Re: Please pass judgement on X-Oz licence: free or nay?
On Wed, Aug 04, 2004 at 03:15:26PM -0500, Joe Wreschnig wrote: The summary I linked to was about reworked X-Oz license, which is clearly GPL-incompatible and probably non-free. However, clause 4 criticized in the summary is identical to a clause in the license that started this thread, and all the other X licenses, and very similar to the 3-clause BSD license. I feel that I should admit that I was wrong about clause 4, and obviously was very sleep deprived at all times that I wrote about it. *sigh* We should probably rewrite the summary, so that people know that only clause 3 is problematic. Simon
Re: Please pass judgement on X-Oz licence: free or nay?
On Tue, Aug 03, 2004 at 05:15:16PM +0100, Matthew Garrett wrote: Joe Wreschnig [EMAIL PROTECTED] wrote: On Tue, 2004-08-03 at 09:31, Anthony DeRobertis wrote: On Mon, Aug 02, 2004 at 09:03:33PM +, Jim Marhaus wrote: Debian Legal summary of the X-Oz License http://lists.debian.org/debian-legal/2004/02/msg00229.html Clause 4 of the license posted at the start of this thread is, with the execption of whos names it protects, word-for-word identical. Am I missing something? Yes. Clause 3 is the GPL-incompatible non-free one. Clause 4 is standard boilerplate, found in many licenses (it's also superfluous, being written into copyright by default in US law). The summary claims that clause 4 makes the license non-free. Since clause 4 is identical to what's contained in the X11 license, it makes it difficult to take the summary terribly seriously. Read more carefully. Clause 4 of the X-Oz license is a condition on rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software. This is not the same wording as the X11 license at all. Simon
Re: Please pass judgement on X-Oz licence: free or nay?
On Tue, Aug 03, 2004 at 02:01:03AM +1000, Daniel Stone wrote: As we're coming up to a release and thus need to close this issue quickly, could -legal please comment on this issue for completeness? I would really like comments from the peanut gallery, the cheap seats, the people who aren't lawyers, the people who are lawyers, whoever. I'm not sure that this is the _same_ X-Oz license that we've discussed before [0] on -legal. The terminology here is probably confusing. [3]: /* * Copyright 2003 by David H. Dawes. * Copyright 2003 by X-Oz Technologies. * All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the Software), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR * OTHER DEALINGS IN THE SOFTWARE. * * Except as contained in this notice, the name of the copyright holder(s) * and author(s) shall not be used in advertising or otherwise to promote * the sale, use or other dealings in this Software without prior written * authorization from the copyright holder(s) and author(s). * * Author: David Dawes [EMAIL PROTECTED]. */ The above appears to be the standard X.org license, with merely X-Oz and David Dawes as the copyright holders. I don't think -legal has a problem with this license at all. Thanks, Simon [0] http://lists.debian.org/debian-legal/2004/02/msg00229.html
Re: I'm a funny guy...
On Sat, May 29, 2004 at 02:50:46PM -0500, Ean Schuessler wrote: This is an evil move, but you must appreciate the ironic nature of the prank: http://en.wikipedia.org/wiki/GNU_Free_Documentation_License ps. Better hurry, I'm not sure how long the About Ean Schuessler section will last. So, now that they've reverted it, are you going to get into a WikiWar? Simon
Re: Summary: Is Open Publication License v1.0 compatible?, was Re: GPL+ for docs
On Wed, Mar 10, 2004 at 01:56:11PM +0100, Frank Lichtenheld wrote: - The person who makes any modifications must be identified, which violates the dissident test. Hmm, a question about this: Wouldn't make this the GPL DFSG-nonfree? It states You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. Or does this not imply that I have to give my name, too? Have I only to state the fact _that_ I changed the files? You don't have to identify yourself. You must only note that you've changed the files, and the date of the change. This is typically done by including a ChangeLog with the software, by which you do not have to use your real name. SImon
Re: Ada Community License - DFSG
On Tue, Mar 09, 2004 at 08:59:52AM -0500, Nathanael Nerode wrote: Mahesh T. Pai wrote: d) Make other distribution arrangements with the Copyright Holder. Not useful for Debian unless we do so. ;-) You and I both know that Debian cannot make local distribution arrangements with the Copyright Holder in order to free the work. Everyone needs to have the right to use the work as free software. Simon
Re: Debian Legal summary of the X-Oz License
On Wed, Mar 03, 2004 at 05:34:41AM -0700, Joe Moore wrote: Branden Robinson wrote: As I said in my mail to [EMAIL PROTECTED]: 4. Except as contained in this notice, the name of X-Oz Technologies shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from X-Oz Technologies. The cynic in me really wants to ask: Is this message in violation of the copyright license? I mean, Branden is clearly having some dealing with [this] Software, and he has invoked the name of x-oz (in the email address). Branden, did you have prior written authorization? It doesn't matter. Branden isn't copying, modifying, distributing or publically performing any Work covered under this license. Simon
Re: Summary: Is Open Publication License v1.0 compatible?, was Re: GPL+ for docs
On Wed, Mar 03, 2004 at 10:00:44AM -0500, Jeremy Hankins wrote: Simon Law [EMAIL PROTECTED] writes: On Tue, Mar 02, 2004 at 03:08:29PM -0500, Jeremy Hankins wrote: Here's a summary, since it doesn't seem like anyone has anything more to say on the subject: Hmm... I hate to seem authoritarian, but I'd like to see a little more formality in d-l summaries. I think we should take it on a case-by-case basis. For many cases, I'm afraid, this would simply end up taking up most of our time following the forms of producing summaries. My judgement was that there is no real controversy on this issue, so I went ahead and posted a simple summary. Hmmm I think I'll set up a webpage containing our license summaries over the weekend. Simon
Re: license for Federal Information Processing Standards
On Tue, Mar 02, 2004 at 01:15:32PM -0500, Elizabeth Lennon wrote: The latest version is FIPS 180-2, and is available for download free of charge at http://csrc.nist.gov/publications/fips/index.html. All FIPS are free of charge. Liz I suppose we don't have to summarize this, then? The archives should contain the relavant information, I hope. Well, just in case. Elizabeth Lennon, an employee of the United States National Institute of Standards and Technology acknowledged that the Federal Information Processing Standards are in the public domain. Simon
Re: Summary: Is Open Publication License v1.0 compatible?, was Re: GPL+ for docs
On Tue, Mar 02, 2004 at 03:08:29PM -0500, Jeremy Hankins wrote: Here's a summary, since it doesn't seem like anyone has anything more to say on the subject: Hmm... I hate to seem authoritarian, but I'd like to see a little more formality in d-l summaries. What would be nice is a draft to go out a couple of days before the actual summary is published. This allows people who are busy to get their last words in. As well, it would be nice to quote the entire license and our exact concerns in the summary. This way, people looking through our archives in the future won't have to do more research tracking down lost texts. Does anyone think this is unreasonable? Simon
Open Publication License v1.0 is not DFSG-free. WWW pages need relicensing?
On Tue, Mar 02, 2004 at 03:08:29PM -0500, Jeremy Hankins wrote: --- Debian-legal summary --- The OPL (Open Publication License) is not DFSG free: Oh yeah. We now have a small problem: http://www.debian.org/license Our webpages are have been judged as non-free by Debian Legal. I am willing to write up a summary to present to the appropriate people: [EMAIL PROTECTED] I presume. Should this be done? What should we recommend they do? Simon
Debian Legal summary of the Petris license
Debian Legal summary of the Petris license The original license is available at http://home1.stofanet.dk/peter-seidler/petris-0.7.tar.gz and is reproduced below. You can do whatever you want with the program, it's Public Domain. (however, it would be nice of you to credit me if you found anything of this useful). We believe that this software is DFSG-free. However, there may be jurisdictions which do not honour an author's request to divest copyright. Therefore, we recommend that the author provide the option to license under the MIT/X11 license [1], if desired. [1] http://www.x.org/Downloads_terms.html
Re: Debian Legal summary of the Petris license (Proposed)
On Fri, Feb 27, 2004 at 08:31:16AM +0100, Jens Peter Secher wrote: Simon Law [EMAIL PROTECTED] writes: You can do whatever you want with the program, it's Public Domain. (however, it would be nice of you to credit me if you found anything of this useful). We believe that this software is DFSG-free. The summaries are a good idea, but this is overdoing it, don't you think? Andree, the original requestor wrote: PS: I'm not currently subscribed to the list, so please CC me directly. Obviously, Andree wanted us to look at it and then send a response. I presume that if Andree was able to determine DFSG-freeness independently, then asking us would have been redundant. Simon
Debian Legal summary of the X-Oz License
Debian Legal summary of the X-Oz License The original license is available at http://www.x-oz.com/licenses.html and is reproduced below: --- Copyright © 2003, 2004 X-Oz Technologies. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: This product includes software developed by X-Oz Technologies (http://www.x-oz.com/). Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. 4. Except as contained in this notice, the name of X-Oz Technologies shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from X-Oz Technologies. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL X-OZ TECHNOLOGIES OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --- Clause 3 is a complex statement, which appears to be derived from the obsolete four-clause BSD license. Although it appears that this clause can be satisfied by including the license text as end-user documentation, the author has refused to make this point explicit in the license. Alternatively, it has an additional option for providing this statement within the software itself, which looks like it could be used to avoid this additional requirement on the documentation. Since it is difficult to ascertain the author's intent, we are not sure whether it violates DFSG 9 by contaminating the documentation with which it is distributed. Clause 4, however, is more worrisome. When compared to the normal three-clause BSD license, we see that the X-Oz license is worded very strongly. It not only forbids promotion and endorsement, it also forbids the fair-use of the name X-Oz Technologies, e.g. in a magazine review of the Software, without prior written permission. We believe that this licence is not DFSG-free. and we want X-Oz Technologies to address the problems presented. We recommend avoiding this licence at present.
Debian Legal summary of the Petris license (Proposed)
Debian Legal summary of the Petris license Proposed The original license is available at http://home1.stofanet.dk/peter-seidler/petris-0.7.tar.gz and is reproduced below. You can do whatever you want with the program, it's Public Domain. (however, it would be nice of you to credit me if you found anything of this useful). We believe that this software is DFSG-free. However, there may be jurisdictions which do not honour an author's request to divest copyright. Therefore, we recommend that the author provide the option to license under the MIT/X11 license [1], if desired. [1] http://www.x.org/Downloads_terms.html
Debian Legal summary of the X-Oz License (Proposed)
Debian Legal summary of the X-Oz License Proposed The original license is available at http://www.x-oz.com/licenses.html and is reproduced below: --- Copyright © 2003, 2004 X-Oz Technologies. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: This product includes software developed by X-Oz Technologies (http://www.x-oz.com/). Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. 4. Except as contained in this notice, the name of X-Oz Technologies shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from X-Oz Technologies. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL X-OZ TECHNOLOGIES OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --- Clause 3 is a complex statement, which appears to be derived from the obsolete four-clause BSD license. We believe that this clause can be satisfied by including the license text as end-user documentation. However, it has an additional option for providing this statement within the software itself. However, clause 4 is more worrisome. When compared to the normal three-clause BSD license, we see that the X-Oz license is worded very strongly. It not only forbids promotion and endorsement, it also forbids the fair-use of the name X-Oz Technologies, e.g. in a magazine review of the Software, without prior written permission. We believe that this license is not DFSG-free, and discourage its use.
