RE: AW: [Clamav-users] Re: Re: Re: Windows port ?
> The GPL defines "source" as "the preferred form of the work for making > modifications to it". If the maintainers of the clamav db add new > signatures by unpacking the database, modifying it and packing it again, > it is source code (the act of packing and unpacking is IMHO similar to > tarring and untarring C source files). If they the generate the database > from a different source, which cannot be trivially reconstructed from > the distributed database, it is not source code. In the latter case, the > database cannot be covered by the GPL (you cannot require somebody to > distribute the source if you don't give it to them). > > hp [Mitch (bitblock)] Hi Peter... Isn't just as easy as this? Company B wants to use GPL product A in a closed source commercial product So... They write library B, license it to themselves closed source, containing all their proprietary stuff, and write application B, which calls product A or uses it's libs, but IS open sourced and GPL'd - there's nothing in the GPL that prohibits you from using code within your GPL product that doesn't have the same license - there couldn't be or you could run a GPL app on a BSD system - right? Just a musing... m/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
On 2004-09-22 15:01:14 -0500, [EMAIL PROTECTED] wrote: > Kevin Spicer said: > > On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote: > > > >> The database is not a script. It is a binary compilation. > > > > It's not a script, true, but it also is not a binary compilation. If > > you look inside any of the database files unpacked by sigtool (sigtool > > --unpack) you'll note that they are actually a plain text files, one > > line per entry. So I think the previous posters point about them being > > analagous to scripts in that they are their own source is valid. > > > > Zip files are compressed/packed too. Would you consider them source? Or > a container. A container. Or a reversible transformation of the source code. Doesn't matter much. > I was using the term binary as in machine readable. And compilation as > defined by Merriam-Webster: 'to collect and edit into a volume' > > Perhaps not the best choice of wording, but very apparent to me when I > wrote it. > > Source is generally accepted as human readable. A 'cat daily.cvd' yields > something other than human readable. The GPL defines "source" as "the preferred form of the work for making modifications to it". If the maintainers of the clamav db add new signatures by unpacking the database, modifying it and packing it again, it is source code (the act of packing and unpacking is IMHO similar to tarring and untarring C source files). If they the generate the database from a different source, which cannot be trivially reconstructed from the distributed database, it is not source code. In the latter case, the database cannot be covered by the GPL (you cannot require somebody to distribute the source if you don't give it to them). hp -- _ | Peter J. Holzer| Je höher der Norden, desto weniger wird |_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt. | | | [EMAIL PROTECTED] | Hallig Gröde ist fast gänzlich dialektfrei. __/ | http://www.hjp.at/ | -- Hannes Petersen in desd pgpku7UONJJpc.pgp Description: PGP signature
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
Graham Toal said: >> > The database is not a script. It is a binary compilation. >> >> It's not a script, true, but it also is not a binary compilation. If >> you look inside any of the database files unpacked by sigtool (sigtool >> --unpack) you'll note that they are actually a plain text files, one >> line per entry. So I think the previous posters point about them being >> analagous to scripts in that they are their own source is valid. > > Fortunately the way this project works is that users upload samples > of viruses, not signatures. That makes the signatures an original > work of the project and should be defendable; there is an implicit > copyright on the work even if it is not explicitly asserted. The > signatures clearly reflect 'sweat of the brow' effort; they are > not simply a collection of other people's work. > > If the converse had been true, and the project admins wanted to restrict > use of uploaded signatures, then they would have needed to assert a > compilation copyright in the database text file from the start. If that > had not already in place, they would have had a lot of difficulty > restricting distribution, had it come to court, and if they wanted to > start asserting a copyright at a late stage in the project they would > have had to re-collect the signatures from user contributions after > getting an explicit transfer of copyright from contributors. > > I am not a lawyer but I did once go through a very similar exercise. > > Bottom line, should anyone ever get serious about legal action in > a project like this, be prepared to spend significant sums of money on > lawyers. 6 or 7 figures for something like this. > > I really objected to paying our lawyers more for a 1hr consultation > than I earned in a month. > > > G > PS If the database is collected/built/stored in Europe then all > bets are off. Totally different game from America. > I'm not a lawyer either, but I saw one in the wild once. I'm happy to live with the spirit of the license and use the product as intended. I also think that the GPL language clear with regard to reuse of components. I just don't think that its the perfect license for this product. ClamAV is still awesome. The ability to add my own signatures coupled with quick updates makes it an ideal solution for me. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
