Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread MJ Ray 
On 2004-09-04 15:42:00 +0100 Claus Färber <[EMAIL PROTECTED]> wrote:

> IMO, this is a clear sign that an OpenSSL-compatible library should be  
> considered part of the operating system.

Any new reasoning for that, or just restating in the hope it will become true?

-- 
MJR/slefMy Opinion Only and not of any group I know

Bits from debian-legal between 2004-08-23 and 2004-08-29

2004-09-04 Thread MJ Ray 
Date index for period starts at 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00615


Threads with more than 4 posts:

Suggestions of David Nusinow, over 60 posts this week to 27 Aug, 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00617

NEW ocaml licence proposal by upstream, will be part of the 3.08.1 
release going into sarge, around 60 posts this week to 26 Aug, 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00620

GPL "or any greater version", over 50 posts from 26 Aug to 30 Aug, 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00753

Does the "GPL version choice" impact GPL-compatibility?, around 10 
posts from 25 Aug to 27 Aug, 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00719

CeCILL again..., over 5 posts this week to 24 Aug, 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00616

MontyLingua license, around 5 posts from 23 Aug to 23 Aug, 
http://lists.debian.org/debian-legal/2004/08/mail2.html#00622


Bits author picks:

Microsoft Sender-ID: "This isn't a license, it's a bloody contract 
[...] And it's a bloody PDF", 
http://lists.debian.org/debian-legal/2004/08/msg00635.html

A very short summary of what's needed to get into non-free, 
http://lists.debian.org/debian-legal/2004/08/msg00829.html

Anyone seen Andrew Saunders this week?


-- 
MJR/slefMy Opinion Only and not of any group I know
http://www.ttllp.co.uk/ for creative copyleft computing
Please email about: BT alternative for line rental+DSL;
Education on SMEs+EU FP6; office filing that works fast

RFC3156 defines security multipart formats for MIME with OpenPGP.

pgpKxMAEpf2Ne.pgp
Description: PGP signature

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Andrew Suffield 
On Sat, Sep 04, 2004 at 01:55:33PM -0700, Joseph Lorenzo Hall wrote:
> Greetings Debian-legal, (I've just started subscribing to this list.)
> 
> On Sat, 4 Sep 2004 13:42:21 -0700, Steve Langasek <[EMAIL PROTECTED]> wrote:
> > On Sat, Sep 04, 2004 at 04:56:00PM +0200, Claus Färber wrote:
> > > If we follow this interpretation, this means that you can't distribute
> > > an closed source OS with GPL tools. IMO, this was not the intention of
> > > the GPL authors.
> > 
> > Of course it was.  The GPL is about advancing the cause of a wholly free
> > operating system; giving free operating systems a competitive advantage
> > over non-free operating systems that happen to provide free tools is
> > precisely in line with the goals of the framers.
> > 
> > And while you're free to doubt that this was the intent, this is
> > nevertheless what the letter of the license encodes.
> 
> Caveat, mere aggregation:
> 
> http://www.gnu.org/licenses/gpl-faq.html#MereAggregation
> 
> What is the  difference between "mere aggregation" and "combining two
> modules into  one program"?

Sneakily not well-defined, thereby defeating all attempts at word
games.

> Mere aggregation of two programs means putting them side by side on
> the same CD-ROM or hard disk. We use this term in the case where they
> are separate programs, not parts of a single program. In this case, if
> one of the programs is covered by the GPL, it has no effect on the
> other program.

When one of them depends on the other, it is difficult to call it
"mere aggregation".

I find a decent smoke test for aggregation to be:

Can I take these two packages on the same CD and split them apart
again, such that they are no longer aggregated, and still use them?

For example, you can't (or at least couldn't, disregarding modern
binary emulation tricks) realistically use a program linked against
solaris libc without solaris libc.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'  |
   `- -><-  |


signature.asc
Description: Digital signature

Re: cdrecord: weird GPL interpretation

2004-09-04 Thread Francesco Poli 
On Fri, 3 Sep 2004 09:40:49 + (UTC) Andreas Metzler wrote:

[...]
> Hello,
> This was about the recent change of license in a36 that was widely
> covered in the news, e.g. lwn or heise.de
> http://weblogs.mozillazine.org/gerv/archives/006193.html
> 
> We (cdrools Debian maintainers) were in indeed private contact with
> Joerg about this and successfully managed to resolve this, a38 undid
> the newly introduced non-freeness issue, the code in question
> (linuxcheck()) is not encumbered by a specific license anymore, it may
> be removed like anything else.
> 
> This is resolved and completely orthogonal to this thread, so please
> ignore it.