Re: Debian Legal summary of the X-Oz License (Proposed)
On Mon, Feb 23, 2004 at 12:46:24AM +, Henning Makholm wrote: I am not so sure anymore, after Branden has testified [:-)] that the author has explicitly refused to change it to a more conventional and unambiguous. Given that it's certainly *possible* to interpret the clause as meaning something nasty, I think we shouldn't touch it with a poker until and unless the author officially endorces a clear and clearly DFSG-free interpretation of the clause. Hmm... It does depend on what the author intends. I suppose I could change my summary to say that we think this clause is DFSG-free if the license text is considered end-user documentation. But of course, this leads to an interesting discussion. Does Debian Legal consider the four-clause BSD license to be DFSG-free? Does it violate DFSG 9? Or is it grandfathered in by DFSG 10? Note that DFSG 10 does not indicate _which_ BSD license it is talking about. Simon
Re: debian-legal review of licenses
On Wed, Feb 11, 2004 at 09:14:06PM +, Martin Michlmayr - Debian Project Leader wrote: I'd like to hear what other people from -legal think. I'm certainly not going to appoint anyone without the consent of -legal since this is just not the way it can work. But perhaps we can find a solution together. I think this is a marvellous idea. Manoj and Branden seem to do these summaries on an ad-hoc basis, but both are maintainers of large parts of Debian, and have pressing time constraints. I'm willing to take on a position to summarize our discussions, and present them to upstream. I think I can do this diplomatically, and I have some experience with this. (I was responsible for ironing out licensing blips in Nessus and tvtime.) Of course, perhaps the best thing for -legal to do is have people self-nominate themselves to this position, and then have a small vote. Simon
Re: I'll contact upstream
On Tue, Dec 23, 2003 at 08:06:28PM +0100, Florian Weimer wrote: Anthony DeRobertis wrote: On Dec 23, 2003, at 13:21, Florian Weimer wrote: Huh? Why do you think that running a document written in Texinfo through a Texinfo interpreter makes the document a derivative work of a (specific) Texinfo interpreter? Because that's not what we're doing. We're running texinfo.tex and foo.texi through the interpreter. I still can't see why this should pose a problem. Do you think that makeinfo shares the same problem? Why? As a Texinfo developer, I know that makeinfo does not have this problem for Info output. However, you must remember that Texinfo is a compiled language, not an interpreted one. I'm pretty sure various portions of texinfo.tex get copied to the output. Which ones? Are they even subject to copyright? As for DVI output, you may be able to get away with saying that you're making a derivative work. This only stems from the fact that texinfo.tex defines many macros that are essential syntax for the file you are compiling. The analogous case is #including a header file that declares and defines all its code. Simon
Re: BSD Protection License
On Wed, Oct 22, 2003 at 02:46:09PM -0500, Adam Majer wrote: Could anyone tell me if the BSD Protection License can be used for main? It can be found at: http://people.debian.org/~adamm/LICENSE 3. Modification and redistribution under closed license. You may modify your copy or copies of the Program, and distribute the resulting derivative works, provided that you meet the following conditions: a) The copyright notice and disclaimer on the Program must be reproduced and included in the source code, documentation, and/or other materials provided in a manner in which such notices are normally distributed. b) The derivative work must be clearly identified as such, in order that it may not be confused with the original work. c) The license under which the derivative work is distributed must expressly prohibit the distribution of further derivative works. Clause 3c apparently violates DFSG 3. Here, we are now allowed to distribute a derived work under the same terms as the license of the original software. This looks non-free to me. Simon
Re: zlib license
On Sun, Oct 12, 2003 at 09:47:11PM +0200, Bartosz Fenski aka fEnIo wrote: I've been thinking about packaging netPantzer (strategy game) but it depends on PhysicsFS which is absent in Debian archive (http://www.icculus.org/physfs/). So I'd like to package it too but this software has got non-popular license. I think it complains DFSG but I'd like to ensure. Could someone read it and tell me if I am right? It's very short license. It could be reached at: http://cvs.icculus.org/horde/chora/co.php/LICENSE?rt=physfsr=1.2 The zlib license is a Free Software license. I think it is fine to put it in Debian main. Simon
Re: use of official logo in app splash screens
On releases@openoffice.org recently was announced [1] that there is now the Sun logo embedded into the OOo splash screen and that vendors are encouraged to add their logos to the screen instead of the Sun things So, we want to add the Debian Logo there. http://people.debian.org/~rene/openoffice.org/splash-gimp.png is the Sun screen and an empty one. Now, we wonder if we are allowed to use the official logo (because it is a Debian-product, the Debian-Pakete of OpenOffice.org) or if we should use the open one? The official one is not acceptable for this use. The open use logo would be great to use, and certain packages already do, except it has a non-free license! Please see the following threads: http://lists.debian.org/debian-legal/2003/debian-legal-200309/msg00840.html http://lists.debian.org/debian-legal/2003/debian-legal-200309/msg00877.html http://lists.debian.org/debian-legal/2002/debian-legal-200209/msg00192.html Simon
Re: License requirements for DSP binaries?
On Mon, Sep 22, 2003 at 11:56:27AM +0200, Josselin Mouette wrote: If the binaries were entirely written using assembly code, the binary here equates the source. You really mean machine code here, right? Because I would appreciate the .s source files if someone wrote it in assembler. Simon
Re: Does the Official Debian Logo fail the DFSG test?
On Fri, Sep 19, 2003 at 09:46:22PM -0500, Steve Langasek wrote: On Fri, Sep 19, 2003 at 08:53:47PM -0400, Nathanael Nerode wrote: Josselin Mouette wrote: True, but the swirl logo fails the DFSG as well, as you can only use it to refer to the project, and it doesn't allow explicitly other uses. Quite correct. It should be relicensed, under a permissive copyright licence, with a note saying: * This copyright license does not grant a trademark license. If it is applied to a trademark, you should be sure that you are not violating trademark rights. It should be trademarked by SPI as a trademark representing the Debian Project. I believe this would solve all problems. Yet this is a solution looking for a problem. I can't think of any good reason why Debian would *want* to distribute the official logo as part of the distro itself, if we also want it to be redistributed by third parties who we don't want to use said logo. So why does it matter whether the logo is available under a free license? I believe that Nathanael is refering to the Open Use Logo, which does ship with the distribution. Simon
Re: SURVEY: Is the GNU FDL a DFSG-free license?
On Thu, Aug 21, 2003 at 12:09:54AM -0500, Branden Robinson wrote: === CUT HERE === Part 1. DFSG-freeness of the GNU Free Documentation License 1.2 Please mark with an X the item that most closely approximates your opinion. Mark only one. [ X ] The GNU Free Documentation License, version 1.2, as published by the Free Software Foundation, is not a license compatible with the Debian Free Software Guidelines. Works under this license would require significant additional permission statements from the copyright holder(s) for a work under this license to be considered Free Software and thus eligible for inclusion in the Debian OS. [ ] The GNU Free Documentation License, version 1.2, as published by the Free Software Foundation, is a license compatible with the Debian Free Software Guidelines. In general, works under this license would require no additional permission statements from the copyright holder(s) for a work under this license to be considered Free Software and thus eligible for inclusion in the Debian OS. [ ] The GNU Free Documentation License, version 1.2, as published by the Free Software Foundation, can be a license compatible with the Debian Free Software Guidelines, but only if certain restrictions stated in the license are not exercised by the copyright holder with respect to a given work. Works under this license will have to be scrutinized on a case-by-case basis for us to determine whether the work can be be considered Free Software and thus eligible for inclusion in the Debian OS. [ ] None of the above statements approximates my opinion. Part 2. Status of Respondent Please mark with an X the following item only if it is true. [ X ] I am a Debian Developer as described in the Debian Constitution as of the date on this survey. === CUT HERE === pgpXptwAFiK1n.pgp Description: PGP signature
Re: Jabber Yahoo transport license
On Fri, Jul 04, 2003 at 12:38:39AM +0200, Henning Makholm wrote: This is a DSFG-free, GPL-compatible, vaguely BSD-like license. No problem there. ... until and unless we learn that the author applies the obnoxious UW interpretation of alter it and redistribute it. Our default interpretation is that this does give permission to distribute changed versions. (Or does anyone want to object that REdistribute only makes sense speaking of the original version?) I highly doubt it. The copyright was owned by Alladin, the people who gave us Ghostscript. Simon
Re: Legal questions about some GNU Emacs files
On Mon, Apr 28, 2003 at 05:09:05PM -0700, Alex Romosan wrote: Mark Rafn [EMAIL PROTECTED] writes: Sure, but for some of us, _software_ is a very broad category. For me, it includes all works which can be encoded as a stream of bits. wow, what can i say?! everything is software!? an infinite number of monkeys, at an infinite number of keyboards will eventually define all that is software... the only problem is some bit streams are more meaningful than others. i wouldn't want to live in your world. Let me go out on a philosophical limb here and go from some more stable premises. Axiom: All Debian Developers agree with the Debian Social Contract. Fact 1; Debian's social contract states in section 1. 1. Debian Will Remain 100% Free Software We promise to keep the Debian GNU/Linux Distribution entirely free software. As there are many definitions of free software, we include the guidelines we use to determine if software is free below. [...] Consider case 1: Documentation is not software. 1A. Documentation is part of the Debian GNU/Linux Distribution. 1B. If the Debian GNU/Linux Distribution contains non-software, it cannot be comprised entirely of free software. Therefore: 1C. Debian must purge non-software from the Distribution. Consider case 2: Documentation is equivalent to software. 2A. Documentation cum software is part of the Debian GNU/Linux Distribution. 2B. Debian GNU/Linux has a set of guidelines for free software. 2C. Debian GNU/Linux must not contain non-free software, as we can see from 1C. Therefore: 2D. Debian GNU/Linux must not contain non-free documentation cum software. Feel free to propose that we rip out all documentation from the distribution and place it in contrib or non-free, as appropriate. Simon
Re: Proposed statement wrt GNU FDL
On Thu, Apr 24, 2003 at 08:27:19AM -0500, John Goerzen wrote: On Thu, Apr 24, 2003 at 05:47:35PM +1000, Anthony Towns wrote: In particular: for emacs21, ``with the Invariant Sections being The GNU Manifesto, Distribution and GNU GENERAL PUBLIC LICENSE'', and for gdb ``with the Invariant Sections being A Sample GDB Session and Free Software'' and ``with the Invariant Sections being Stabs Types and Stabs Sections'' While in general I must say that I agree with Branden on this issue, I'm not yet completely convinced, and one reason was brought home to me by the above: I large majority of our software ships with the file COPYING, which states changing it is not allowed. Combined with the requirement in section 1 that the GPL be given to any recipients of the program, this strikes me as similar to the invariant section. It leaves me wondering if we are being a bit hyopcritical about it. At the same time, I see no value in making cover sections, etc. of manuals invariant. Any thoughts on that? It seems that we have an implicit exception that legal statements about a work about allowed to be non-free. That seems to be quite reasonable since tampering with copyright statements is not allowed in many countries, and also since many licenses are also non-free. I don't mind works where it is manditory to reproduce: Copyright (C) 2003 J. R. Hacker. This manual is free documentation; yada yada yada. You should have received a copy of the license along with this manual; if not, write to Fubar, Inc. 123 Sesame St, New York, NY 10023, USA. There is ample precedent for putting these little notices on all sorts of things, typically in fine print. Look, I even have a serviette on my desk that says (C) 2003 DOCTOR'S ASSOCIATES INC. All rights reserved. Simon
Re: Debian Free Software License?
