Re: MPL and Source Code
Craig Southeren wrote: > On Wed, 05 Apr 2006 01:18:34 -0700 > Josh Triplett <[EMAIL PROTECTED]> wrote: >> I think the Debian CVS/SVN server meets the definition and would most >> likely satisfy the license, though it could potentially cause problems >> for our mirror operators. > > I don't see why. Because they then depend on us to continue providing source, rather than mirroring it themselves. >> I think you have successfully argued that we can satisfy this >> requirement of the license, and thus we could probably legally >> distribute MPLed software; however, distributability only gets you as >> far as the non-free archive. > > Given that the Debian definition of free basically means "GPL compatible", > I never really expected anything else :) No, it doesn't. Debian's definition of Free provides considerably more leeway than GPL-compatibility. - Josh Triplett signature.asc Description: OpenPGP digital signature
Re: MPL and Source Code
Craig Southeren <[EMAIL PROTECTED]> wrote: > On Wed, 5 Apr 2006 12:42:49 +0300 > Tzafrir Cohen <[EMAIL PROTECTED]> wrote: > >> On Wed, Apr 05, 2006 at 07:29:37PM +1000, Craig Southeren wrote: >> > On Wed, 05 Apr 2006 01:18:34 -0700 >> > Josh Triplett <[EMAIL PROTECTED]> wrote: >> >> > > I think you have successfully argued that we can satisfy this >> > > requirement of the license, and thus we could probably legally >> > > distribute MPLed software; however, distributability only gets you as >> > > far as the non-free archive. >> > >> > Given that the Debian definition of free basically means "GPL compatible", >> > I never really expected anything else :) >> >> GPL-compatible as in openssh and openssl? > > The modified BSD license is GPL compatible, isn't it? (I know the > original BSD license isn't) That doesn't matter. GPL-compatibility or copyleft ist *not* a requirement of the DFSG, not at all. Regards, Frank -- Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX)
Re: MPL and Source Code
On Wed, 5 Apr 2006 12:42:49 +0300 Tzafrir Cohen <[EMAIL PROTECTED]> wrote: > On Wed, Apr 05, 2006 at 07:29:37PM +1000, Craig Southeren wrote: > > On Wed, 05 Apr 2006 01:18:34 -0700 > > Josh Triplett <[EMAIL PROTECTED]> wrote: > > > > I think you have successfully argued that we can satisfy this > > > requirement of the license, and thus we could probably legally > > > distribute MPLed software; however, distributability only gets you as > > > far as the non-free archive. > > > > Given that the Debian definition of free basically means "GPL compatible", > > I never really expected anything else :) > > GPL-compatible as in openssh and openssl? The modified BSD license is GPL compatible, isn't it? (I know the original BSD license isn't) > A number of other points were raised here. For instance, that in certain > cases the MPL license would require you to change a specific file in the > source-distribution itself (which kind of gets in the way of signed > packages). I think I missed that statement. Which file needs to be changed? ..deleted Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
On Wed, Apr 05, 2006 at 07:29:37PM +1000, Craig Southeren wrote: > On Wed, 05 Apr 2006 01:18:34 -0700 > Josh Triplett <[EMAIL PROTECTED]> wrote: > > I think you have successfully argued that we can satisfy this > > requirement of the license, and thus we could probably legally > > distribute MPLed software; however, distributability only gets you as > > far as the non-free archive. > > Given that the Debian definition of free basically means "GPL compatible", > I never really expected anything else :) GPL-compatible as in openssh and openssl? A number of other points were raised here. For instance, that in certain cases the MPL license would require you to change a specific file in the source-distribution itself (which kind of gets in the way of signed packages). Since this flame is only regarding the specific issue of keeping the source availble for one extra year, I gather that in all other points no difficulty was found? Regards -- Tzafrir Cohen sip:[EMAIL PROTECTED] icq#16849755 iax:[EMAIL PROTECTED] +972-50-7952406 [EMAIL PROTECTED] http://www.xorcom.