So, IIUC, debian bug #265546
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265546) is related to
linuxcheck() only.

I instead thought that it was related to the whole bunch of weird
restrictions that go well beyond the GPL license, and that it was filed
when the non-freeness was even worse and then marked resolved when one
of the issues went away.
So, since I noticed that many issues were still there, I wondered if the
bug should be reopened.

I apologize for the misunderstanding.


Well, if I *now* understand the situation correctly, we have version
2.01a38 with *another* set of non-freeness and non-distributability
issues to deal with...
So probably a different bug should be filed, at least if sid already
includes version 2.01a38...


-- 
 |  GnuPG Key ID = DD6DFCF4 |  $ fortune
  Francesco  |Key fingerprint = |  Q: What is purple
 Poli| C979 F34B 27CE 5CD8 DC12 | and commutes?
 | 31B5 78F4 279B DD6D FCF4 |  A: A boolean grape.


pgpCNLDB19B2G.pgp
Description: PGP signature

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Joseph Lorenzo Hall 
Greetings Debian-legal, (I've just started subscribing to this list.)

On Sat, 4 Sep 2004 13:42:21 -0700, Steve Langasek <[EMAIL PROTECTED]> wrote:
> On Sat, Sep 04, 2004 at 04:56:00PM +0200, Claus Färber wrote:
> > If we follow this interpretation, this means that you can't distribute
> > an closed source OS with GPL tools. IMO, this was not the intention of
> > the GPL authors.
> 
> Of course it was.  The GPL is about advancing the cause of a wholly free
> operating system; giving free operating systems a competitive advantage
> over non-free operating systems that happen to provide free tools is
> precisely in line with the goals of the framers.
> 
> And while you're free to doubt that this was the intent, this is
> nevertheless what the letter of the license encodes.

Caveat, mere aggregation:

http://www.gnu.org/licenses/gpl-faq.html#MereAggregation

What is the  difference between "mere aggregation" and "combining two
modules into  one program"?

Mere aggregation of two programs means putting them side by side on
the same CD-ROM or hard disk. We use this term in the case where they
are separate programs, not parts of a single program. In this case, if
one of the programs is covered by the GPL, it has no effect on the
other program.

[...]

-- 
Joseph Lorenzo Hall
UC Berkeley, SIMS PhD Student
http://pobox.com/~joehall/
blog: http://pobox.com/~joehall/nqb2/

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Steve Langasek 
On Sat, Sep 04, 2004 at 04:56:00PM +0200, Claus Färber wrote:
> Brian Thomas Sniffen <[EMAIL PROTECTED]> schrieb/wrote:
> > What's in a normal Debian install doesn't matter, because it all gets
> > distributed together on mirrors and in cd-packs.  There's a very
> > specific phrase used to keep MS and Sun from shipping Emacs with their
> > proprietary libc: "unless that component itself accompanies the
> > executable."

> If we follow this interpretation, this means that you can't distribute  
> an closed source OS with GPL tools. IMO, this was not the intention of  
> the GPL authors.

Of course it was.  The GPL is about advancing the cause of a wholly free
operating system; giving free operating systems a competitive advantage
over non-free operating systems that happen to provide free tools is
precisely in line with the goals of the framers.

And while you're free to doubt that this was the intent, this is
nevertheless what the letter of the license encodes.

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Glenn Maynard 
On Sat, Sep 04, 2004 at 04:42:00PM +0200, Claus Färber wrote:
> curl-ssl might even be GPL-free if distributed with GnuTLS' OpenSSL- 
> emulation.
> IMO, this is a clear sign that an OpenSSL-compatible library should be  
> considered part of the operating system.

Huh?  Whether such a library is "normally distributed with the major
components of the operating system" isn't related to the existance of
emulation libraries.

That doesn't matter, though.  Debian is never eligible to use the "operating
system" exception, due to "unless that component itself accompanies the
executable".