On Thu, Apr 17, 2003 at 02:47:20PM +0200, Joerg Wendland wrote: Hi fellows, is there anything like a Debian Free Software License? A license that is modelled after the DFSG? For me as free software developer, that would be a nice to have. I couldn't find a discussion about something similar in the list archives. Is this worth a discussion? There are a sufficient number and scope of widely examined Free Software licenses that we do not need to add to the confusion. Regarding the latest FDL discussion, would it be feasible to create a Debian Free Documentation License? It has been suggested that we write a license that we believe is unambiguously Free. It has also been suggested that we take this slowly and try to get the GNU project to make the GNU FDL free. This has not yet been decided. Simon
Re: LPPL, take 2
On Thu, Apr 17, 2003 at 10:53:30AM -0700, Thomas Bushnell, BSG wrote: Branden Robinson [EMAIL PROTECTED] writes: c. In every file of the Derived Work you must ensure that any addresses for the reporting of errors do not refer to the Current Maintainer's addresses in any way. This is somewhat new ground for a DFSG-free license. Is it *really* that important? If so, I'd like to hear advocates of it explain why it's more free than, say, a prohibition against the creator of a Derived Work calling the Current Maintainer on the phone to ask for technical support. This is sufficiently awful as to be unacceptible. For example, suppose Debian takes the package, and modifies it. We prune all the previous bug reporting addresses, and mention only normal Debian addresses, including debian-devel. And then one of the Current Maintainers subscribes to debian-devel. It now becomes *Debian's* responsibility to deal. Eek! Simple. We kick him off the list with a we're sorry, your license prevents us from letting you subscribe. In all seriousness, though, Thomas raises a good point. But I think that Frank's recent e-mail deals with this issue already. You're suffering from lag, my friend. Simon
Re: Suggestion to maintainers of GFDL docs
On Fri, Apr 18, 2003 at 04:16:57AM +1000, Anthony Towns wrote: On Thu, Apr 17, 2003 at 02:34:36PM +, Brian M. Carlson wrote: Debian can't legally distribute such an info document. Because the GFDL is incompatible with the GPL, it is prohibited to even create an info document from GFDL'd texinfo source. See #183860. Hrm, if that's the case, we can't distribute, eg, the pcl-cvs.texi file either -- after all, it's licensed under a verbatim copying only license, but has the \input texinfo line at the top. I don't think that is the case though, for two reasons: (1) we don't actually distribute pcl-cvs anything that's made use of the TeX stuff; so we haven't made copies of texinfo.tex, and don't need to be concerned with its copyright (2) the TeX output probably comes under the exemption in section 0 of the GPL -- `...the output from the Program (texinfo.tex) is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program).' In this case, texinfo.tex is akin to a header file that a program. The program would be TeX (or a variant that implements the TeX macro language.) However, this only applies to DVI and PDF forms of this work. The info documentation is generated by makeinfo, which does not put any significant chunks of itself within the output. Simon
Re: Suggestion to maintainers of GFDL docs
On Wed, Apr 16, 2003 at 09:40:49AM -0400, Peter S Galbraith wrote: Consider this a suggestion to maintainers of packages that contain documentation that are under the GFDL, especially if it contains invariant sections. Imagine if an Emacs user visited Info and saw this: * Menu: * Distrib:: How to get the latest Emacs distribution. * Copying:: The GNU General Public License gives you permission to redistribute GNU Emacs on certain terms; it also explains that there is no warranty. * GNU Free Documentation License:: The license for this documentation. * Why you shouldn't use the GFDL:: Debian doesn't recommend using this license. And what if this new section listing reasons _not_ to use this license were made... invariant! If the FSF wants to give redistributors a soapbox, perhaps we should use it. Although incredibly clever, this is not the sort of thing that we should do. It would be very hypocritical to use a non-free mechanism to try to advance free documentation. Plus, it would make people angry; and who needs to anger more people? Simon
Re: Bug#184806: Copyright notices are lacking
On Mon, Mar 17, 2003 at 04:19:22PM +0100, Henning Makholm wrote: Scripsit Simon Law [EMAIL PROTECTED] The copyright notices on the whois sources are not sufficient. How not? There is a clear statement from the author that he considers his work to be covered by the GPL. That is all we usually require. If the author does not place appropriate notices at the start of his source files, it makes it more difficult for him to enforce his copyright. Although we as Debian accept his word that it is covered under the GNU GPL, I noticed that Marco was a Debian Developer and the author of this software. As a service to him, because I thought he would appreciate the legal auditing, I went through the sources and created a patch that would apply the appropriate copyright notices. I did this because I had free time on my hands, and because it would be simple for Marco to just apply the patch. But what really concerns me is that the debian/copyright file does not make clear that Marco is licensing at least one file as GPL version 2 only. At the very least, the debian/copyright file should be expanded upon. Simon
Re: Is epic package non-free?
On Fri, Mar 14, 2003 at 10:15:23AM -0300, Gustavo Franco wrote: Hi, [Send Cc: to me, i'm not subscribed] I was checking the epic package, because i've ITA on it now.After the check, i've some doubts about the license: Quoting debian/copyright: IRC II is copyright (c) 1990 by Michael Sandrof. You have the right to copy, compile, and maintain this software. You also have the right to make modifcations to this code for local use only. ...for local use only. ?! It doesn't appear that we have the right to redistribute the Sandrof code. Reading the source (source/irc.c): [...] * Written By Michael Sandrof * Copyright(c) 1990 * See the COPYRIGHT file, or do a HELP IRCII COPYRIGHT [...] I can't found the original copyright file in the debian source package. I'll prepare a new package, but will be it uploaded to the non-free section? I highly recommend that you file a bug requesting the removal of this package. Simon
Re: Is epic package non-free?
On Fri, Mar 14, 2003 at 01:53:53PM -0300, Gustavo Franco wrote: On Fri, 2003-03-14 at 13:31, Anthony Towns wrote: On Fri, Mar 14, 2003 at 10:15:23AM -0300, Gustavo Franco wrote: I was checking the epic package, because i've ITA on it now.After the check, i've some doubts about the license: http://lwn.net/1998/0611/ircii.html Michael Sandrof, Troy Rollo, and Matthew Green are putting the ircII code under a BSD-like license (without the advertising clause), retroactive to all versions of ircII, past and present. This action is to remove any doubt as to whether ircII is Open Source. Thank you aj. Definitely the debian/copyright file needs a update.ASAP i'll do it and upload. Can we consider this issue solved? Are you agree Simon? Yes, the issue is now settled. epic is DFSG-free. Simon P.S.Please configure your mail reader to respect Mail-Followup-To headers. I see that you have Cced me and AJ, even though we ask you not to.
Bug#184806: Copyright notices are lacking
Package: whois Version: 4.6.2 Severity: serious Tags: patch The copyright notices on the whois sources are not sufficient. Neither is the debian/copyright file. Since the maintainer is also the upstream author, I presume that he actually _does_ want to license whois under the GNU GPL. I have prepared a patch to bring the package into compliance. Simon diff -ruw whois-4.6.2.orig/Makefile whois-4.6.2/Makefile --- whois-4.6.2.orig/Makefile 2002-12-04 19:22:15.0 -0500 +++ whois-4.6.2/Makefile2003-03-14 12:59:14.0 -0500 @@ -1,3 +1,19 @@ +# Makefile - a make script to build whois +# Copyright (C) 1999--2002 Marco d'Itri +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + prefix=/usr/local OPTS=-O2 diff -ruw whois-4.6.2.orig/config.h whois-4.6.2/config.h --- whois-4.6.2.orig/config.h 2003-01-23 12:56:07.0 -0500 +++ whois-4.6.2/config.h2003-03-14 12:59:24.0 -0500 @@ -1,3 +1,20 @@ +/* config.h - macro definitions for whois + * Copyright (C) 1999--2003 Marco d'Itri + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + /* Program version */ /* not for the inetutils version */ #define VERSION 4.6.2 diff -ruw whois-4.6.2.orig/data.h whois-4.6.2/data.h --- whois-4.6.2.orig/data.h 2003-01-23 12:57:06.0 -0500 +++ whois-4.6.2/data.h 2003-03-14 12:59:29.0 -0500 @@ -1,3 +1,20 @@ +/* data.h - a list of servers, and their properties for whois + * Copyright (C) 1999--2003 Marco d'Itri + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + /* * RIPE-like servers. * All of them do not understand -V2.0Md with the exception of RA and RIPN. diff -ruw whois-4.6.2.orig/debian/copyright whois-4.6.2/debian/copyright --- whois-4.6.2.orig/debian/copyright 2003-01-26 12:36:39.0 -0500 +++ whois-4.6.2/debian/copyright2003-03-14 12:35:18.0 -0500 @@ -1,7 +1,21 @@ This package was debianized by Marco d'Itri [EMAIL PROTECTED] on Sun Oct 3 19:46:30 CEST 1999. -It was written by Marco d'Itri. +It was written by Marco d'Itri [EMAIL PROTECTED]. Copyright: GPL (please see /usr/share/common-licenses/GPL-2). +whois - an advanced and intelligent whois client. +Copyright (C) 1999--2003 Marco d'Itri +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA diff -ruw whois-4.6.2.orig/make_as_del.pl whois-4.6.2/make_as_del.pl --- whois-4.6.2.orig/make_as_del.pl 1999-11-07 13:46:31.0 -0500 +++ whois-4.6.2/make_as_del.pl 2003-03-14
Re: PHP-Nuke: A calling for votes
On Sun, Mar 09, 2003 at 07:16:07PM +0100, Hugo Espuny wrote: 1) People who can vote: anyone reading this message (so reading debian-legal) 2) What you can vote: just one of the next options, just once by person. a) Move it to non-free b) Stay at main c) I don't know 3) Where i have to send my vote: to debian-devel as a reply of this message, and please cc to my debian address 4) Duration: ok, more or less a week since now. 5) Sign: you don't need to sign with pgp/gpg your vote if you don't like. This is not such an official thing. I still think this software is DFSG and GLP2 compliant. So here is the first (my) vote: +1 to b) I vote a) Simon
Re: [Discussioni] OSD DFSG convergence
On Wed, Mar 05, 2003 at 12:21:41AM -0800, Thomas Bushnell, BSG wrote: Russell Nelson [EMAIL PROTECTED] writes: Thomas Bushnell, BSG writes: But why should we bother trying to convince you anymore? What advantage is their? Why should we bother proving to you that our internal processes meet your tests of rationality? They suit us fine, and this is about what *we* choose to do, using the discretion available to us. Some people think there should be one and only one definition/guideline/understanding of what comprises free software. We've got one, you've got another, RMS has a third. Wouldn't it be a good thing if there was less dissention in our community? Sure. Why don't we adopt RMS's? That would be my first vote. I always thought that the FSF's (and RMS's) Four Freedoms were always the basis of the DFSG. I merely thought that the DFSG exists to codify these concepts and make them more concrete. Sort of like a checklist so we don't forget anything. What might be a useful thing to do is start adding appendices to the DFSG with examples of how we have interpreted certain sections. (With valid, and invalid arguments in each.) It should be made very clear that these examples are merely to clarify the opinions of debian-legal, and are in no way binding. Simon
Re: PHPNuke license
