Re: Legal status of Audacity in releases newer than Bullseye

2021-07-13 Thread Mihai Moldovan 
* On 7/12/21 10:58 PM, Sam Hartman wrote:
> None of the issues you are bringing up are license issues, nor do they
> affect what changes Debian (or our users) can make to the software.
> 
> The Debian maintainers of the packages in question can decide which of
> the upstream changes they wish to revert.
> It seems likely we'll turn off telemetry by default, because we often
> do.

Additionally, it doesn't look like any changes are even necessary, if I
understand the material correctly:

  - The telemetry code (as implemented now) is both optional and DISABLED by
default in the build system. Maintainers would need to explicitly turn it
on to be compiled/used.
  - Only the builds/binaries published by Muse Group explicitly enable the
option.

Unless this situation changes, there is no need for the packagers to do
anything, other than monitor changes to the build system with every new version
to check if the disabled-by-default state switches to enabled-by-default.



Mihai



OpenPGP_signature
Description: OpenPGP digital signature

Re: Legal status of Audacity in releases newer than Bullseye

2021-07-12 Thread Sam Hartman 
> "Bone" == Bone Baboon  writes:
Bone> Here is some additional details.

Bone> Two key issues with Muse Group's new privacy policy for
Bone> Audacity are the on by default telemetry and that Audacity can
Bone> no longer be used for any purpose contradicting freedom 0.

Bone> # On by default telemetry

Bone> On by default telemetry is being introduced to Audacity.  The
Bone> on by default telemetry collects IP address information,
Bone> system information and Audacity version information.

That's not a GPL violation.
Anyone is free to modify the software to turn that off.
It's not something Debian is likely to keep.  It's up to the individual
maintainer though.


Bone> # Freedom 0

Bone> Audacity can no longer be used for any purpose.  Section 3 of
Bone> the Muse Group's new privacy policy for Audacity
Bone> 
Bone> says:

>> 3 Minors
>> 
>> 1 The App we provide is not intended for individuals below the
>> age of 13. If you are under 13 years old, please do not use the
>> App.

That's not a GPL violation.  It's not a license restriction on the app.
It's not even a usage restriction on the app; it's a request.  It seems
like it is very carefully worded to avoid falling under certain laws
without being a license restriction.

If you don't like that text, remove it from your copy of the app  and
stop using any web services that privacy policy applies to.

None of the above are DFSG violations either.

Let's take DFSG 5:

5. No Discrimination Against Persons or Groups
   The **license** must not discriminate against any person or group of
   persons.

Emphasis added by me.
It's not a DFSG violation if the software discriminates against
persons.  We aren't very fond of such discrimination and might  well not
package such software (or might remove such discrimination), but it's
not a DFSG violation.

I could totally stick a game in Debian that started up by popping up a
dialogue box.  "Are you under 18? yes/no?"  And if you click no, pops up
"This childish game is only for those under 18," and exits.  That would
not be a DFSG violation.  I suspect if I did that I'd get a number of RC
bugs, and generally the community would probably end up deciding Debian
didn't want to ship that game in that way.

The DFSG requires that we able to remove that discrimination if we like.
We can change the privacy policy for software we ship, at least in so
far as  it affects interactions on your local system.
(We ought to respect privacy policies of web services we connect to and
accurately reflect what they are).


None of the issues you are bringing up are license issues, nor do they
affect what changes Debian (or our users) can make to the software.

The Debian maintainers of the packages in question can decide which of
the upstream changes they wish to revert.
It seems likely we'll turn off telemetry by default, because we often
do.

Re: Legal status of Audacity in releases newer than Bullseye

2021-07-12 Thread Bone Baboon 
jorkanof...@tutanota.com writes:

> To who it may concern
>
> As you know the audacity project has been recently acquired by musegroup. 
> Since then there have been a series of changes impacting Audacity. One such 
> change is that telemetry has been included in newer versions of audacity no 
> the one currently in the Debian repository for Bullseye and Sid (version 
> 2.4.2), and has a requirement which both violates the GPLv2 license, the 
> GPLv3 license as well as the Debian Free Software Guidelines. There has been 
> a fork, which removes the questionable code, which can be found here: 
> https://github.com/cookiengineer/audacity. Here is the github issue thread 
> explaining the license violation issue with regards to the privacy policy: 
> https://github.com/audacity/audacity/issues/1213 What is the plan going 
> forward, after the release of Debian 11 (since version 2.4.2 is unaffected by 
> the licensing isuse) in regards to Audacity in the Debian package repository? 
> Should this GPL2 violation be reported, if so to what organization? How will 
> it impact the audacity package in bullseye-backports, bookworm as well as 
> newer versions?
>
> Looking forward towards your answers
>
> Regards
>
> Jorkano

Here is some additional details.

Two key issues with Muse Group's new privacy policy for Audacity are the
on by default telemetry and that Audacity can no longer be used for any
purpose contradicting freedom 0.

# On by default telemetry

On by default telemetry is being introduced to Audacity.  The on by
default telemetry collects IP address information, system information
and Audacity version information.