-- 
Glenn Maynard

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Brian Thomas Sniffen 
[EMAIL PROTECTED] (Claus Färber) writes:

> Brian Thomas Sniffen <[EMAIL PROTECTED]> schrieb/wrote:
>> What's in a normal Debian install doesn't matter, because it all gets
>> distributed together on mirrors and in cd-packs.  There's a very
>> specific phrase used to keep MS and Sun from shipping Emacs with their
>> proprietary libc: "unless that component itself accompanies the
>> executable."
>
> If we follow this interpretation, this means that you can't distribute  
> an closed source OS with GPL tools. IMO, this was not the intention of  
> the GPL authors. If you have to distribute the component with the GPL  
> software, this is a sign that it's not universally available on the  
> operating system. However, if you are distributing an OS...

That was *exactly* the intent of the GPL authors: to prevent Sun from
distributing the GNU tools with Solaris.  They do distribute them
separately. 

> Well, we should not think: "openssl accompanies $tool-ssl" but:
> "$tool-ssl accompanies Debian which also includes openssl (or a  
> compatible SSL library)".

Silly syntax games don't help anything: the author put it under the
GPL because he *didn't* want it shipped with software with
restrictions like OpenSSL's.  So we should follow his wishes and not
distribute it that way.  If he wants it distributable with OpenSSL,
he'll grant a license exception.

-Brian

-- 
Brian Sniffen   [EMAIL PROTECTED]

Re: status of license for pyMPI

2004-09-04 Thread Faheem Mitha 
On Fri, 3 Sep 2004 20:26:51 + (UTC), Faheem Mitha
<[EMAIL PROTECTED]> wrote:

> Hi,
>
> The pyMPI (http://sourceforge.net/projects/pympi/) license says the
> following. I think this is non-free under the DFSG, but I would like a
> confirmation. I think that the non-commercial clause by itself
> violates point 6, "No Discrimination Against Fields of Endeavor",
> right? But the wording seems a little ambiguous. It does not actually
> *restrict* use, just requires notification, so I'm not sure.

Thanks for the assessment from Anthony DeRobertis and Brian
Sniffen. The concensus is that it is non-free, as I suspected.

Faheem.

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Claus Färber 
Brian Thomas Sniffen <[EMAIL PROTECTED]> schrieb/wrote:
> What's in a normal Debian install doesn't matter, because it all gets
> distributed together on mirrors and in cd-packs.  There's a very
> specific phrase used to keep MS and Sun from shipping Emacs with their
> proprietary libc: "unless that component itself accompanies the
> executable."

If we follow this interpretation, this means that you can't distribute  
an closed source OS with GPL tools. IMO, this was not the intention of  
the GPL authors. If you have to distribute the component with the GPL  
software, this is a sign that it's not universally available on the  
operating system. However, if you are distributing an OS...

Well, we should not think: "openssl accompanies $tool-ssl" but:
"$tool-ssl accompanies Debian which also includes openssl (or a  
compatible SSL library)".

Claus
-- 
http://www.faerber.muc.de

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Claus Färber 
Anthony DeRobertis <[EMAIL PROTECTED]> schrieb/wrote:
> So, if we were to compile it against a curl-nossl, that'd be fine. But
> if we then distribute with curl-ssl, that suddenly changes things?

curl-ssl might even be GPL-free if distributed with GnuTLS' OpenSSL- 
emulation.
IMO, this is a clear sign that an OpenSSL-compatible library should be  
considered part of the operating system.

Claus
-- 
http://www.faerber.muc.de

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Florian Weimer 
* Andrew Suffield:

>> Probably distribution.  If you distribute just the OpenSSL of curl
>> version, it's rather clear that you intent that all applications
>> linking against curl also link against OpenSSL.
>
> And if you distribute both?

If the OpenSSL version is not marked as the default one (directly or
indirectly), I don't think there's a problem.

Re: GPL-licensed packages with depend-chain to OpenSSL

2004-09-04 Thread Florian Weimer 
* Anthony DeRobertis:

>> Probably distribution.  If you distribute just the OpenSSL of curl
>> version, it's rather clear that you intent that all applications
>> linking against curl also link against OpenSSL.
>
> So, if we were to compile it against a curl-nossl, that'd be fine. But 
> if we then distribute with curl-ssl, that suddenly changes things?