On Wed, Mar 05, 2003 at 10:58:34AM -0600, Steve Langasek wrote: On Tue, Mar 04, 2003 at 08:12:31PM -0500, Glenn Maynard wrote: I'm not sure where we could go from there; asking them to change it to only the main page is pointless if that's 1: still ambiguous and/or 2: still of questionable DFSG-freeness. Even if that's DFSG-free, it's still probably a bad idea to ask them to change to that if it's still a questionable interpretation of the GPL. Let's see if we can build consensus around a few points. Does anyone here hold the position that requiring the copyright notice on the front page would not be DFSG-free, if that's a valid interpretation of the GPL? Requiring an appropriate notice on the front page may not be too onerous. I don't see it as being DFSG-nonfree as proper attribution is already considered a reasonable exception to DFSG 3. However, I would define an appropriate notice as not being specific text. Therefore, a license that requires specific wording should be thrown out, however a license that allows you to modify it as appropriate (e.g. to say who owns the copyright to the system you see, who should be contacted if this interactive web application breaks, and that there is a warranty offered by Acme ASP Inc.) It should probably be formatted in such a way that it is not misleading, deceptive, or hidden; if it exists. Does anyone believe the GPL unambiguously *dis*allows that interpretation? No. It does not explicitly disallow this interpretation. Of course, it also does not unambiguously allow this interpretation either. Does anyone believe that this interpretation is sufficiently wrong-headed that it should not be considered valid, in spite of statements from the copyright holder or a court ruling? This interpretation of the GPL seems reasonable. However, I would like to remind that PHP-Nuke's author has not interpreted the GPL in this manner at all. Simon
Re: PHPNuke license
On Wed, Mar 05, 2003 at 12:16:23PM -0500, Branden Robinson wrote: On Tue, Mar 04, 2003 at 04:26:17PM -0600, John Goerzen wrote: On Tue, Mar 04, 2003 at 04:31:17PM -0500, Branden Robinson wrote: Can you remind me of the advantages of NOT interpreting as object form as any form other than the preferred form for modification? For the detailed description, see http://lists.debian.org/debian-legal/2003/debian-legal-200303/msg00131.html I've read it. In a nutshell, I don't know of any reasonable person that would define object code as the output of tr a-z A-Z on a text file. Nice to meet you. :) That is, I'm perfectly willing to accept that as an example of object code if the only alternative is to call it source code. Let us consider the output of tr a-z A-Z as _not_ source code nor object code. This implies that it is not exempted by section 2, and also not exempted by section 3. So it's not a particularly useful definition since you would be bound by pure copyright law, and you'd never be able to redistribute. Of course, this becomes really silly because I know a lot of people that run source code through such tranformation tools as uuencode, tar, and gzip. Simon
Re: PHPNuke license
On Wed, Mar 05, 2003 at 11:55:07AM -0600, John Goerzen wrote: On Tue, Mar 04, 2003 at 04:41:50PM -0500, Branden Robinson wrote: About boxes are fine, but I am not sure it is wise to permit a Free Software license to forbid people from removing them. It makes perfect sense to remove an About box if, for instance, one is converting an application into a library. I agree. (2)(c) should only apply when an application is run interactively. If you make an application into a library, it'd never be run interactively, so its relevance should disappear. I know I haven't worded this quite right, but you get the idea. Here's an interesting GPL puzzle. Say you completely remove the interactive functionality of a program that uses (2)(c). This means that you can remove that entire chunk of code anyway. Someone uses your code and prepares a derivative work that is interactive. Is this new author required to put in an appropriate notice? He knows that one used to exist because you have clearly marked your changes in the appropriate source files. Simon
Re: PHPNuke license
On Wed, Mar 05, 2003 at 12:47:59PM -0500, Branden Robinson wrote: On Wed, Mar 05, 2003 at 04:35:02PM +1300, Nick Phillips wrote: Consideration of the scenario of use of a modified but undistributed version of a program within the modifying organisation would also lead one to conclude that our interpretation of 2 as a whole is desirable, and likely to be the intention of the license's author(s). Why does anyone care about modified copies that don't get distributed? Has it occurred to anyone how difficult it would be to enforce such a restriction? How is the copyright holder to know that such modification has even happened? Oh... Let's say you run an ASP service that uses GNU Hello World to display the appropriate greeting. Making a modification without respecting all of 2(a), 2(b), and 2(c) would be in violation of the GPL as it currently stands. Since the copyright holder has the exclusive right to modification under U.S. copyright law, I see this as a flaw in the wording of the GPL; not a malicious legal trap set by the FSF. Simon
Re: PHPNuke license
On Wed, Mar 05, 2003 at 12:45:55PM -0600, Steve Langasek wrote: On Wed, Mar 05, 2003 at 01:10:15PM -0500, Simon Law wrote: Here's an interesting GPL puzzle. Say you completely remove the interactive functionality of a program that uses (2)(c). This means that you can remove that entire chunk of code anyway. Someone uses your code and prepares a derivative work that is interactive. Is this new author required to put in an appropriate notice? He knows that one used to exist because you have clearly marked your changes in the appropriate source files. It doesn't matter if it used to exist or not; you're only excused from complying with 2(c) if you receive the work in a form that is already interactive, AND it does not already contain an appropriate notice. If you take a non-interactive work and make it interactive, the GPL as written requires you to add an appropriate notice. Your only way out of this requirement is to go back to an earlier, interactive form which legitimately did not include a notice under 2(c). I would recommend that users of the GPL who find this requirement ugly begin adding an additional exemption to 2(c) to their own works. Branden, if I'm not mistaken, this would constitute an additional permission and is therefore acceptable in your book? Yes, this makes sense now. I can see from a more careful reading that 2(c) does obligate you to do add a correct and appropriate notice. Simon
Re: PHPNuke license
On Tue, Mar 04, 2003 at 07:33:51AM -0600, John Goerzen wrote: On Mon, Mar 03, 2003 at 10:52:57PM -0500, Branden Robinson wrote: That sounds ludicrous and farfetched to me, given that both statements, by themselves, are already farfetched in this circumstance. Well, it certainly seems plausible that at least some programs can do this. Consider a quine attached to a network socket. OK, I'll bite -- what's a quine? Check FOLDOC: http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?quine Simon
Re: PHPNuke license
On Tue, Mar 04, 2003 at 08:22:45AM -0600, John Goerzen wrote: I remind everyone that even if the GPL applies, the below notice is more restrictive as it prevents editing to reflect current status. Additionally, the required notice does not include the warranty information, which may be a GPL violation. My personal interpretation is because there is no warranty information in the author supplied notice, then there is no notice worthy of (2)(c) consideration. If the author added the information required by (2)(c), then that would be a different story since nobody could simultaneously satisfy the GPL and Mr. Burzi's own addendums. I suggest that Mr. Burzi, along with his contributors, relicense to something simpler and more explicit, that conforms to his own personal wishes. Simon
Re: PHPNuke license
On Fri, Feb 28, 2003 at 02:51:18PM -0600, Steve Langasek wrote: On Fri, Feb 28, 2003 at 03:18:12PM -0500, Simon Law wrote: What I really mean here is for the maintainer to ask the PHP-Nuke author to actually relicense their software such that their intentions are expressed in the license. Since it is fairly obvious that he is not using the GNU GPL correctly, he probably wants to use something else. Of course, if he has accepted patches from people licensed under the GNU GPL, then he's in a deeper uh... legal quagmire. This would require the PHP-Nuke author to accept patches. Let us say that the author in question is somewhat... notorious. See Google for accounts of the 'postnuke' fork (also available in Debian). Ack! PHP-Nuke appears to have forked off of Thatware, so unless Francisco has exorcised that code... And it appears that he had contributions from others. It sounds like it would take much effort to get its license into a decent state. Simon
Re: PHPNuke license
On Sat, Mar 01, 2003 at 09:24:41PM -0500, Branden Robinson wrote: On Sat, Mar 01, 2003 at 09:51:18PM +0100, Henning Makholm wrote: Agreed. In particular, in such a hybrid licence, the word this License in the GPL text would naturally be taken to refer to the entire hybrid rather than just to the GPL. I don't think the FSF intends the GNU GPL license text to be interpreted that way. (I could be wrong, though...) One of the strong hints that the GNU GPL is not meant to be part of a hybrid license with additional restrictions appears right at the top. Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Everyone who generates a cut-and-paste license out of the GNU GPL is plagerising, and violating copyright law. So actually editing the GPL to include more explicit terms is right out. If you wish to add additional restrictions before or after the GPL, then the total license become inconsistent. The GPL clearly marks the beginning and the end of this License with: TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION END OF TERMS AND CONDITIONS The makes it fairly clear that this License applies to just the GPL. Not only that, but there's wording in the GPL that also enforces this point of view. Section 8 says In such case, this License incorporates the limitation as if written in the body of this license. The reason why you can waive restrictions is that Section 2, Paragraph 2, allows you to. By generalising the entire Program under a more permissive license, a user may choose to use the more permissive license, or to use just the plain GPL. Simon
OpenSSH licensing issues [was Re: PHPNuke license]
On Sat, Mar 01, 2003 at 04:46:50AM +, James Troup wrote: Simon Law [EMAIL PROTECTED] writes: Do you mind, Brandon(sic), if we let Niels finish GNU lsh? I sort of like having a complete SSH protocol implementation in main. Huh? The only reference to advertising in openssh's copyright file is a clause of a Regents of UoC copyright notice and that's been retroactively revoked[1]. True, but licensing is more subtle than that. ssh depends of libssl0.9.7. Look into that copyright file and we see: LICENSE ISSUES == The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [EMAIL PROTECTED] Unfortunately, Eric Young has not revoked clause 3 of his 4-clause BSD license. As well, his license prohibits relicensing of his code, even to a more prohibitive license. Simon
Re: PHPNuke license
On Sat, Mar 01, 2003 at 05:04:11PM -0500, Branden Robinson wrote: I also don't see a problem with the About Box interpretation of (2)(c), which avoids the 4-clause BSD problem. Maybe you don't, but I don't see it as being easily construed from the language of (2)(c); it looks to me like (2)(c) is designed to ensure the unconditional presentation of the information described to a passive user, whereas about boxes tend to require the user to take positive action to reveal them (click on the menu bar, select an item from a drop-down menu, etc.). (2)(c) is much more akin to the splash screen of the GUI world, which blocks out a meaningful chunk of your screen because it wants the user to know that the program is actually loading up. Simon
