Re: ITP seahorse
On 2000-05-24 at 23:22 -0400, Branden Robinson wrote: [Replies to this message should move to debian-legal.] I have dropped debian-devel as a recipient. However, the BXA regulations were later amended[2]. I haven't read through all the changes, but we might presume with some caution that you don't need to attempt to restrict access to public Web or FTP sites to exclude connections from countries that the United States has identified as its enemies. If, on the other hand, you were engaged in some sort of commerce where you would get the name and address of every person to whom you distributed crypto, you almost certainly would be expected to turn away Libyans, Sudanese, etc. This message is not an endorsement of BXA policy. Quite the contrary; I think the U.S. government needs to leave the cryptographic community to exercise its constitutional rights in peace. The very fact that such letters have to be written to explain these Byzantine regulations to American academics is evidence that the BXA should be dismantled and eliminated from the federal budget. Perhaps its employees could find gainful employment elsewhere as truant officers or gossip columnists. I don't think this is clear at all. I certainly can see no basis for reading the regulations so as to distinguish between actual knowledge acquired prior to export as distinct from after export. That is, what is Bernstein to do if his web server log clearly shows a download from a prohibited domain? Does Bernstein have a duty to disclose his logs? Does Bernstein have an obligation to keep logs? Does Bernstein have a legal duty to read the logs he does keep? This is a crazy situation foisted upon us by regulations written by people who have no understanding of how the Internet works, much like the apocryphal rules requiring that a man waving a red flag should be required to walk ahead of an automobile so as to warn of its approach. The Bernstein case also, as far as I know, addresses the issue of source code per se. It is by no means clear that restrictions which would not be enforced against source code would also not be enforced against binary executables such as Debian packages. The key legal element of the Bernstein case is that source code has a speech component such that it is the unique means of communication used among human programmers, and it is far from clear that one can have a free speech right when talking directly to a machine. There have certainly been stranger distinctions drawn in the courts on this issue, as in the Karn case where the source code was held to be exportable when printed on paper but not when stored on a floppy disk, although the government stipulated to Karn's assertion that the paper printout could be scanned in using OCR and turned into the identical form as on the floppy disk in only about three hours. Regardless of the transactions in the Bernstein case, the common interpretation which is evolving of the new regulations seems to be that the user has to be forced to affirm that they are not in a prohibited country before downloading the files. This is how Netscape seems to handle their 128-bit browser now. It makes no sense that I am not a terrorist loyalty oaths are expected to be useful for any purpose whatsoever, and we are starting to approach the realm of legal absurdity when plastic bags are labeled This bag is not a toy and coffee cups are labeled Coffee may be hot. -- Mike
stance on QPL 2 / GPL/LGPL license usage
What is the current stance on programs that bind to qt 2.x which is using the QPL 2.0 license and are GPL'd or LGPL'd? Ivan -- Ivan E. Moore II [EMAIL PROTECTED] http://snowcrash.tdyc.com GPG KeyID=90BCE0DD GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD
Re: stance on QPL 2 / GPL/LGPL license usage
On Thu, May 25, 2000 at 01:59:10AM -0700, Ivan E. Moore II wrote: What is the current stance on programs that bind to qt 2.x which is using the QPL 2.0 license and are GPL'd or LGPL'd? Qt 2.0 with LGPL, no problem Qt 2.0 with GPL, problem Same stance, has never changed. The GPL does not allow linking with Qt 2.0. The people who write GPL apps using Qt 2.0 know this by now. KDE knows it, that's for damned sure. Those authors who care have added the necessary permissions. KDE hasn't and won't because then they'd have to give up being able to use GPL'd code. Troll Tech of course stays conveniently on the sidelines. Enough people like KDE because it's good and easy to use that the It works factor overrides the It's illegal to do that factor. Every now and then Troll Tech makes a token gesture that they are interested in making Qt 2.0 and later GPL compatible to keep certain people satisfied with their attempts at doing the right thing. I'm not satisfied. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Delenn I wouldn't make it through 24 hours before I'd be firing up the grill and slapping a few friends on the barbie. spacemoos Why would you slap friends with barbies, thats kinda kinky
Re: When will KDE and Debian get together?