If curl-ssl is a replacement for curl-nossl that is not installed by
default, I don't see a problem.

> That sounds quite like "plac[ing] restrictions on other software that 
> is distributed along with the licensed software."

If curl-ssl is linked to GPLed programs by default, it's not mere
aggregation.

*未承諾&承諾(本人登録 )広告■3億円、5億円等の 収入者続出・証拠で出来る ■年金は8千万円貯金で不要 ■景気回復開始の時こそチ ャンス                                     

2004-09-04 Thread 経済文庫メルマガ担当 
[EMAIL PROTECTED](B
 
$B!!7P:QJ88K%a%k%^%,C4Ev!'LpBt(B
$B!!l9g$O$=$N;]$r!!(Bhttp://gogoway.orgdns.org/melmaga/teishi.html$B$^$G(B
$B%a!<%k%^%,%8%s9-9p?=$79~$_$O!"$=$N;]$r!!(Bhttp://gogoway.orgdns.org/doc/honmousikomi.htm$B!!$^$G(B
$B!!%a!<%k%^%,%8%s9XFI$N?=$79~$N>l9g$O!"$=$N;]$r!!(Bhttp://gogoway.orgdns.org/melmaga/$B!!$^$G(B
$B(B
$B!!([EMAIL PROTECTED]|1_$G4jK>[EMAIL 
PROTECTED](B$B!!J}K!$O$"$j$^$9!*!!([EMAIL 
PROTECTED]|1_0J2e$NCK=w$J$i=PMh$k![(B
$B!!(B
$B!!:#$NG:$_$O!&!&!&[EMAIL 
PROTECTED]|1_$G2r7h=PMh$k!*L\E*$K$b;[EMAIL PROTECTED]>e=PMh$k(B
$B!!>-Mh$NIT0B$O!&!&!&[EMAIL 
PROTECTED]|1_Cy6b$G0B?4=PMh$k!*0B?48~>e$N:`NA$O;q6b$G=PMh$k!*(B
$B!!=PMh$k$NJ}K!$OM-$j$^$9!#(B

$B"!(,!N#P#R!O(,(,7J5$$O5^2sI|3+;O$7$^$7$?(,"#(B $B#22/1_!"(B 
$B#32/1_!"(B $B#52/[EMAIL PROTECTED]|1_<}F~Z5rM-<}F~%S%8%M%9!U7P1DeCK=w?=$79~$_=PMh$^$9!#(B
$B!!I{6H!&7s6H!&EZF|7P1D2K3hMQ7P1D$NJ}!9$KBg9%I>!*(B
$B(B
$B#3#8G/$N<[EMAIL 
PROTECTED]<}F~$O6d9T?6$j9~$_$G$9!#HkL)$K7P1D=PMh$^$9!#:[EMAIL 
PROTECTED]|1_L\E*$K=PMh$^$9!#(B
$B3+6H$N%[!<%`%Z!<%8$OMQ0U$7$F$"[EMAIL 
PROTECTED]&%s%m!<%I$7$F#H#P:[EMAIL PROTECTED]/Aa$/3+6H$G$-$k!#(B

$B!!!z(B--$B!~([EMAIL 
PROTECTED]|1_Cy6b!&! /1_$N;v6H;q6b!&!&[EMAIL 
PROTECTED]|1_!&!&!z(B--$B!~(B--$B!z(B--$B"!(B

$B(B
$B!!>\$7$/$O(B 
http://gogoway.orgdns.org$B!!(B  

$B2?;[EMAIL 
PROTECTED]>Z5r!&1=$h$j>Z5r!&>u67>Z5r$h$jJ*E*>Z5r!&:[H=41$HF1$8J*E*>Z5r$N$_$G;v[EMAIL PROTECTED](B! $BM%$7$5$,(B 
$B$$!A$C$Q$$(B 
o(^$B"&(B^)o$B=i$a$F$NI{<}F~$OMb7n$K$b$i$($?$o(B(*^-$B!,(B)v