Re: OSD DFSG convergence
On Sun, Mar 02, 2003 at 08:47:29PM -0500, Russell Nelson wrote: Thomas Bushnell, BSG writes: Russell Nelson [EMAIL PROTECTED] writes: What term of the DFSG *clearly* says that a license cannot require click-wrap? DFSG says that modifications must be permitted. One modification that must be permitted is to modify the software removing the click-wrap implementation. You are not allowed to remove the copyright statement from a source file. You are not allowed to remove the code which announces the license on a GPL'ed program. Russell, correct me if I'm wrong, but a click-wrap license otherwise known as an End-User License Agreement is not a copyright statement. This, of course, is what Thomas was referring to. Simon
Re: PHPNuke license
On Fri, Feb 28, 2003 at 10:12:41AM -0600, John Goerzen wrote: Hello, This is in /usr/share/doc/phpnuke/copyright: Note from upstream author: ## #I M P O R T A N TN O T E# ## # IMPORTANT: I saw many sites that removes the copyright line in the footer # # of each page. YOU'RE NOT ALLOWED TO REMOVE NOR CHANGE/EDIT THAT NOTE. If I # # still see this problem happening I'll need to take extreme measures that # # can include: to change the PHP-Nuke license, to encrypt some parts of the # # code, stop distributing it for free and in an extreme case stop developing # # it. The decision is in your hands. # # If you do not agreed with this simple rule, delete all PHP-Nuke files # # right now and move away from it. Thanks. # ## I think this is not good for the same reason as the BSD advertising clause. The notice is: Web site engine's code is Copryight (C) 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license. This would seem to also prohibit modifications and derived works, since a proper copyright notice would reflect the status of the modifier. PHP-Nuke's license is ambiguous. I don't like it at all. Here's a sample culled from footer.php // /* PHP-NUKE: Advanced Content Management System */ /* */ /* */ /* Copyright (c) 2002 by Francisco Burzi*/ /* http://phpnuke.org */ /* */ /* This program is free software. You can redistribute it and/or modify */ /* it under the terms of the GNU General Public License as published by */ /* the Free Software Foundation; either version 2 of the License. */ // So it appears that he doesn't apply the GPL properly, but at least we see his intent. Of course, unlike Bison, Francisco does not exempt the output of his program, which contains snippets of clear-text HTML and JavaScript within. Therefore, I suspect most people using PHP-Nuke are in violation of Section 0 of its license. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. This, of course, means that people who run PHP-Nuke must have their webpages licensed as a whole under the GNU GPL. It also implies that they need to reproduce the copyright notices in the output, perhaps as HTML comments up at the top. This all seems rather silly though, since the author has obviously not understood the license he has applied. Could the maintainer of PHP-Nuke please have a little chat with the author? Simon
Re: PHPNuke license program is free software; you can redistribute it and/or
On Fri, Feb 28, 2003 at 01:09:36PM -0600, John Goerzen wrote: On Fri, Feb 28, 2003 at 01:38:52PM -0500, Peter S Galbraith wrote: Branden Robinson [EMAIL PROTECTED] wrote: What this restriction is much *more* like is the Zope web bug (all pages rendered with Zope have to have our little image on it), against which Bruce Perens successfully campaigned some years ago. Perhaps, but the Zope license required it explicitely, while the PHPNuke author is relying on the GPL section 2c to enforce it. I don't think I gather that from this: YOU'RE NOT ALLOWED TO REMOVE NOR CHANGE/EDIT THAT NOTE. explicitly stated in the Debian copyright file for the package. I think that is an extra restriction. It appears to be an extra restriction. If it were to fall under 2c, then the HTML it generates should be similar to this: centerfont class=footmsg PHP-Nuke version 6.5, Copyright copy; 2003 by Francisco Burzi. PHP-Nuke comes with a href=http://phpnuke.org/no-warranty.html; ABSOLUTELY NO WARRANTY/a. This is free software, and you are welcome to redistribute it under a href=http://phpnuke.org/license.html; certain conditions/a. /font/center Of course, it doesn't. The author himself fails to print or display an appropriate copyright notice and a notice that there is no warranty and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. Thus falling under the exception clause immediately following. However, since the Program includes itself within the output, every PHP-Nuke generated page must contain appropriate copyright information within. So there should probably be some text before the /head tag. Perhaps a comment that looks like this: !-- PHP-Nuke is an advanced web-based content management system. Copyright (C) 2003 Francisco Burzi This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -- /head Simon
Re: PHPNuke license
On Fri, Feb 28, 2003 at 11:19:34AM -0600, John Goerzen wrote: On Fri, Feb 28, 2003 at 11:44:56AM -0500, Simon Law wrote: Could the maintainer of PHP-Nuke please have a little chat with the author? I think that the author is unlikely to relent on this, given http://www.phpnuke.org/modules.php?name=Newsfile=articlesid=5536 Well, the full context of that sentence is below. This, of course, means that people who run PHP-Nuke must have their webpages licensed as a whole under the GNU GPL. It also implies that they need to reproduce the copyright notices in the output, perhaps as HTML comments up at the top. This all seems rather silly though, since the author has obviously not understood the license he has applied. Could the maintainer of PHP-Nuke please have a little chat with the author? What I really mean here is for the maintainer to ask the PHP-Nuke author to actually relicense their software such that their intentions are expressed in the license. Since it is fairly obvious that he is not using the GNU GPL correctly, he probably wants to use something else. Of course, if he has accepted patches from people licensed under the GNU GPL, then he's in a deeper uh... legal quagmire. Simon
Re: PHPNuke license
On Fri, Feb 28, 2003 at 03:04:10PM -0500, Branden Robinson wrote: On Fri, Feb 28, 2003 at 01:07:21PM -0600, John Goerzen wrote: I didn't try to reach a conclusion about DFSG-freeness with the above statement for the precise reason that I couldn't find a consensus on the issue with my quick list searching. I'm just saying I don't like the BSD advertising clause, and this is like that, and I dont like it either. Okay. Ultimately I think we should try to reform the DFSG or our interpretation of it such that the advertising clause is no longer regarded as DFSG; it is impractical, and the vast majority of important software that used to carry the 4-clause BSD license has transitioned to the 3-clause BSD license (or a different license entirely). Do you mind, Brandon, if we let Niels finish GNU lsh? I sort of like having a complete SSH protocol implementation in main. Furthermore, a broad interpretation of 2c would be inconsistent with the way most FSF programs actually work. The stuff in GNU coreutils doesn't generally spew a copyright notice and warranty disclaimer to standard output or standard error when these programs are are run for their typical uses; otherwise normal shell sessions would be awash in legal notices and we'd need 100,000 lines of scrollback in our terminals just so we could get some work done. Well, that's because the copyright holder, in this case the FSF, has chosen not to print or display the appropriate notices. Therefore, no subsequent contributors need to, although they could add one if they wished. Simon
Re: PHPNuke license
On Fri, Feb 28, 2003 at 03:07:20PM -0600, John Goerzen wrote: On Fri, Feb 28, 2003 at 03:09:45PM -0500, Branden Robinson wrote: On Fri, Feb 28, 2003 at 02:02:32PM -0600, John Goerzen wrote: On Fri, Feb 28, 2003 at 02:22:44PM -0500, Don Armstrong wrote: We do have some software that is GNU GPL with exceptions, but these exceptions grant additional rights, instead of imposing additional restrictions. Good point. I wonder, though, if the difference is important? Uh, why do you think the FSF went to the trouble of writing sections 6 and 7 of the GNU GPL in the first place? Those don't apply to the copyright holder. The GPL applies only to people that receive a copy from them. The You in You may not impost any further restrictions in section 6 refers to people that receive the program from someone other than the copyright holder that is redistributing it under the GPL. It would not be the redistributor that is imposing the additional restrictions; it would be the copyright holder. This is true. However, you cannot include the full text of the GNU GPL verbatim, and include additional restrictions as they stand and still have a consistent license. In this case, the GPL helpfully nullifies itself because you cannot meet both its obligations and the additional restrictions imposed. Therefore, your users do not get the privledge of copying, modifying or redistributing. This basically means that your program is freeware and not really copyleft. Simon
Bug#182402: ttf-freefont is violating the GNU GPL
Package: ttf-freefont Version: 20021016-2 Severity: serious The package ttf-freefont is licensed under the GNU General Public License, as listed in the appended debian/copyright file. I can confirm this from http://savannah.nongnu.org/download/freefont/COPYING . Since ttf-freefont _does_ _not_ include the complete corresponding machine-readable source code, nor does it have a written offer, nor does it pass on information received; this package and Debian is in violation of Section 3 of freefont's license. I recommend that you immediately upload a package containing the source SFD files to satisfy our licensing obligations. You should use both http://savannah.nongnu.org/download/freefont/freefont-ttf.tar.gz and http://savannah.nongnu.org/download/freefont/freefont-sfd.tar.gz to construct the package. --- BEGIN debian/copyright --- This package was debianized by Peter Hawkins [EMAIL PROTECTED] on Fri, 27 Sep 2002 12:42:49 +1000. It was downloaded from http://www.nongnu.org/freefont/ Upstream Author: Primoz Peterlin Copyright: This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. You should have received a copy of the GNU General Public License with your Debian GNU/Linux system, in /usr/share/common-licenses/GPL, or with the Debian GNU/Linux ttf-freefont source package as the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. END debian/copyright As well, the debian/copyright notice does not actually specify the correct copyright statement. I suggest revising it thus: --- BEGIN suggested debian/copyright --- This package was debianized by Peter Hawkins [EMAIL PROTECTED] on Fri, 27 Sep 2002 12:42:49 +1000. It was downloaded from http://savannah.nongnu.org/download/freefont/ Upstream Maintainer: Primoz Peterlin [EMAIL PROTECTED] Copyright: freefont is a collection of free Universal Character Set outline fonts. Copyright (C) 2002 Free Software Foundation This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. END suggested debian/copyright
Re: mod_ldap for proftpd is now post-card licensed (proftpd 1.2.7+)...
On Thu, Jan 30, 2003 at 03:13:02PM +0100, Francesco P. Lovergine wrote: On Thu, Jan 30, 2003 at 01:06:22PM +0100, Francesco P. Lovergine wrote: Any hints are welcome :) Send him a postcard with the appropriate GPL section highlighted. Simon
Re: mod_ldap for proftpd is now post-card licensed (proftpd 1.2.7+)...