# Freedom 0

Audacity can no longer be used for any purpose.  Section 3 of the Muse
Group's new privacy policy for Audacity
 says:

> 3 Minors
>
> 1 The App we provide is not intended for individuals below the age
> of 13. If you are under 13 years old, please do not use the App.

This age restriction contradicts freedom 0.


> The freedom to run the program as you wish, for any purpose
> (freedom 0).

This age restriction also contradicts Audacity's GPL version 2 license
 which
says:

> The act of running the Program is not restricted

Re: Legal status of Audacity in releases newer than Bullseye

2021-07-07 Thread Jonathan Carter 
On 2021/07/05 02:58, jorkanof...@tutanota.com wrote:
> As you know the audacity project has been recently acquired by
> musegroup. Since then there have been a series of changes impacting
> Audacity. One such change is that telemetry has been included in newer
> versions of audacity no the one currently in the Debian repository for
> Bullseye and Sid (version 2.4.2), and has a requirement which both
> violates the GPLv2 license, the GPLv3 license as well as the Debian Free
> Software Guidelines. There has been a fork, which removes the
> questionable code, which can be found
> here: https://github.com/cookiengineer/audacity
> . Here is the github issue
> thread explaining the license violation issue with regards to the
> privacy policy: https://github.com/audacity/audacity/issues/1213
>  What is the plan
> going forward, after the release of Debian 11 (since version 2.4.2 is
> unaffected by the licensing isuse) in regards to Audacity in the Debian
> package repository? Should this GPL2 violation be reported, if so to
> what organization? How will it impact the audacity package in
> bullseye-backports, bookworm as well as newer versions?

I still need to read both the following article and all sources properly
(along with actual audacity changes announced), but it appears that
there might be more to it, according to Ars Technica:

https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor-is-not-spyware/

-Jonathan

Re: Legal status of Audacity in releases newer than Bullseye

2021-07-04 Thread Daniel Hakimi 
At a glance, while Debian shouldn't distribute it and the community should
certainly fork, I'm not sure it's technically a GPL violation. Is there a
clickwrap page requiring you to agree to the privacy policy to use
audacity? Does Audacity as they distribute it involve any network-related
services?

GPL packages are allowed to ship with privacy policies (although they
usually don't need them), and those policies normally cover your use of
certain services alongside the software (here, telemetry services, which
you're hardly "using," but you know, use a fork). Now, you can't be
required to agree to the policy to use Audacity... that's a problem for
them, but are they requiring it? As I mentioned above -- is it
clickwrapped, or just linked to on their website?

Regards,

Daniel J. Hakimi
B.S. Philosophy, RPI 2012
B.S. Computer Science, RPI 2012
J.D. Cardozo Law 2015


On Sun, Jul 4, 2021 at 9:15 PM  wrote:

> To who it may concern
>
> As you know the audacity project has been recently acquired by musegroup.
> Since then there have been a series of changes impacting Audacity. One such
> change is that telemetry has been included in newer versions of audacity no
> the one currently in the Debian repository for Bullseye and Sid (version
> 2.4.2), and has a requirement which both violates the GPLv2 license, the
> GPLv3 license as well as the Debian Free Software Guidelines. There has
> been a fork, which removes the questionable code, which can be found here:
> https://github.com/cookiengineer/audacity. Here is the github issue
> thread explaining the license violation issue with regards to the privacy
> policy: https://github.com/audacity/audacity/issues/1213 What is the plan
> going forward, after the release of Debian 11 (since version 2.4.2 is
> unaffected by the licensing isuse) in regards to Audacity in the Debian
> package repository? Should this GPL2 violation be reported, if so to what
> organization? How will it impact the audacity package in
> bullseye-backports, bookworm as well as newer versions?
>
> Looking forward towards your answers
>
> Regards
>
> Jorkano
>

Re: Legal status of Audacity in releases newer than Bullseye

2021-07-04 Thread Paul Wise 
On Mon, Jul 5, 2021 at 1:15 AM  wrote:

> there have been a series of changes impacting Audacity.

This sounds like something that should be reported as a bug against
the Debian package requesting to switch to the fork.

https://www.debian.org/Bugs/Reporting

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Legal status of Audacity in releases newer than Bullseye

2021-07-04 Thread jorkanofaln 
To who it may concern

As you know the audacity project has been recently acquired by musegroup. Since 
then there have been a series of changes impacting Audacity. One such change is 
that telemetry has been included in newer versions of audacity no the one 
currently in the Debian repository for Bullseye and Sid (version 2.4.2), and 
has a requirement which both violates the GPLv2 license, the GPLv3 license as 
well as the Debian Free Software Guidelines. There has been a fork, which 
removes the questionable code, which can be found here: 
https://github.com/cookiengineer/audacity. Here is the github issue thread 
explaining the license violation issue with regards to the privacy policy: 
https://github.com/audacity/audacity/issues/1213 What is the plan going 
forward, after the release of Debian 11 (since version 2.4.2 is unaffected by 
the licensing isuse) in regards to Audacity in the Debian package repository? 
Should this GPL2 violation be reported, if so to what organization? How will it 
impact the audacity package in bullseye-backports, bookworm as well as newer 
versions?

Looking forward towards your answers

Regards

Jorkano