In a letter to LWN you write: As far as I know this is the only major open-source package that is not officially supported by Debian. I suspect this bad situation is a leftover from the old flame wars that used to erupt between GNOME and KDE supporters. It was alleged at the time of those flamewares that although KDE itself was GPLed, the package could not really be considered free since it depended on the Qt-1 library which was not. This is a common misunderstanding. Debian's stance on KDE copyright and licensing issues (http://www.debian.org/News/1998/19981008) gives an extensive analysis of the KDE issue. The issue is /not/ KDE's dependence on a non-free library, but the incompatibility between KDE's licensing terms and the licensing terms on the Qt library it depends on. What is ironic about the exclustion of KDE from Debian now, is that the Qt-1 library is actually officially supported by Debian! It is not. The non-free section of Debian mirrors (from which qt1 .debs are available) is /not/ an official part of Debian GNU/Linux and is e.g. not included on the official Debian CD images (http://cdimage.debian.org). I personally think this whole situation is rather petty, but I was willing to give Debian some slack so they could gracefully back down from their impossible position especially now that both Qt-2 and KDE-2 are coming out under free licenses. While Qt2 is under a free license (after a drafing process in which Debian's Joseph Carter provided extensive feedback), this license, the QPL, is unfortunately not compatible with the GPL. This has been pointed out to Troll Tech, but has not resulted in changes in the QPL. But in the interests of fairness, I don't see why this official Debian discrimination against KDE continues. Because there have been no fundamental changes in the situation. After analysis of KDE's and Qt's licensing terms (both the non-free Qt1 licensing terms and the free QPL), the Debian project has concluded it cannot legally distribute KDE binaries. For the Debian project to be able to legally distribute KDE binaries, KDE's and Qt's licensing terms would have to be made compatible. This could be done in many ways, the most relevant of which are: - license KDE under the GPL plus an explicit exception granting the right to (re)distribute binaries linked against Qt - license KDE under a different free license like the Artistic License or - release Qt under a BSD-style license; see http://qt-interest.trolltech.com/auo1.html Many people within Debian have lobbied with both the KDE project and Troll Tech for one of these changes to be made. Regrettably, so far this has not resulted in a change that would allow the Debian project to legally distribute KDE binaries. HTH, Ray -- Pinky, Are You Pondering What I'm Pondering? I think so, Brain, but Snowball for Windows? Pinky and the Brain in Snowball
Re: CD images and US export laws
Frederik Vanrenterghem [EMAIL PROTECTED] writes: I don't get the problem. Wasn't this law recently changed, resulting in free export of encryption software? AFAIK you still have to jump through some hoops before you can consider exporting legal. I think it would be a nice thing for the legal team to figure out some of the questions: - If upstream has got the permission to distribute their software world-wide (except evil empires), can simply Debian freely redistribute it? + If yes, and when source is available, may Debian also distribute changed versions? - If upstream has not yet got permission (and perhaps is unwilling to ever get one), can Debian apply for permission? + Has the permission to be renewed for updated upstream versions, or updated Debian versions? As I understand it getting permission may be as simple as telling the Department of something the URL where it is distributed, and the Deparment not complaining. Is that true? debian-legal: What's your thoughts on this? Perhaps woody may do away with non-US entirely... -- Robbe
Re: When will KDE and Debian get together?