On Thu, Jan 30, 2003 at 07:51:27PM +0100, Henning Makholm wrote: Scripsit Simon Law [EMAIL PROTECTED] Send him a postcard with the appropriate GPL section highlighted. Um, but what is the appropriate GPL section? It is clear to us that what the author is trying to do is not compatible with claiming it is GPL'ed - but the reason *why* it's incompatible is that the GPL contains no postcard requirement. How do you hightlight a section that is no there? Two sections actually: The zeroth section states why his condition: As of mod_ldap 2.8.10, you _must_ send me a postcard at the following address if you use mod_ldap. If you do not send a postcard, you are in violation of mod_ldap's licensing. cannot hold under U.S. copyright law. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. The sixth section tells us why no-one but the author is allowed to distribute the Program. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. Simon
Re: CLUEBAT: copyrights, infringement, violations, and legality
On Tue, Jan 28, 2003 at 11:16:24PM -0500, Branden Robinson wrote: * Some countries, particularly some in Europe, have a concept of moral rights that attach to creative works. I admit I am not too familiar with these, but they are not the same thing as copyright and have little in common with copyright. Moreover, moral rights are seldom asserted in anything the Debian Project seeks to distribute. So, let us not confuse moral rights with copyrights and thus lazily introduce the language of the former when speaking of the latter. Here in Canada, we too have moral rights on our work. From http://www.trytel.com/~pbkerr/copyright.html Moral rights include the author's right to be associated with the work by name, or pseudonym and the right to remain anonymous, and include the author's right to the integrity of the work (that is, the author's right to stop the work from being distorted, mutilated or modified, to the prejudice of the author's honour or reputation, or from being used in association with a product, service, cause or institution). So moral rights can be very well asserted aside from licensing. For instance, if I allow modification and redistribution of a technical document that I have written, that is a relaxation of copyright restrictions. However, if I understand Canadian law correctly; this does not relax my moral rights. If you edit my technical document such that it uses language that is offensive (replacing the word woman with a derogatory equivalent,) then you have violated my moral right to the integrity of the work. As well, my moral rights allow me to pursue legal action if another institution adopts it as some form of symbol, and I do not wish it to be associated as such. Simon
Re: OSD DFSG convergence
On Sun, Jan 26, 2003 at 09:54:54PM -0500, Russell Nelson wrote: Simon Law writes: Public domain software that is unlicensed does not have the protection of copyright law. Therefore, it is likely to meet all the DFSG criteria. How can it? There is no license, so how can it meet #3 Derived Works? I'm not being trivial and pointless here, I'm being careful. Ah... I see that you are being pedantic. Thankfully, the DFSG is not a legal document; so although it is a literal interpretation, any sane Debian Developer will realise that public domain software needs no license whatsoever to meet all other DFSG criteria. Notice that I was careful in not specifying that it would meet OSD criteria. Your world and ours is ever so slightly different. Simon
Re: OSD DFSG convergence
On Mon, Jan 27, 2003 at 04:53:16PM +0200, Antti-Juhani Kaijanaho wrote: On 20030126T194352-0500, Branden Robinson wrote: On Sun, Jan 26, 2003 at 10:57:01PM +0200, Antti-Juhani Kaijanaho wrote: Also, there is -- again in the U.S. -- such a thing as an uncopyrightable work, and such things can be in the public domain[1]. Sure there are uncopyrightable works. There are such things in Finland, too. I was explicitly limiting myself to software, for which I am not aware of any uncopyrightability. The Debian distribution contains things that aren't software, like word lists, and some of things are neither software nor subject to copyright law (in the U.S.). If it is not software, then it is not public-domain software. (I even remember past discussions on Debian lists, perhaps even this one, where it was debated whether the DFSG, _software_ guidelines, apply to such works.) It seems that the Debian community also attempts to shoehorn the DFSG into non-software situations. Granted that this is sub-optimal since we argue endlessly over semantics; but the end results are decent. Simon
Re: OSD DFSG convergence
On Sun, Jan 26, 2003 at 12:55:05PM -0500, Russell Nelson wrote: Hi. I'm the vice-president of the Open Source Initiative, and I'm writing to you today in that stead. N.B. I am CCing you since you do not have a Mail-Followup-To: that says otherwise. If you are reading this list, please tell me so I won't pollute your Inbox. We want to explore convergence between the Open Source Definition, and the Debian Free Software Guidelines. OSI is interested in mending differences in our community, so that we can stand together. Is there anything in the OSD which would prevent the Debian project from adopting it whole cloth? Is there anything the Debian project would like to see changed in the OSD before it could adopt the OSD? To facilitate discussion, there are only two major differences that I can see. DFSG 2: The OSD appends the following text: Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction costpreferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed. DFSG 10: The OSD removes the grandfathering clause and substitutes: No provision of the license may be predicated on any individual technology or style of interface. Regardless of the merits of this proposal, I see two problems with the current DFSG. One is that software must comply with the DFSG to be a part of Debian, and yet the DFSG does not admit the possibility of public-domain unlicensed software. Then again, neither does the OSD, because we're only applying it to licenses. Another problem is that Public domain software that is unlicensed does not have the protection of copyright law. Therefore, it is likely to meet all the DFSG criteria. Public domain software that is embedded within other licensed software may or may not meet DFSG criteria. Nevertheless, the DFSG can be applied. the DFSG does not prohibit a license from requiring a specific form of affirmative assent known as click-wrap. Our recently-passed change to the OSD fixes that problem. I fail to see how a useful software license could be DFSG-free and have a detrimental click-wrap license. Perhaps you could provide an example? Simon
Re: OSD DFSG convergence
On Sun, Jan 26, 2003 at 10:57:01PM +0200, Antti-Juhani Kaijanaho wrote: On 20030126T125505-0500, Russell Nelson wrote: Another problem is that the DFSG does not prohibit a license from requiring a specific form of affirmative assent known as click-wrap. I have a vague memory of such licenses been deemed non-DFSG-compliant in the past, but I don't have references. Typically, these licenses are used to impose further restrictions on copyright. Since all rights reserved already violates the DFSG, this sub-class of click-through (or EULA) licenses are DFSG-nonfree as well. Simon
Re: gnuplot license
On Mon, Dec 16, 2002 at 07:01:07PM -0600, Joe Wreschnig wrote: On Mon, 2002-12-16 at 09:23, Peter S Galbraith wrote: OT, but I'm sure most people first pick gnuplot because they think it is the GNU tool for the job. It's too bad that it capitalizes on the name with such a license. Well, what *is* the GNU tool for the job? AFAIK there isn't one. Use GNU graph, which is encapsulated within GNU plotutils. Simon
Re: what license is ?
On Thu, Sep 26, 2002 at 01:53:20AM +0200, Samuele Giovanni Tonon wrote: hi, i'm making the package of a library (libevent) which has this license this looks like a derived form of BSD license anyway i don't know if i can put it under bsd license or i have to cut'n paste the license inside the copyright file (anyway it looks debian compatible) . the only difference seem to be point 3 beetween this and BSD Lic. What do you suggest ? Dude, I've ITPed [0] that, and have a copy of that package on my hard disk. I plan on tweaking fragroute before uploading the whole set. Simon [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=155447repeatmerged=yes
Re: truetype font licensing
On Thu, Aug 15, 2002 at 11:53:06PM -0700, Michael Cardenas wrote: Hello everyone. Please cc me on any replies as I am not subscribed. Done. You should set your Mail-Followup-To: header to say that, then any intelligent mail reader will CC you. Unfortunately, I only know of two ttf fonts that are explicitly licensed under the gpl: dustismo, from cheapskate fonts, and metatype, from metatype.sourceforge.net. I have investigated this for a while, and have also noticed the lack of Free TTFs. I will be making a package shortly for dustismo, and am talking with the author about the possibility of more gpl'ed fonts. I have also emailed the maintainer of metatype, as his font needs some more work and I'm willing to work on it, but I haven't received a response yet. Thank you for your time and effort. It is nice to see Lindows.com contributing directly to the Debian project. What a long winded prelude! I want to ask you about how, or if, I should approach some other font authors to see if they are interested in releasing their fonts under the gpl. I believe you should. However, there are legal implications to using the GPL which are subtle. You may want to consider asking them to dual license, or to consider the LGPL. Searching for free fonts, I came across this list from a prof at mcgill university: http://cgm.cs.mcgill.ca/~luc/freefonts.html and emailed him to see if he knows of any which are gpl'ed or under similar free licenses. he pointed me to this list, of original font authors, not just collections: http://jeff.cs.mcgill.ca/~luc/originalfonts.html and said I should talk to those authors, and that he doesn't know of any under free licenses. So, should I contact these font authors to ask them about licensing? How should I approach them? Is there someone else more appropriate and interested who is a dd and has a d.o email address? (i'm still in the nm process) I think that since you have done a lot of research, you ought to approach them. You should approach them in a friendly way, introduce yourself as a Debian volunteer, and explain our predicament. Then ask them if they would like to help. You can then explain the legal issues surrounding their current licensing, and how alternative licenses could help. Since most fontographers are not lawyers, it may be that they have just picked the wrong license for their intent. I've been dealing with the Nessus people on a similar licensing problem; and I'm also in the NM queue. As long as you're friendly, kind and understanding; most upstreams I've talked to are pretty accomodating. If they say no, then don't push the issue. Licensing is a pretty hot topic for some people. There is also the issue of the Bigelow and Holmes fonts in xfree86, which are licensed under a non free license which restricts modification. Branden Robinson and Juliusz Chroboczek already contacted them to discuss licensing, and received no response. I think we should try again. Most definitely! I would encourage you to do so. I'm very interested in providing high quality type to the free software community, and I want to do whatever I can to make that happen. If that means finding gpl or dfsg compliant fonts, then so be it. If I can't find any and have to make my own, I plan to do so. Actually, we probably should make our own. The dirth of Free tools for making TrueType is a major roadblock, and should be something to be worked upon. The reason why we should make our own is so that documents coming from the non-free world can carry reasonably well. We need a Times clone and a Helvetica clone, with the same dimensions and kerning. A Zapf Dingbats clone would also be beneficial. They don't have to look the same, but they ought to have the same characters, in the same place, with the same _behaviour_ so that documents can be shared without gross formatting changes. thank you for your time No, thank you Michael. Simon
Re: truetype font licensing
On Thu, Aug 15, 2002 at 11:53:06PM -0700, Michael Cardenas wrote: Hello everyone. Please cc me on any replies as I am not subscribed. Done. You should set your Mail-Followup-To: header to say that, then any intelligent mail reader will CC you. Unfortunately, I only know of two ttf fonts that are explicitly licensed under the gpl: dustismo, from cheapskate fonts, and metatype, from metatype.sourceforge.net. I have investigated this for a while, and have also noticed the lack of Free TTFs. I will be making a package shortly for dustismo, and am talking with the author about the possibility of more gpl'ed fonts. I have also emailed the maintainer of metatype, as his font needs some more work and I'm willing to work on it, but I haven't received a response yet. Thank you for your time and effort. It is nice to see Lindows.com contributing directly to the Debian project. What a long winded prelude! I want to ask you about how, or if, I should approach some other font authors to see if they are interested in releasing their fonts under the gpl. I believe you should. However, there are legal implications to using the GPL which are subtle. You may want to consider asking them to dual license, or to consider the LGPL. Searching for free fonts, I came across this list from a prof at mcgill university: http://cgm.cs.mcgill.ca/~luc/freefonts.html and emailed him to see if he knows of any which are gpl'ed or under similar free licenses. he pointed me to this list, of original font authors, not just collections: http://jeff.cs.mcgill.ca/~luc/originalfonts.html and said I should talk to those authors, and that he doesn't know of any under free licenses. So, should I contact these font authors to ask them about licensing? How should I approach them? Is there someone else more appropriate and interested who is a dd and has a d.o email address? (i'm still in the nm process) I think that since you have done a lot of research, you ought to approach them. You should approach them in a friendly way, introduce yourself as a Debian volunteer, and explain our predicament. Then ask them if they would like to help. You can then explain the legal issues surrounding their current licensing, and how alternative licenses could help. Since most fontographers are not lawyers, it may be that they have just picked the wrong license for their intent. I've been dealing with the Nessus people on a similar licensing problem; and I'm also in the NM queue. As long as you're friendly, kind and understanding; most upstreams I've talked to are pretty accomodating. If they say no, then don't push the issue. Licensing is a pretty hot topic for some people. There is also the issue of the Bigelow and Holmes fonts in xfree86, which are licensed under a non free license which restricts modification. Branden Robinson and Juliusz Chroboczek already contacted them to discuss licensing, and received no response. I think we should try again. Most definitely! I would encourage you to do so. I'm very interested in providing high quality type to the free software community, and I want to do whatever I can to make that happen. If that means finding gpl or dfsg compliant fonts, then so be it. If I can't find any and have to make my own, I plan to do so. Actually, we probably should make our own. The dirth of Free tools for making TrueType is a major roadblock, and should be something to be worked upon. The reason why we should make our own is so that documents coming from the non-free world can carry reasonably well. We need a Times clone and a Helvetica clone, with the same dimensions and kerning. A Zapf Dingbats clone would also be beneficial. They don't have to look the same, but they ought to have the same characters, in the same place, with the same _behaviour_ so that documents can be shared without gross formatting changes. thank you for your time No, thank you Michael. Simon
