packaging reverse engineered code when an EULA forbids this
hi, I was asked by ftp-masters to clarify the status of some files in the scipy package [0] The files are are simple serialized numeric arrays created by the proprietary program IDL. They are used as testcases for a reverse engineered implementation the de/serialization in the python scipy package. The data in the files are just a couple random numbers in a certain format and should not fall under any copyright. The issue seems to be that reverse engineering is not allowed by IDL's EULA as the files contain following header: IDL Save/Restore files embody unpublished proprietary information about the IDL program. Reverse engineering of this file is therefore forbidden under the terms of the IDL End User License Agreement (IDL EULA). All IDL users are required to read and agree to the terms of the IDL EULA at the time that they install IDL. Software that reads or writes files in the IDL Save/Restore format must have a license from ITT Visual Information Solutions explicitly granting the right to do so. In this case, the license will be included with the software for your inspection. Please report software that does not have such a license to ITT Visual Information Solutions (i...@ittvis.com). The io code itself is DFSG free. Is there any issue in packaging and distributing this code and these simple testcase? A user may not be able to use the code legally, but on the other hand he/she probably also never accepted IDL's EULA as IDL is not being used. To me this notice hardly has any legal relevance at all and should not be an issue for packaging. I have inquired upstream about this and according to a comment in the source it was apparently written with permission of ITT Visual Information Solutions, but the exact correspondence has not turned up yet. Cheers, Julian Taylor [0] http://lists.alioth.debian.org/pipermail/python-modules-team/2014-June/019931.html signature.asc Description: OpenPGP digital signature
Re: packaging reverse engineered code when an EULA forbids this
Hi Julian, On Tue, Jun 03, 2014 at 11:21:08PM +0200, Julian Taylor wrote: hi, I was asked by ftp-masters to clarify the status of some files in the scipy package [0] The files are are simple serialized numeric arrays created by the proprietary program IDL. They are used as testcases for a reverse engineered implementation the de/serialization in the python scipy package. The data in the files are just a couple random numbers in a certain format and should not fall under any copyright. The issue seems to be that reverse engineering is not allowed by IDL's EULA as the files contain following header: IDL Save/Restore files embody unpublished proprietary information about the IDL program. Reverse engineering of this file is therefore forbidden under the terms of the IDL End User License Agreement (IDL EULA). All IDL users are required to read and agree to the terms of the IDL EULA at the time that they install IDL. Software that reads or writes files in the IDL Save/Restore format must have a license from ITT Visual Information Solutions explicitly granting the right to do so. In this case, the license will be included with the software for your inspection. Please report software that does not have such a license to ITT Visual Information Solutions (i...@ittvis.com). The io code itself is DFSG free. Is there any issue in packaging and distributing this code and these simple testcase? A user may not be able to use the code legally, but on the other hand he/she probably also never accepted IDL's EULA as IDL is not being used. To me this notice hardly has any legal relevance at all and should not be an issue for packaging. I have inquired upstream about this and according to a comment in the source it was apparently written with permission of ITT Visual Information Solutions, but the exact correspondence has not turned up yet. A couple points here: - In many jurisdictions (definitely in the US, and IIRC in the EU), prohibitions on reverse engineering are null and void. - In the event that such a prohibition on reverse engineering does have legal force, the author would be in violation of the EULA; but this does not imply that, once created, there is any liability on the part of the distributor or the user. We should not a priori block software from inclusion in Debian just because it has been reverse-engineered in apparent contravention of an EULA. It's for the courts to determine if such a work infringes copyright of the original. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Re: packaging reverse engineered code when an EULA forbids this
Julian Taylor jtaylor.deb...@googlemail.com writes: The issue seems to be that reverse engineering is not allowed by IDL's EULA as the files contain following header: IDL Save/Restore files embody unpublished proprietary information about the IDL program. Reverse engineering of this file is therefore forbidden under the terms of the IDL End User License Agreement (IDL EULA). All IDL users are required to read and agree to the terms of the IDL EULA at the time that they install IDL. If the author didn't install IDL, he is not bound to the EULA and therefore free to reverse-engineer. I think that the header makes this quite clear. Best regards Ole -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tv59r8s@news.ole.ath.cx