> > The database is not a script. It is a binary compilation. > > It's not a script, true, but it also is not a binary compilation. If > you look inside any of the database files unpacked by sigtool (sigtool > --unpack) you'll note that they are actually a plain text files, one > line per entry. So I think the previous posters point about them being > analagous to scripts in that they are their own source is valid. Fortunately the way this project works is that users upload samples of viruses, not signatures. That makes the signatures an original work of the project and should be defendable; there is an implicit copyright on the work even if it is not explicitly asserted. The signatures clearly reflect 'sweat of the brow' effort; they are not simply a collection of other people's work. If the converse had been true, and the project admins wanted to restrict use of uploaded signatures, then they would have needed to assert a compilation copyright in the database text file from the start. If that had not already in place, they would have had a lot of difficulty restricting distribution, had it come to court, and if they wanted to start asserting a copyright at a late stage in the project they would have had to re-collect the signatures from user contributions after getting an explicit transfer of copyright from contributors. I am not a lawyer but I did once go through a very similar exercise. Bottom line, should anyone ever get serious about legal action in a project like this, be prepared to spend significant sums of money on lawyers. 6 or 7 figures for something like this. I really objected to paying our lawyers more for a 1hr consultation than I earned in a month. G PS If the database is collected/built/stored in Europe then all bets are off. Totally different game from America. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
Kevin Spicer said: > On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote: > >> The database is not a script. It is a binary compilation. > > It's not a script, true, but it also is not a binary compilation. If > you look inside any of the database files unpacked by sigtool (sigtool > --unpack) you'll note that they are actually a plain text files, one > line per entry. So I think the previous posters point about them being > analagous to scripts in that they are their own source is valid. > Zip files are compressed/packed too. Would you consider them source? Or a container. I was using the term binary as in machine readable. And compilation as defined by Merriam-Webster: 'to collect and edit into a volume' Perhaps not the best choice of wording, but very apparent to me when I wrote it. Source is generally accepted as human readable. A 'cat daily.cvd' yields something other than human readable. The act of unpacking is akin to running a disassembler/unzip/etc. In the end, it is the property of the developers. I just don't see GPL as the correct choice for clearly defining the nature of the product. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote: > The database is not a script. It is a binary compilation. It's not a script, true, but it also is not a binary compilation. If you look inside any of the database files unpacked by sigtool (sigtool --unpack) you'll note that they are actually a plain text files, one line per entry. So I think the previous posters point about them being analagous to scripts in that they are their own source is valid. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
Steffen Heil said: > Hi > >> As stated by the GPL, you should provide source code for a GPL >> executable > or library. >> Could you provide me source code for the database please ? > > Hey, come on, this is getting a sensless discussion. > If you do not agree with the licence holders position, don't use it. It is > theirs. > Using others information without permission is illegal. > The database is it's own source code, so you have it. > Just as with scripts. There, the executable IS the source code. > I think the question of availablity of database source is legitimate given the context of this entire discussion. The position of the database being GPL without source is not logical. It is either GPL, with source, or it is something else. The database is not a script. It is a binary compilation. Since a portion of the product itself is not compliant, it appears to me that the GPL is not the correct license. Why should anyone else pay attention if the complainant violates his own contract in the same manner. As has already been mentioned, there are several commercial products using the database without attribution and without distributed source. Perhaps the community needs to come up with a license more in line with the intentions of the developers in order to properly protect their hard work. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users