Re: Can someone please help look over this
On Tue, Aug 13, 2002 at 02:41:45PM +1200, Corrin Lakeland wrote: Hi all, This licence has got me a bit confused. Can someone please help to see if I can add this to a GPL program (aspell) without affecting its DFSG status. I'm aware languages are distributed in seperate packages and I _could_ put it in non-free, but I'd really rather not. The point I'm hesitant about is the non-commercial since the GPL permits you to charge for copies. The requirement for non-commercial distribution (2.1.3 and 2.2) violates DFSG 7. I suspect that the return all changes to author clause (2.1) is non-DFSG free, but I forget the specific interpretation. Now, adding linking this to aspell and distributing the result is not possible. The GPL explicitly says that any derived works cannot have any additional restrictions. The license employed here has many restrictions above and beyond the GPL. It seems to me that the author wants a) to be acknowledged and b) to keep his software Free. I suppose you have already suggested the use of the GPL to him? Simon
Re: TeX Licenses teTeX (Was: Re: forwarded message from Jeff Licquia)
On Sat, Aug 10, 2002 at 03:40:19PM -0400, Boris Veytsman wrote: However, there is a big difference between TeX programs and, say, C or Perl programs. The innards of the C compiler or Perl interpreters are hidden from the user program. You cannot patch your compiler or interpreter DURING the run. TeX is different by design. You can patch it from the program it runs. Everything defined in plain.tex, cmr10.mf (or latex.ltx and article.sty) can go under knife from foo.tex. Therefore you obviously CAN patch the sources during the build and CAN distribute both the built files AND patches. That is silly. You can definitely modify the behaviour of the C compiler through the C preprocessor. You can do it in C++ with templates. Perl allows you to fiddle with its symbol table (typeglobs) so that you can redefine the language on the fly. You can even change the behaviour of already compiled programs under UNIX with LD_PRELOAD. But Frank has already (sensibly) admitted that this is not free enough. Just because it's the accepted way doesn't mean that it is free enough. For instance, many Windows programmers will re-write their Windows system DLL libraries in order to get functionality they need.and Due to the way Windows loads libraries, the system DLLs can be overloaded; but this does not make Windows system libraries more free than if the library loader did not have this feature. Simon
Re: TeX Licenses teTeX (Was: Re: forwarded message from Jeff Licquia)
On Sat, Aug 10, 2002 at 06:36:56PM -0400, Boris Veytsman wrote: Let me ask you this question. Suppose the libfoo-dev.deb package has only include files (no compiled libs and objects). The author of the package requires that absolutely no changes are done to the includes. However, you have the right to distribute patches to any foo*.h to be loaded at compile time. Moreover, you are allowed to distribute /usr/include/fixedfoo along with /usr/include/foo, and there is no restriction of putting into Makefiles CFLAGS += -I /usr/include/fixedfoo Would you consider libfoo-dev.deb to be free? Is this not what proprietary library vendors sell? They sell shrink-wrapped libraries, with copyrighted headers that you may use but must not modify. This makes sense for them, since you must expose the source of the header files in order to compile. Of course, you are allowed make your own source code redefine these includes, which is equivalent to the system LaTeX provides. However, the FSF has advised authors not to do this with proprietary libraries, because it could be interpreted that you are making a derived work by editing the header files, and that you are in a legally shaky position. I would consider this situation to be an edge case, and a very precarious cliff to be teetering above. Under some interpretations, it may be free; but under trial conditions, a judge may very well rule against those interpretations. THIS IS NOT A GOOD THING! Simon
Re: TeX Licenses teTeX (Was: Re: forwarded message from Jeff Licquia)
On Thu, Aug 08, 2002 at 03:04:11PM -0400, Boris Veytsman wrote:
Date: Thu, 8 Aug 2002 20:26:26 +0200
From: Bernhard R. Link [EMAIL PROTECTED]
I will try to describe some worst-case scenario, to describe, what
it is
[the scenario is omitted].
You would be surprised, but this scenario is *not* imaginary. Actually
this is what really happened to me. I think this story might be
instructive in this discussion, so please bear with me.
This story is very unusual in LaTeX word, where stability is prized,
but it did happen.
Carl Heinz, the author of listings package, changed the API several
times. He was nice enough to number the versions by 0.xx, so I SHOULD
know better than to use alpha code on production machines, but I badly
needed this package for my own system of automatic code generation
(what I call semi-literate programming; at some point I am going to
write a paper about it for TUG). Actually some changes were made at my
own request, so I should not complain.
To make a long story short, each of his incompatible upgrades broke my
old documents! So what did I do? Several things -- there are several
of them because I have been living with Carl's changes for four years
now.
My goodness! Here's where all our experiences with dynamic
libraries pay off.
For the love of all that is good in this world, when the LaTeX3
team finally releases it to the world: please include these two things:
1. SONAMES
2. Versioned symbols
3. Namespaces
This solves all your problems in one fell stroke, as long as the
official LaTeX team follows all of them. You can install new packages
with completely different behaviour and if you want documents to always
work; just make sure you declare what version of \documentclass{foo} and
\usepackage{bar} you want. Backward compatibility issues solved.
Actually, come to think of it, you could probably implement the
same thing _now_ in LaTeX2e. Make the default behaviour grab the most
recent versions of things, and people who use versioned stuff can ask
for \usepackage[v1]{bar} or something. Then, you don't need legal
hackery to maintain document compatibility across platforms. This will
make the sun shine, the grass green, birds sing, and lawyers unhappy.
Simon
Re: TeX Licenses teTeX (Was: Re: forwarded message from Jeff Licquia)
On Tue, Aug 06, 2002 at 12:15:32AM +0300, Richard Braakman wrote: On Mon, Aug 05, 2002 at 05:03:02PM -0400, Boris Veytsman wrote: I think you mix things here a lot. 1. We already discussed the fact that LaTeX does have a patch mechanism. We demonstrated it here. The crucial difference is that the TeX patching happens at build time, and the restriction does not affect what can be installed on a user's machine. It is also clear that the TeX license only applies to TeX which relies on WEB. The _draft_ LPPL is intended to apply to all manner of works, which may or may not have any patching mechanism. For example, even if LaTeX were compilable to bytecode at build-time, and provided a patching system; it is still conceivable that another work would infringe on the _draft_ LPPL's filenaming restriction. Simon
Re: GPL exception for the OpenSSL library
On Tue, Jul 30, 2002 at 02:53:19PM +0200, Bodo Moeller wrote: http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00454.html: I would then include the entire OpenSSL license in the file COPYING.OpenSSL in the hpoj package. Mark, please forward the LICENSE file distributed with the OpenSSL version that Debian provides, so I can make sure it's truly identical to what I think it is. Hopefully they don't change the wording of their license on a regular basis. :-) http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00665.html: Could we also pseudo-uniquely identify COPYING.OpenSSL with an MD5 checksum? Please note that one line of the OpenSSL license *is* in fact changed on a regular basis: * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. MD5 checksums should be predictable, though. I believe that the copyright statement is not a part of the license. The copyright statement is merely informational text, in countries that are Berne convention signatories, is it not? I have been under the impression that the license is the stuff following the copyright statement which outlines your rights and restrictions _in_ _addition_ to standard copyright. Somebody correct me if I'm wrong. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPL exception for the OpenSSL library
On Tue, Jul 30, 2002 at 03:33:49PM +0200, Bodo Moeller wrote: On Tue, Jul 30, 2002 at 09:21:34AM -0400, Simon Law wrote: I believe that the copyright statement is not a part of the license. The copyright statement is merely informational text, in countries that are Berne convention signatories, is it not? I have been under the impression that the license is the stuff following the copyright statement which outlines your rights and restrictions _in_ _addition_ to standard copyright. Probably you are right, the problem is just that MD5 does not know about this :-) Well, perhaps you don't have to include the copyright statement in COPYING.OpenSSL. Then you'd still be reproducing the license, no? Can someone find out if this is the case? Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#154398: Whisker 2.0 is out
On Fri, Jul 26, 2002 at 09:46:14PM +0200, Thomas Seyrat wrote: On July 26, 15:02 (-0400), Simon Law wrote: Yes. I have noticed that just now. It appears that Whisker and its libraries are free, but its tests are non-free. Mmh, yes, this is weird. Maybe rfp had to leave the main code GPL simply because it derives from the one used in Whisker 1.4, but rewrote the test engine and the test themselves, which would allow him to make them non-free ... That is strange. This data is odd, and seems to be in the form of code; so I suppose the best way to get around it would be to reimplement main.test as GPLed code. Doooh. This one's gonna tough. If you want someone to send you a Chinese Wall implementation of main.test, I think I can help you out. Thanks for that, but I want to make sure that this licensing is not just temporarily applied to Whisker 2.0, so I think I'm going to wait for Whisker 2.1, and contact rfp then if situation has not changed. More bad news on the licensing front. libwhisker-1.4 is GPLed but it links to OpenSSL. *sigh* Looks like I'm going to have to join the Whisker mailing lists and talk to him about all the legal issues he has. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [hpoj-devel] Bug#147430: hpoj: Linking against OpenSSL licensing modification (GPL)
On Thu, Jul 25, 2002 at 03:06:47AM -0700, David Paschal wrote: Let me know ASAP if there are any problems I need to fix before releasing hpoj-0.90. If nothing comes up then I plan to start the release process approximately 12-24 hours from now. Thanks for everybody's patience and cooperation in this matter. I've e-mailed RMS and this is what he had to say in http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00603.html I see one possible flaw: if someone includes a different COPYING.OpenSSL file, this notice would give permission for linking with something under that replaced file. I think that's a bug. It needs to state the OpenSSL license in some more reliable way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPL exception for the OpenSSL library
On Wed, Jul 24, 2002 at 09:12:03PM -0600, Richard Stallman wrote: My question is: do you think this license exception is acceptable for use? That is, does it prevent the proprietary hijacking of the linked GPL-incompatible library? Can you see any flaws in this? I see one possible flaw: if someone includes a different COPYING.OpenSSL file, this notice would give permission for linking with something under that replaced file. I think that's a bug. It needs to state the OpenSSL license in some more reliable way. I suppose it would be tighter then, if you were to include the OpenSSL license as an appendix to the copyright exception itself? Could we also pseudo-uniquely identify COPYING.OpenSSL with an MD5 checksum? That is: In addition, as a special exception, Hewlett-Packard Company gives permission to link the code of this program with any version of the OpenSSL library which is distributed under a license identical to that listed in the included COPYING.OpenSSL file (which has an MD5 checksum of d41cc83b1cb9c19efde98744211a0b16), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPL exception for the OpenSSL library
On Fri, Jul 26, 2002 at 01:14:12AM +0200, Florian Weimer wrote: Simon Law [EMAIL PROTECTED] writes: Could we also pseudo-uniquely identify COPYING.OpenSSL with an MD5 checksum? That is: I think in the upstream sources, the file is called LICENSE, and it changes once a year (because of the included copyright statement), so including a md5sum is not a terribly good idea. However, including COPYING.OpenSSL without the MD5SUM has the same problem. Both versions imply that you can only link to certain versions of OpenSSL when distributing the GPLed program. Is there any legal means of allowing COPYING.OpenSSL to be the version released by the OpenSSL project _now_ but with minor changes in such things as copyright dates? The OpenSSL group may one day change their license to something completely different and non-free. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