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Wed, 05 Apr 2006 01:18:34 -0700 Josh Triplett <[EMAIL PROTECTED]> wrote: ..deleted > > > > The MPL states 12 months, and the GPL had three years (for certain > > methods of distribution) but I don't know of any license that required > > 100 years. I agree that any such period of time would be unfairly > > onerous. > > Quantitative points rarely make the difference between free and > non-free. If requiring source 100 years after you stop providing the > binary would clearly classify a license as non-free, then generally so > would 3 years or 1 year. I guess it depends on your definition of free. But that's a whole different argument :) ..deleted > > Is there any disagreement as to whether this would apply? > > I think the Debian CVS/SVN server meets the definition and would most > likely satisfy the license, though it could potentially cause problems > for our mirror operators. I don't see why. > But the question of whether Debian can > satisfy the license stands completely independent of whether Debian > considers the license Free. We can satisfy the licenses of every piece > of software in non-free, or we couldn't legally distribute them. Make sense. > I think you have successfully argued that we can satisfy this > requirement of the license, and thus we could probably legally > distribute MPLed software; however, distributability only gets you as > far as the non-free archive. Given that the Debian definition of free basically means "GPL compatible", I never really expected anything else :) Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
Craig Southeren wrote: > On Tue, 04 Apr 2006 23:13:32 -0400 > Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > >> Craig Southeren wrote: >>> This means theoretically that the lifetime of a source release under the >>> GPL is the same as a binary release. Once the binary is no longer >>> distributed, then the source no longer has to be distributed either. >>> As a user, the seems more than a little unreasonable, but if that's what >>> the license says.. >>> >>> The MPL requirement for 12 months seems quite reasonable, and I can't >>> see that any packager (Debian included) would have a problem with >>> meeting it. >>> >> Well, first off, we have to set a boundary somewhere: While 1 year may >> seem reasonable, certainly 100 is not. Debian has chosen "for as long as >> the binary is being distributed" as our line between reasonable and >> unreasonable. There are several reasons that spring to mind: > > Not sure where the 100 years came from - I certainly never proposed it! :) > > The MPL states 12 months, and the GPL had three years (for certain > methods of distribution) but I don't know of any license that required > 100 years. I agree that any such period of time would be unfairly > onerous. Quantitative points rarely make the difference between free and non-free. If requiring source 100 years after you stop providing the binary would clearly classify a license as non-free, then generally so would 3 years or 1 year. [snip Anthony's excellent practical arguments against requiring source longer than binaries] > I don't see that the MPL (or the GPL) requires that there are > pre-packaged source packages available that correspond one-to-one basis > for executable packages. Most likely not, given sufficient care taken with the repository. > As such, I think that the Debian CVS/SVN server meets the definition of > electronic distribution for the terms of the MPL - provided that there > are appropriate tags/revision markers available for each identified > release, AND provided the revision control system is publically > available, AND provided the revision control system contains all of the > sources, AND provided historical revision information is not purged > within 12 months of a release. > > Is there is any reason why any of these requirements would not be met? > > Is there any disagreement as to whether this would apply? I think the Debian CVS/SVN server meets the definition and would most likely satisfy the license, though it could potentially cause problems for our mirror operators. But the question of whether Debian can satisfy the license stands completely independent of whether Debian considers the license Free. We can satisfy the licenses of every piece of software in non-free, or we couldn't legally distribute them. I think you have successfully argued that we can satisfy this requirement of the license, and thus we could probably legally distribute MPLed software; however, distributability only gets you as far as the non-free archive. - Josh Triplett signature.asc Description: OpenPGP digital signature
Re: MPL and Source Code
On Tue, 04 Apr 2006 23:13:32 -0400 Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > Craig Southeren wrote: > > This means theoretically that the lifetime of a source release under the > > GPL is the same as a binary release. Once the binary is no longer > > distributed, then the source no longer has to be distributed either. > > As a user, the seems more than a little unreasonable, but if that's what > > the license says.. > > > > The MPL requirement for 12 months seems quite reasonable, and I can't > > see that any packager (Debian included) would have a problem with > > meeting it. > > > Well, first off, we have to set a boundary somewhere: While 1 year may > seem reasonable, certainly 100 is not. Debian has chosen "for as long as > the binary is being distributed" as our line between reasonable and > unreasonable. There are several reasons that