)deps to pull) extra/calligra-krita depends on community/opencolorio (28 extra (make)deps to pull) extra/cyrus-sasl-sql depends on community/sqlite2 (28 extra (make)deps to pull) extra/evas_generic_loaders depends on community/libraw (28 extra (make)deps to pull) extra/fvwm-crystal depends on community/hsetroot (28 extra (make)deps to pull) extra/gnucash depends on community/aqbanking (30 extra (make)deps to pull) extra/gnucash depends on community/libdbi-drivers (29 extra (make)deps to pull) extra/hefur depends on community/protobuf (28 extra (make)deps to pull) extra/mod_perl depends on community/perl-linux-pid (28 extra (make)deps to pull) extra/octave depends on community/arpack (28 extra (make)deps to pull) extra/python2-metacity depends on community/metacity (28 extra (make)deps to pull) extra/python2-rdflib depends on community/python2-isodate (28 extra (make)deps to pull) extra/ruby depends on community/libyaml (0 extra (make)deps to pull) extra/vlc depends on community/ffmpeg-compat (28 extra (make)deps to pull) Repo Hierarchy for Makedepends core/btrfs-progs depends on extra/git (502 extra (make)deps to pull) core/ca-certificates depends on extra/python2 (502 extra (make)deps to pull) core/crda depends on community/python2-m2crypto (502 extra (make)deps to pull) core/dbus depends on extra/libx11 (502 extra (make)deps to pull) core/e2fsprogs depends on extra/bc (502 extra (make)deps to pull) core/filesystem depends on community/asciidoc (502 extra (make)deps to pull) core/gcc depends on extra/doxygen (502 extra (make)deps to pull) core/gcc-ada depends on extra/doxygen (502 extra (make)deps to pull) core/gcc-fortran depends on extra/doxygen (502 extra (make)deps to pull) core/gcc-go depends on extra/doxygen (502 extra (make)deps to pull) core/gcc-libs depends on extra/doxygen (502 extra (make)deps to pull) core/gcc-objc depends on extra/doxygen (502 extra (make)deps to pull) core/glib2 depends on extra/docbook-xml (502 extra (make)deps to pull) core/glib2 depends on extra/elfutils (502 extra (make)deps to pull) core/glib2 depends on extra/libxslt (502 extra (make)deps to pull) core/glib2 depends on extra/python2 (502 extra (make)deps to pull) core/glib2-docs depends on extra/docbook-xml (502 extra (make)deps to pull) core/glib2-docs depends on extra/elfutils (502 extra (make)deps to pull) core/glib2-docs depends on extra/libxslt (502 extra (make)deps to pull) core/glib2-docs depends on extra/python2 (502 extra (make)deps to pull) core/gnupg depends on extra/libusb-compat (502 extra (make)deps to pull) core/groff depends on extra/ghostscript (502 extra (make)deps to pull) core/groff depends on extra/libxaw (502 extra (make)deps to pull) core/groff depends on extra/netpbm (502 extra (make)deps to pull) core/groff depends on extra/psutils (502 extra (make)deps to pull) core/grub depends on extra/autogen (502 extra (make)deps to pull) core/grub depends on extra/bdf-unifont (502 extra (make)deps to pull) core/grub depends on extra/bzr (502 extra (make)deps to pull) core/grub depends on extra/freetype2 (502 extra (make)deps to pull) core/grub depends on extra/fuse (502 extra (make)
Re: [arch-dev-public] licensing issues with DB 6.0
