Re: libidn re-license

2012-03-09 Thread Simon Josefsson 
Thanks for several responses -- however the underlying question I had,
whether the upload the new package to unstable or not, was not resolved.
Does anyone see any reason to delay or abstain from the upload?  If not,
I'll do the upload within days.

/Simon


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8762edlvob@latte.josefsson.org

Re: libidn re-license

2012-03-07 Thread Jonas Smedegaard 
On 12-03-07 at 09:25pm, Julien Cristau wrote:
> On Wed, Mar  7, 2012 at 21:03:25 +0100, Simon Josefsson wrote:
> 
> > Julien Cristau  writes:
> > 
> > > On Tue, Mar 6, 2012 at 20:35:53 +0100, Simon Josefsson wrote:
> > >
> > >> I co-maintain the libidn package.  As upstream, I recently 
> > >> relicensed it from LGPLv2+ to GPLv2+|LGPLv3+.
> > >
> > > So maybe that's a stupid question, but... Why?  You didn't have 
> > > enough license headaches?
> > 
> > Well, why not?  There was a reason the FSF published the LGPLv3 
> > after all.
> 
> Maybe...
> 
> > Others have analyzed the reasons than I can (see for example [1]
> > and [2]).  The downsides (e.g., changing the license headers, and
> > discussions like this one) appears small in comparison to me.
> > 
> It's not so much the discussion as the increased incompatibility with
> users of your library, which seems kind of counter productive to me.
> And I'm not sure how many of the (perceived) benefits of v3 for people
> who aren't lawyers are still valid if you keep dual-licensing under
> GPLv2 anyway.

I was puzzled too at first, but notice that it not only changes to 
dual-licensing but also tightens from LGPL to GPL.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: Digital signature

Re: libidn re-license

2012-03-07 Thread Julien Cristau 
On Wed, Mar  7, 2012 at 21:03:25 +0100, Simon Josefsson wrote:

> Julien Cristau  writes:
> 
> > On Tue, Mar  6, 2012 at 20:35:53 +0100, Simon Josefsson wrote:
> >
> >> I co-maintain the libidn package.  As upstream, I recently relicensed it
> >> from LGPLv2+ to GPLv2+|LGPLv3+.
> >
> > So maybe that's a stupid question, but... Why?  You didn't have enough
> > license headaches?
> 
> Well, why not?  There was a reason the FSF published the LGPLv3 after
> all.

Maybe...

> Others have analyzed the reasons than I can (see for example [1]
> and [2]).  The downsides (e.g., changing the license headers, and
> discussions like this one) appears small in comparison to me.
> 
It's not so much the discussion as the increased incompatibility with
users of your library, which seems kind of counter productive to me.
And I'm not sure how many of the (perceived) benefits of v3 for people
who aren't lawyers are still valid if you keep dual-licensing under
GPLv2 anyway.

Cheers,
Julien


signature.asc
Description: Digital signature

Re: libidn re-license

2012-03-07 Thread Simon Josefsson 
Julien Cristau  writes:

> On Tue, Mar  6, 2012 at 20:35:53 +0100, Simon Josefsson wrote:
>
>> I co-maintain the libidn package.  As upstream, I recently relicensed it
>> from LGPLv2+ to GPLv2+|LGPLv3+.
>
> So maybe that's a stupid question, but... Why?  You didn't have enough
> license headaches?

Well, why not?  There was a reason the FSF published the LGPLv3 after
all.  Others have analyzed the reasons than I can (see for example [1]
and [2]).  The downsides (e.g., changing the license headers, and
discussions like this one) appears small in comparison to me.

/Simon

[1] http://eigen.tuxfamily.org/index.php?title=Licensing_FAQ
[2] http://www.winehq.org/pipermail/wine-devel/2007-July/058059.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87399kqiuq@latte.josefsson.org

Re: libidn re-license

2012-03-07 Thread Simon Josefsson 
Florian Weimer  writes:

 (GPLv2-only and LGPLv3+ are incompatible.)
>>>
>>> Nowadays, almost all GPLv2-only programs link to library code licensed
>>> under the GPLv3 (with a linking exception on the library side), so we
>>> pretend that they are, at least to some degree.
>>
>> How does that link exception look like?
>
> 
>
> I don't think the exception makes the version 3 code compatible with
> version 2.

That applies only to GPLv3, doesn't it?  Libidn is now GPLv2+|LGPLv3+.
I don't immediately see how that exception could be used here.  I
wouldn't want to s/GPLv3/GPLv2+|LGPLv3+/ on a document like that without
sanity checking by some legal entity.  I recall that the FSF and GCC
folks spent a lot of time working out that document.

/Simon


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877gywqjqz@latte.josefsson.org

Re: libidn re-license

2012-03-07 Thread Florian Weimer 
* Simon Josefsson:

> Florian Weimer  writes:
>
> (GPLv2-only and LGPLv3+ are incompatible.)

 Nowadays, almost all GPLv2-only programs link to library code licensed
 under the GPLv3 (with a linking exception on the library side), so we
 pretend that they are, at least to some degree.
>>>
>>> How does that link exception look like?
>>
>> 
>>
>> I don't think the exception makes the version 3 code compatible with
>> version 2.
>
> That applies only to GPLv3, doesn't it?  Libidn is now GPLv2+|LGPLv3+.

Yes, and this is fine.

> I don't immediately see how that exception could be used here.  I
> wouldn't want to s/GPLv3/GPLv2+|LGPLv3+/ on a document like that without
> sanity checking by some legal entity.  I recall that the FSF and GCC
> folks spent a lot of time working out that document.