On Thu, 25 May 2000, J.H.M. Dassen (Ray) wrote: In a letter to LWN you write: What is ironic about the exclustion of KDE from Debian now, is that the Qt-1 library is actually officially supported by Debian! It is not. The non-free section of Debian mirrors (from which qt1 .debs are available) is /not/ an official part of Debian GNU/Linux and is e.g. not included on the official Debian CD images (http://cdimage.debian.org). Supported is perhaps a poorly chosen word. However, if you search the packages list on the official Debian web site, Qt1 is there large as life in the non-free section while KDE is not to be seen at all. I still think this is an ironic situation. But in the interests of fairness, I don't see why this official Debian discrimination against KDE continues. Because there have been no fundamental changes in the situation. After analysis of KDE's and Qt's licensing terms (both the non-free Qt1 licensing terms and the free QPL), the Debian project has concluded it cannot legally distribute KDE binaries. Every other distribution has concluded that they can. I am actually in sympathy with much of Debian's philosophy, and I prefer their differentness from the commercial distributions. But it sometimes is good to bend a little. Are you *positive* the rigid stance in the KDE case here is because of high moral principles or is there an element of revenge here going back to the old flame wars? I ask this admittedly loaded question because I am concerned that Debian is shooting itself in the foot over this issue. Derivative Debian distributions such as Storm and Corel immediately include KDE (mostly because the vast majority of users want it), and perhaps it would be in Debian's interest not to ignore KDE any longer. Debian has been willing to compromise on many fronts by allowing lots of non-free software (such as Qt1) to be officially listed on their web site. I applaud these compromises, and I don't see why a similar compromise could not be made for KDE. For the Debian project to be able to legally distribute KDE binaries, KDE's and Qt's licensing terms would have to be made compatible. This could be done in many ways, the most relevant of which are: - license KDE under the GPL plus an explicit exception granting the right to (re)distribute binaries linked against Qt - license KDE under a different free license like the Artistic License or - release Qt under a BSD-style license; see http://qt-interest.trolltech.com/auo1.html Many people within Debian have lobbied with both the KDE project and Troll Tech for one of these changes to be made. Regrettably, so far this has not resulted in a change that would allow the Debian project to legally distribute KDE binaries. IANAL, but I suspect this is not clear-cut and instead is a legal grey area since every other distribution (including all Debian derivatives) have no problem with it. Thus, it might be time for Debian to back down and compromise in their own best interest. I am not much of a fan of KDE1, but it is extremely popular, and some exciting things are apparently coming for KDE2. Debian users do have workarounds so KDE1 or KDE2 can be accessed (e.g., at ftp://debian.tdyc.com/ and related sites) as deb packages. Nevertheless, it would be a much better situation all around if access could be had from the official Debian website just like for many other packages (e.g., Qt1, the source of the original controversy) that have been judged by the Debian community to be freedom impaired in some way. Alan W. Irwin email: [EMAIL PROTECTED] phone: 250-727-2902 FAX: 250-721-7715 snail-mail: Dr. Alan W. Irwin Department of Physics and Astronomy, University of Victoria, P.O. Box 3055, Victoria, British Columbia, Canada, V8W 3P6 __ Linux-powered astrophysics __
Re: When will KDE and Debian get together?
Alan W. Irwin [EMAIL PROTECTED] writes: Every other distribution has concluded that they can. I'm not sure. I think they've decided they are unlikely to get sued, which is not at all the same thing. Similarly, MIT's Athena has decided to explore using Gnome for its Athena desktop, but not KDE, because of the same legal concerns. (I do not speak for MIT in this regard.)
Re: When will KDE and Debian get together?
On Thu, May 25, 2000 at 08:53:06AM -0700, Alan W. Irwin wrote: IANAL, but I suspect this is not clear-cut and instead is a legal grey area since every other distribution (including all Debian derivatives) have no problem with it. The Mandrake CD's (I presume the download CD is identical to the one that comes in the box) includes a collection of TrueType fonts for which the license prohibits commercial distribution. I don't think what another distibution thinks it can get away with has anything to do with Debian should do. -- David Starner - [EMAIL PROTECTED] http/ftp: x8b4e53cd.dhcp.okstate.edu Roleplaying Anonymous - a 1d12 step program
Re: When will KDE and Debian get together?