On 9 August 2013 11:31, Pierre Schmitz wrote: > Hi all, > > we just finished the db 6.0 rebuild in staging. I was pointed* to an > issue with it's license though. It seems Oracle switched the license to > AGPL with version 6.0. I am not an expert, but afaik this makes it only > compatible with GPL3 clients and also enforces the AGPL terms on those. > > Debian had a similar discussion > https://lists.debian.org/debian-legal/2013/07/msg0.html > > If you think this is indeed a problem, I suggest to drop the rebuild for > now and keep db-5. We could introduce a db6 package if packages really > need that and are license-compatible. We might also want to try to > disable db-functionality if possible and switch to alternative > implementations. > > Greetings, > > Pierre > > *) https://bugs.php.net/bug.php?id=65426 > > -- > Pierre Schmitz, https://pierre-schmitz.com I would avoid DB 6 unless some software requires it. In my opinion DB 6 can't get widely adopted because of it's license anyway. Maybe someone will pick up db 5 and continue maintaining it. Something similar happened with MySQL and OpenOffice.org already and the results are pretty good. BTW, is it just me or the Oracle is really shitty when it comes to OSS? Lukas
[arch-dev-public] licensing issues with DB 6.0
Hi all, we just finished the db 6.0 rebuild in staging. I was pointed* to an issue with it's license though. It seems Oracle switched the license to AGPL with version 6.0. I am not an expert, but afaik this makes it only compatible with GPL3 clients and also enforces the AGPL terms on those. Debian had a similar discussion https://lists.debian.org/debian-legal/2013/07/msg0.html If you think this is indeed a problem, I suggest to drop the rebuild for now and keep db-5. We could introduce a db6 package if packages really need that and are license-compatible. We might also want to try to disable db-functionality if possible and switch to alternative implementations. Greetings, Pierre *) https://bugs.php.net/bug.php?id=65426 -- Pierre Schmitz, https://pierre-schmitz.com
[arch-dev-public] Signoff report for [testing]
=== Signoff report for [testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 1 new package in last 24 hours * 2 known bad packages * 0 packages not accepting signoffs * 3 fully signed off packages * 21 packages missing signoffs * 3 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == New packages in [testing] in last 24 hours (1 total) == * devtools-20130808-1 (any) == Incomplete signoffs for [core] (9 total) == * netctl-1.3-1 (any) 0/2 signoffs * openresolv-3.5.6-1 (any) 0/2 signoffs * dhcpcd-6.0.5-1 (i686) 0/1 signoffs * glib2-2.36.4-1 (i686) 0/1 signoffs * logrotate-3.8.6-1 (i686) 0/1 signoffs * run-parts-4.4-1 (i686) 0/1 signoffs * glib2-2.36.4-1 (x86_64) 0/2 signoffs * logrotate-3.8.6-1 (x86_64) 1/2 signoffs * run-parts-4.4-1 (x86_64) 1/2 signoffs == Incomplete signoffs for [extra] (12 total) == * archboot-2013.08-1 (any) 0/2 signoffs * devtools-20130808-1 (any) 0/2 signoffs * gnome-control-center-3.8.4.1-2 (i686) 0/1 signoffs * gnome-settings-daemon-3.8.4-2 (i686) 0/1 signoffs * upower-0.9.21-1 (i686) 0/1 signoffs * xfce4-power-manager-1.2.0-5 (i686) 0/1 signoffs * xfce4-session-4.10.1-3 (i686) 0/1 signoffs * gnome-control-center-3.8.4.1-2 (x86_64) 0/2 signoffs * gnome-settings-daemon-3.8.4-2 (x86_64) 0/2 signoffs * upower-0.9.21-1 (x86_64) 0/2 signoffs * xfce4-power-manager-1.2.0-5 (x86_64) 0/2 signoffs * xfce4-session-4.10.1-3 (x86_64) 0/2 signoffs == Completed signoffs (3 total) == * syslinux-6.01-4 (i686) * dhcpcd-6.0.5-1 (x86_64) * syslinux-6.01-4 (x86_64) == All packages in [testing] for more than 14 days (3 total) == * openresolv-3.5.6-1 (any), since 2013-07-12 * systemd-206-1 (i686), since 2013-07-23 * systemd-206-1 (x86_64), since 2013-07-23 == Top five in signoffs in last 24 hours ==