$B!z(B:*:$B!y(Bhttp://www.powz.ne.nu
$B!y(B:*:$B!z(B
*-$B#P#R(B*

   
$B#87n%W%l%*!<%W%sFCJL1o8NJg=8$N30;q7O%M%C%H%o!<%/4k6H$N0lHL8xJgOH(B

$B!!(B$B!!(B   
http://askmebiz.net/click/2/ad5.cgi
$B!z!y(B 
$B!2#P#R!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!y!z!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!2!y!z(B
$B!!(B
   $B1?L?$rJQ$($k%o%s%/%j%C%/[EMAIL PROTECTED];D$j$o$:$+(B

*---*
$B!z(Bo(^$B"`(B^o)  $BKhF|$,%a%C%A%c3Z$7$$$s$G$9$%$%!http://www.geocities.jp/chip0211/
 
   $B$"$C$?$s$G$9!A!*!!(B 
$BC/$K$G$b=PMh$k!Z:_Bp![$N;E;v$,$!$!!*(B

*---$B#P#R(B--*

  $B"#"#(B  $B%9%?!<%H$O!"7n$K!V#5K|[EMAIL PROTECTED]"#"#(B

$B(B
$B$^$5$+!"G/<}!!$_$?$$$J!!!c7n<}!d!!$K$J$k$J$s$F!*(B
$B!!(B
   $B"""#""!!(B  $Bhttp://www.pre-get.or.tv/riepon/$B"""#""(B
 *---*
 $B$($S$MMv$N8rG[(B
 http://www2.megax.ne.jp/ebine/   $B8rG[$G?72V$N:n=P(B  $BL4$N?'[EMAIL 
PROTECTED]'$rDI$$5a$a$F6=L#$N$"$kJ}$4K,Ld$/[EMAIL PROTECTED](B
  $BHNGd$bCW$7$F$*$j$^$9(B
*--$B#P#R(B---*

 http://www.geocities.jp/jabez_japan/
$B9bB.;[EMAIL 
PROTECTED]"9bB.;fJ>7W;;5!!"9bB.%3%$%s%+%&%s%?!l!W!"!VBgGW:V!W$,$"$J$?$N7HBS$GM7$Y$^$9!*(B
$B!!!J(BBREW$B!"(BVodafone$BBP1~!K(B 
$B#1%"%W%j!o#1#5#7!A$G$9$N$G!"$*;E;v$N9g4V$N$A$g$C$H$7$?B)H4$-$K(B
$B!!$*5$7Z$K@'Hs$4MxMQ2<$5$$"v(B   
http://www.metro-japan.com/mobile/index.html

 
$B!z(B--$B!~(B-$B!N(BPR]-$B!z(B--$B"!(B--$B!z(B--$B!~(B--$B!z!z(B-$B!Z2H;v$r$7$J$,$i:_Bp%S%8%M%9![(B-$B!~(B--$B!z(B--$B"!(B--$B!z=i$a$F$NI{<}F~$OMb7n(B--$B!~(B-$B!z(B

 $B!!!Z2H;v$r$7$J$,$i:_Bp%S%8%M%9![(B
$B!!(B $B9%$-$J;~4V$K%5%$%I%S%8%M%9(B! $B$7$+$b!V40A4:_Bp!W"[EMAIL 
PROTECTED][EMAIL PROTECTED](B! $BM%$7$5$,(B $B$$!A$C$Q$$(B o
   
$B!!!z(B:*:$B!y(Bhttp://www.powz.ne.nu
$B!y(B:*:$B!z(B
 
$B!!!z(B:*:$B!y(B$B!y(B:*:$B!z!z(B:*:$B!y(B
$B!y(B:*:$B!z!z(B:*:$B!y(B$B!y(B:*:$B!z!z(B:*:$B!y(B
$B!y(B:*:$B!z!z(B:*:$B!y(B$B!y(B:*:$B!z!z(B:*:$B!y(B
*:$B!z(B


 
$B!}!!K\F|$bEj9F!*$"$j$,$H$&$4$6$$$^$7$?"v!}%a%k%^%,H/9TpJspJs$K4X$7$FH/9T<[EMAIL 
PROTECTED]@UG$$rIi$$$^$;$s!#(B
[EMAIL PROTECTED]@UG$$rIi$$$+$M$^$9$N$G$4