Hi Karen,

At the Cambridge BSP (Jan 27/28 2017) we have been looking at the
following bugs pertaining to non-DFSG compliance with fonts embedded
with non-free code:
 * http://bugs.debian.org/665334
     opened 23 Mar 2012, last update 01 Aug 2016 modulo spam
 * http://bugs.debian.org/694320
     opened 25 Nov 2012, last update 30 Aug 2014
     blocked by #665334
 * http://bugs.debian.org/694323
     opened 25 Nov 2012, last update 30 Aug 2014
     blocked by #665334

Synopsis:
  Type 1 fonts that are made using the package FontForge include font
hinting code which is marked "copyright Adobe all rights reserved".
This issue logically extends to every package that contains fonts that
have been made using FontForge.

Current State
  Reading #665334 it appears that FontForge historically contained
fragments of code with Adobe asserted rights.  We believe that this is
now resolved with "autohint code is now all open source".  The github
repo is top licensed Apache 2.0  [1]

  It is our belief that this is sufficient; that the package FontForge,
and type 1 fonts generated by this package are now DFSG compliant
because Apache 2.0 is GPL2+ compatible.

* Is our understanding of the above correct? i.e. Does the github
repository top-licensing (to Apache) of the Adobe 'hinting' properly apply?

* Are the font hinting fragments, that are Adobe copyright, embedded
into fonts produced in FontForge, the same code as in the above
repository (we *think* that this is the case)?

* Thus, are these fonts (generated by the above) now covered by Apache 2.0?

* And, consequently: are the fonts in the Debian archive, produced by
FontForge, now to be considered under Apache 2.0; and is this sufficient
to cover the embedded fragments under Apache 2.0?

Assuming the above is all correct then, in order to resolve this issue,
we believe that all packages that contain fonts that are generated using
FontForge should contain an appropriate licence text for the font.  A
Mass bug filing could then be made against these packages requesting the
appropriate update to the licence file.


However we see this a potential minefield, and therefore seek
clarification and advice before we continue.


/Andy
PP Debian BSP Cambridge Jan 2017 [2]


[1]  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665334#168
[2]  https://wiki.debian.org/BSP/2017/01/gb/Cambridge

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to