GPL exception for the OpenSSL library
Hi Richard! I have a question to ask of you, which involves exception statements to the GNU General Public License. It is slightly complicated, so I will give you some background. Hewlett-Packard released a driver called the HP OfficeJet Linux Driver which is packaged in the Debian GNU/Linux system as hpoj A description can be found at http://packages.debian.org/unstable/utils/hpoj.html Fortunately, HP was wise enough to license hpoj under the GNU GPL. Unfortunately, it is linked to the OpenSSL library (libcrypto) which you and I know is GPL-incompatible. This was reported to Debian in http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\bug=147430 HP looked at the exception presented at in the FSF's GPL FAQ http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs and decided that it was too broad for their tastes. They were afraid that if someone were to link a library that was not OpenSSL from the OpenBSD team, and their OpenSSL non-free; the exception statement would apply to it. Another developer, Renaud de Raison of Nessus, had the same difficulty with the exception statement; and was also worried that someone could hijack his GPLed software by using this exception statement. On debian-legal, we ask if it is possible to use a GPL compatible library, such as GNU TLS, but in both cases the authors prefered to use OpenSSL as it fit their needs better. HP went to its corporate attorney, and it drafted this exception statement, presented on debian-legal@lists.debian.org (and archived at http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00454.html) In addition, as a special exception, Hewlett-Packard Company gives permission to link the code of this program with any version of the OpenSSL library which is distributed under a license identical to that listed in the included COPYING.OpenSSL file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. Notice how it is very similar to the FSF approved statement. The only difference is that the license of OpenSSL is bundled with the Free software, and referenced in the exception, so it appears that no proprietary hijacking can occur. My question is: do you think this license exception is acceptable for use? That is, does it prevent the proprietary hijacking of the linked GPL-incompatible library? Can you see any flaws in this? As well, if you believe this is a good exception statement, perhaps you could revise the GPL FAQ in some manner to present a generalised version of this statement as an alternative to the one you currently provide? I can see how this exception may be applicable and useful for linking with non-OpenSSL works (that is Free Software that is sadly GPL-incompatible.) Thank you for your input in this complicated manner. I hope I have not wasted any of your time. Yours sincerely, Simon Law c.c. debian-legal@lists.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Distributing GPL Software as binary ISO
On Thu, Jul 18, 2002 at 01:34:34PM -0500, Steve Langasek wrote: On Thu, Jul 18, 2002 at 08:04:03PM +0200, Martin Schulze wrote: I'm asking what A and B should do to bring themselves into compliance. I don't want to sue or attack entities. I would like to document the required behaviour somewhere, though, so entities know what their obligation is if they are repackaging and redistributing the Debian system. Once A or B has distributed GPLed binaries in this manner without the source, the offense is there, and they are vulnerable to a lawsuit because of the license violation. C.f. the widely-publicized MySQL court case. Assuming all parties are acting in good faith, which has tended to be the case in the Free Software community, it is probably sufficient if A and B take steps to ensure that all further distribution of binaries complies with the GPL. If A or B knows how to reach some or all of those they distributed binaries to commercially, as an additional show of good faith they might send a copy of the sources to these recipients as the GPL originally required them to do. Also remember that once someone has violated the GPL, they are no longer licensed and do _not_ have the freedoms granted by the GPL. Thus, many companies like to settle in a mutually acceptable agreement. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Motivations; proposed alternative license
On Tue, Jul 16, 2002 at 10:48:28PM -0500, Branden Robinson wrote: On Tue, Jul 16, 2002 at 09:23:14PM -0400, Boris Veytsman wrote: TeX people are from a different culture. TeX is not going to evolve. It is frozen. As Knuth said, These fonts are never going to change again (http://sunburn.stanford.edu/~knuth/cm.html). If that philosophy is embodied in a copyright license, it violates clause 3 of the DFSG and is unsuitable for the Debian distribution. TeX is not being distributed by Debian. teTeX, a distribution that includes a TeX-like component is. Thankfully, the TeX license is simple, and easily understood, unlike the LPPL-1.3 draft. I would recommend reading it yourself, Branden, just so that you don't get thrown red herrings. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: the basis below LaTeX, texinfo et al
On Wed, Jul 17, 2002 at 09:28:05AM +0200, Frank Mittelbach wrote: Simon Law writes: TeX is not being distributed by Debian. teTeX, a distribution please, who is throwing red herrings here? Apologies all around. I obviously did a thinko, and forgot that I saw This is TeX everytime I fired it up. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [PATCH] License exception for OpenSSL (was Re: Linking Nessus with OpenSSL)
Hi Renaud, On Wed, Jun 26, 2002 at 01:08:42AM +0200, Renaud Deraison wrote: On Tue, Jun 25, 2002 at 07:04:32PM -0400, Simon Law wrote: Just touching base with you regarding the license conflict with OpenSSL. Have you had a chance to talk to your lawyer? I'm not pushing, but I'd like to remind you that there is still a legal problem with distributing copies of Nessus linked to OpenSSL. I did not find the time to see my lawyer yet. I'll try to get the problem solved next week (and for some reason, I really need my lawyer's advice on this). I hope you're doing well. Were you able to find acceptable terms that allow a GPL exception that allows us to link with the OpenSSL library? I know you thought the standard FSF exception had a legal loophole that you were uncomfortable including. I'd like to remind you that Debian cannot distribute a version of Nessus 1.2.x with SSL support because of the GPL violation that would entail. To refresh your memory, we need your explicit permission to link with OpenSSL. As well, that exception clause must be removable so that Nessus reverts to pure GPL, so that Nessus will remain Free. Thanks for all your time and effort. I certainly look forward to the day that Debian can legally distribute Nessus with SSL support! Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Linux Fonts
On Tue, Jul 09, 2002 at 01:19:57PM -0500, Branden Robinson wrote: On Tue, Jul 09, 2002 at 04:47:08PM +0200, Radovan Garabik wrote: so the GPL text itself is not DFSG compliant? Oops. Old news. Read the archives of debian-legal for the past 9 months. That's right, every word of them. Only then are you allowed to make snotty remarks about copyright, licenses, or license texts. :-P I started going back in the archives about three months ago. All I know is that copyright, license and license texts got somehow intertwined with fluffy towels and millionaires in Nigeria sometime back there. No wonder people blindly accept an EULA. They probably think they're getting 20% of a milionaire's fluffy velour towers. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
GPLed software and OpenSSL
Hi guys, My work with Renaud and the Nessus team has led me to be more sensitive to the OpenSSL situation. (Unfortunately, we still don't have a resolution yet.) This is why my eyebrows raised when I looked at snort and found that it had the same problem! We distributed snort-mysql linked with OpenSSL which we are not allowed to do! I think it is indicative that there is a huge flaw in the OpenSSL licensing; specifically, that thrice damned advertising clause. I decided to take a look at what Reverse Depends on OpenSSL: [EMAIL PROTECTED]:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep '^ ' | wc -l 165 These 165 packages include such GPLed software as: nessus, snort, wget-ssl, proftpd, kdelibs3-crypto, postgresql, gnustep-ssl, etc... I'm very disturbed by this discovery, as we would be doing something illegal by distributing these packages in the upcoming release. What should we do? Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPLed software and OpenSSL
On 29 May 2002, Jeff Licquia wrote: On Wed, 2002-05-29 at 08:11, Simon Law wrote: I decided to take a look at what Reverse Depends on OpenSSL: [EMAIL PROTECTED]:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep '^ ' | wc -l 165 These 165 packages include such GPLed software as: nessus, snort, wget-ssl, proftpd, kdelibs3-crypto, postgresql, gnustep-ssl, etc... I'm very disturbed by this discovery, as we would be doing something illegal by distributing these packages in the upcoming release. What should we do? Out of curiosity, do you have non-us in your sources.list? It would be interesting to find out how much of that software is really in main. Yes, I do have non-us in my list. Removing it narrow our group down to 16, none of which seem to be in violation. One solution to the problem, assuming that most of the violations are in non-us, would be to not generate ISOs with non-us on them. This is practical now that crypto-in-main is done. At least in theory, then, OpenSSL (which is in main) would be normally distributed with Debian, and these components would not accompan[y] the executable. I don't like it much, but it would at least have a veneer of respectability. Well, if the stuff is available off Debian servers, then we are basically distributing them. As well, libssl0.9.6 isn't automatically installed with the system. It sort of seems like you're using a quirk in the wording as opposed to real technical differences. As for GPLed stuff in main linked against OpenSSL: I don't know. It really should be pulled. OTOH, we're already nearly a month behind on releasing woody, and pulling some of that stuff would be a bit harsh. It would be. I wish that I had caught this stuff sooner. I'd also be careful, though, and check your licenses. At least one that you mention (postgresql) is BSD. You are correct. It's license is XFree86-style, and not GPL. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPLed software and OpenSSL
On 29 May 2002, Jeff Licquia wrote: On Wed, 2002-05-29 at 13:01, Edmund GRIMLEY EVANS wrote: Steve Langasek [EMAIL PROTECTED]: In the legal world, wording makes all the difference. The GPL specifically talks about code that's distributed *with* the GPLed binary, not about code distributed *by the same people as* the GPLed binary, and we have no reason to believe that this distinction was unintentional. Many vendors of proprietary Unices (e.g., Sun) seem to already be counting on the fact that it is not. This seems very dodgy. Firstly, you're claiming that main does not accompany non-us, which is very hard to justify as it's all on the same servers and non-us doesn't make much sense without main. The fact that non-us doesn't make sense without main isn't really relevant. We're trying to fit into the GPL exception for system libraries; if we can fit, then the dependency on the OpenSSL system library isn't a problem. libssl0.9.6 is a standard library in main, so I guess it could very well be construed as a standard Debian Operating System library. Could we get the FSF to clarify if this would allow us to link GPLed software to this library under the OS linking provision? If the FSF approves this, then we can take corrective action with the software authors; as I'm sure most of them don't want their users violating the GPL by accident. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPLed software and OpenSSL
On 29 May 2002, Jeff Licquia wrote: In most cases, I think that rebuilding the package with --no-ssl or some such should do the trick. For others, simply removing the offending package may also suffice. This would seriously cripple most security software. Which is not something I'd like to see. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#147430: hpoj: Linking against OpenSSL licensing modification (GPL)
On 22 May 2002, Jeff Licquia wrote: If you are looking for a sample license statement that has been considered to be good, you might want to look at the license that the authors of CUPS are planning to use. A copy can currently be found at http://www.cups.org/new-license.html. It has additional rights you probably aren't interested in; the main salient points are that it describes as exactly as possible what exceptions to the GPL are allowed, and it allows third parties to strip out the exceptions so the code can be linked to straight-GPLed code without such exceptions. Of course, it doesn't explain what the OpenSSL Toolkit is much better than the proposed text does, so you will probably want to modify that. Please use the official GNU sanctioned statement. It highlights that you shouldn't modify the GPL, and it also provides good boilerplate; so you don't have to make up your own. http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Linking Nessus with OpenSSL
Hi Renaund et al., First off, I want to thank everyone for a great job with Nessus 1.2.0. It's much better compared to Nessus 1.0.10, which I was running before. You guys are fantastic. As I was compiling Nessus 1.2.0, I noticed something of concern. It seems like Nessus, a piece of GPL'ed software, links with the OpenSSL libraries, a piece of BSD software that includes the advertising clause. Unfortunately, we all know that those two licenses don't play well together. Now, I'm sure that this is completely accidental. However, I propose that you can remedy the situation by performing a slight modification to the current license by which you are distributing nessus-core, libnasl, and nessus-plugins. You may put in a special exemption to the GPL allowing Nessus to be linked to OpenSSL and distributed freely. As well, to keep Nessus free, you should also put in a clause allowing anyone else to remove this exemption in their derivative works. Please see http://www.cups.org/new-license.html for an example of how GPL'ed software can be linked with the OpenSSL toolkit. Thanks for your time. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