On Thu, May 25, 2000 at 08:53:06 -0700, Alan W. Irwin wrote: However, if you search the packages list on the official Debian web site, Qt1 is there large as life in the non-free section True. The license terms on Qt1 allow for us to distribute binaries; they do not meet the Debian Free Software Guidelines, so such binaries are distributed in the non-free section. while KDE is not to be seen at all. As its license does not allow for us to distribute KDE binaries. It would be possible for us to distribute KDE in source form, but I suspect this would not change things for many users. I still think this is an ironic situation. I won't deny there's an irony to it. Because there have been no fundamental changes in the situation. After analysis of KDE's and Qt's licensing terms (both the non-free Qt1 licensing terms and the free QPL), the Debian project has concluded it cannot legally distribute KDE binaries. Every other distribution has concluded that they can. I'm not so sure. I think a more truthful interpretation of their inclusion of KDE interpretation is that they concluded that their chances of suffering legal action as a result of their inclusion were negligable. Other distributions are more lenient in adhering by / interpreting license terms and patents; see for example the number of distributions including pine, Netscape, GIF producing software, gated, qmail and presumably in the not too distant future, Motif. That is their right, as their motivation(s) for producing GNU/Linux distributions are different from Debian's. Are you *positive* the rigid stance in the KDE case here is because of high moral principles or is there an element of revenge here going back to the old flame wars? I'm not denying few in the Debian project look favourably on KDE or Troll Tech, but the issue is about Debian's principles, layed down as the Debian Free Software Guidelines (http://www.debian.org/social_contract#guidelines). The KDE case is hardly the only one where Debian takes a strong stand on licensing. I ask this admittedly loaded question because I am concerned that Debian is shooting itself in the foot over this issue. The Debian project is about building the best possible free operating environment, it is not about scoring in the hit parade of Linux distributions. The more people that use it, the merrier, but that's not at the heart of the project. The project is succesful because its participants all agree on this goal. Debian has been willing to compromise on many fronts by allowing lots of non-free software (such as Qt1) to be officially listed on their web site. Personally, I'd much rather have the packages search work on main only by default. We've tried to cooperate with KDE and Troll to get the license issue fixed, by showing numerous options. In particular Joseph Carter has worked long hours under difficult circumstances and long flamewars to get the issue fixed by getting Troll Tech to use good licensing terms for Qt2. He has gotten very far with this, for which I respect him a lot, but regrettably Troll Tech decided not to take the final step and make the QPL GPL-compatible. The KDE project has not even been willing to compromise by admitting that there is a problem, and fixing it, even though the fix consists of a mere two-line addition (or if you prefer, clarification) to KDE's license. This is regrettable. As a project founded on respect for authors licensing terms, we have no option than respecting KDE's licensing terms by not distributing KDE binaries. The philosophy of Debian as a project builds on that of the GNU project in many ways. The GNU project was started because RMS was willing to stand by his principles by not compromising and signing an NDA. While his uncompromising stand may not have made him and his project popular with many, it has provided us with a solid foundation to build on. We choose to maintain that solidity. If others like Corel and Stormix feel they need to build something on top of it that is less solid, that is their right, and we try to make that possible for them, but it is in no way a motivation for us to abandon the principles our project is founded on. IANAL, but I suspect this is not clear-cut and instead is a legal grey area Many issues surrounding free software licensing are. For example, the GPL has never been tested in court. Still, in those cases the FSF perceived its license terms to be violated, the violators (e.g. NeXt and the ncftp author) have backed down and complied with the FSF's request, suggesting that the GPL is a strong license, likely to be held up in court. Debian's interpretation of the GPL in the case of KDE is along the lines of the FSF, which, until a court will interpret the GPL, is the the entity most likely to offer a proper interpretation of the GPL. Ray -- Cyberspace, a final frontier. These are the voyages of my messages, on a lightspeed mission to explore strange new systems and to boldly go
Silly observation...
I was thinking this: If we see License: GPLv2 or greater we know it's DFSG compliant. But... look: License: latest GPL version is not! Obvious, but strange...