What I'm trying to say is this: Programs like Git already link against
libgcc, and this has to be permitted by the GPL version 2 (otherwise
we couldn't distribute them).  But libgcc is GPLv3 plus another type
of linking exception, so maybe we can use the reasoning which allows
to link us against libgcc to come up with a way to link against
LGPLv3+ libraries.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87mx7sp4vy@mid.deneb.enyo.de

Re: libidn re-license

2012-03-07 Thread Julien Cristau 
On Tue, Mar  6, 2012 at 20:35:53 +0100, Simon Josefsson wrote:

> I co-maintain the libidn package.  As upstream, I recently relicensed it
> from LGPLv2+ to GPLv2+|LGPLv3+.

So maybe that's a stupid question, but... Why?  You didn't have enough
license headaches?

Cheers,
Julien


signature.asc
Description: Digital signature

Re: libidn re-license

2012-03-07 Thread Florian Weimer 
* Simon Josefsson:

> It wouldn't hurt, but I'm also not sure if it is worth the work.  If any
> significant application triggered this particular code path, people
> should have noticed the problem a long time ago.  It is at worst an
> easily diagnozed DoS causing the library to busy-loop forever.  All the
> pr29_* functions are affected, but they don't appear to be widely used.

Okay, in that case, an update doesn't seem necessary.

>>> (GPLv2-only and LGPLv3+ are incompatible.)
>>
>> Nowadays, almost all GPLv2-only programs link to library code licensed
>> under the GPLv3 (with a linking exception on the library side), so we
>> pretend that they are, at least to some degree.
>
> How does that link exception look like?



I don't think the exception makes the version 3 code compatible with
version 2.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ty20s0qh@mid.deneb.enyo.de

Re: libidn re-license

2012-03-07 Thread Simon Josefsson 
Florian Weimer  writes:

> * Simon Josefsson:
>
>> I co-maintain the libidn package.  As upstream, I recently relicensed it
>> from LGPLv2+ to GPLv2+|LGPLv3+.  I'd like to upload the latest version
>> into Debian before Wheezy since a pretty nasty inifinte-loop bug has
>> been fixed.
>
> Should we get that into stable-security, under the old license?

It wouldn't hurt, but I'm also not sure if it is worth the work.  If any
significant application triggered this particular code path, people
should have noticed the problem a long time ago.  It is at worst an
easily diagnozed DoS causing the library to busy-loop forever.  All the
pr29_* functions are affected, but they don't appear to be widely used.

>> (GPLv2-only and LGPLv3+ are incompatible.)
>
> Nowadays, almost all GPLv2-only programs link to library code licensed
> under the GPLv3 (with a linking exception on the library side), so we
> pretend that they are, at least to some degree.

How does that link exception look like?  I only recall seeing
suggestions to use the dual-GPLv2+|LGPLv3+ approach as a workaround
before.

/Simon


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87k42wpyif@latte.josefsson.org

Re: libidn re-license

2012-03-07 Thread Simon Josefsson 
Paul Wise  writes:

> I would suggest asking the FSF licensing folks and debian-legal.

Good point about debian-legal, I'll repost the question there.  I have
talked to the FSF and they suggest LGPLv3+ but will live with
dual-GPLv2+|LGPLv3+ if there are significant GPLv2-only applications in
the free software community, which there appears to be.

Thanks,
/Simon


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87sjhkpyzg@latte.josefsson.org

Re: libidn re-license

2012-03-06 Thread Florian Weimer 
* Simon Josefsson:

> I co-maintain the libidn package.  As upstream, I recently relicensed it
> from LGPLv2+ to GPLv2+|LGPLv3+.  I'd like to upload the latest version
> into Debian before Wheezy since a pretty nasty inifinte-loop bug has
> been fixed.

Should we get that into stable-security, under the old license?

> I have looked at licenses of reverse dependencies, and I did found
> some GPLv2-only packages.  That caused me to dual license the
> package instead of going to LGPLv3+.

This is appreciated.

> (GPLv2-only and LGPLv3+ are incompatible.)

Nowadays, almost all GPLv2-only programs link to library code licensed
under the GPLv3 (with a linking exception on the library side), so we
pretend that they are, at least to some degree.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87d38og8qf@mid.deneb.enyo.de

Re: libidn re-license

2012-03-06 Thread Paul Wise 
I would suggest asking the FSF licensing folks and debian-legal.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKTje6HD9YoJaMAk=tqm3c7tc9oq+kxf0vu9dxvjtkxrcr5...@mail.gmail.com

libidn re-license

2012-03-06 Thread Simon Josefsson 
I co-maintain the libidn package.  As upstream, I recently relicensed it
from LGPLv2+ to GPLv2+|LGPLv3+.  I'd like to upload the latest version
into Debian before Wheezy since a pretty nasty inifinte-loop bug has
been fixed.  However, I am not certain what should be done before
uploading a re-licensed package, so I am asking for guidance.  I have
looked at licenses of reverse dependencies, and I did found some
GPLv2-only packages.  That caused me to dual license the package instead
of going to LGPLv3+. (GPLv2-only and LGPLv3+ are incompatible.)  I am
not aware of any other license that could pose any problem with a
dual-licensed GPLv2+|LGPLv3+ package.  I didn't find any other obvious
problem when I looked at the reverse dependencies.

Is there any policy or best current practice about what needs to be done
in this situation?  Should I just upload to unstable and let people work
out license (in)compatibility later on?  I'm sure this must have come up
before for other packages that have been relicensed, but I couldn't find
any generic advice.

/Simon


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87hay1r086@latte.josefsson.org