spring to mind: Not sure where the 100 years came from - I certainly never proposed it! :) The MPL states 12 months, and the GPL had three years (for certain methods of distribution) but I don't know of any license that required 100 years. I agree that any such period of time would be unfairly onerous. >1. Distribution of source at least as long as distributing the binary > is, I think we all can agree, in the best interest of free > software (one of the priorities Debian pledges itself to in its > Social Contract). >2. Requiring distribution of source for longer than the binary does > not allow me to stop distributing when I want; instead, it > requires me to bear potentially high costs for X additional months. > * Your web site is mentioned on Slashdot, suddenly you get a > either a huge bandwidth bill or to turn your site off. > You're just a student and can't afford the bill. But you > have no choice; you must keep your site on for X months > after you last distributed the binary. >3. It is not possible to guarantee that you'll be able to distribute > the source for X months after you stop distributing the binary > * Your web hosting company's Internet connection breaks. You > are suddenly in violation of the license. > * You fall ill and thus are unable to pay your hosting bills. > Once again, you're in violation (though a good lawyer could > help you out of this one, I'm sure). > * You lose your job. Once again, you're unable to pay your > hosting bills. Now you're violating the license. >4. Debian is already far too large. Many of our mirror ops have > apparently been telling us we need to shrink our archive. > FTP-masters (the people who run our FTP servers) are already > splitting off a large section of the archive to help; certainly we > don't want to make the archive even bigger! > * It'd be difficult to track which programs require keeping > source for X months after the binary. We'd have to track > each different value of X individually as well. The end > result would be that we'd wind up keeping all source for > max(X0, X1, ...). This would substantially enlarge the archive. > > These are just some quick thoughts. As you can see, there are some > problems with requiring source to be kept longer than the binary. I > think we're right drawing the line at "no longer than the binary." These are all fair and reasonable arguments, and as someone who pays for a web hosting site for an Open Source project out of my own pocket, I can certainly appreciate that there are costs associated with distribution My point is simply that having the source available for only as long as the executable is available seems to me (as a consumer) to be pretty severe. This has been discussed before in this thread, so I'll not rehash my thoughts on this matter. But lets bring this back to the point I tried to make initially. I don't see that the MPL (or the GPL) requires that there are pre-packaged source packages available that correspond one-to-one basis for executable packages. As such, I think that the Debian CVS/SVN server meets the definition of electronic distribution for the terms of the MPL - provided that there are appropriate tags/revision markers available for each identified release, AND provided the revision control system is publically available, AND provided the revision control system contains all of the sources, AND provided historical revision information is not purged within 12 months of a release. Is there is any reason why any of these requirements would not be met? Is there any disagreement as to whether this would apply? Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ
Re: MPL and Source Code
Craig Southeren wrote: This means theoretically that the lifetime of a source release under the GPL is the same as a binary release. Once the binary is no longer distributed, then the source no longer has to be distributed either. As a user, the seems more than a little unreasonable, but if that's what the license says.. The MPL requirement for 12 months seems quite reasonable, and I can't see that any packager (Debian included) would have a problem with meeting it. Well, first off, we have to set a boundary somewhere: While 1 year may seem reasonable, certainly 100 is not. Debian has chosen "for as long as the binary is being distributed" as our line between reasonable and unreasonable. There are several reasons that spring to mind: 1. Distribution of source at least as long as distributing the binary is, I think we all can agree, in the best interest of free software (one of the priorities Debian pledges itself to in its Social Contract). 2. Requiring distribution of source for longer than the binary does not allow me to stop distributing when I want; instead, it requires me to bear potentially high costs for X additional months. * Your web site is mentioned on Slashdot, suddenly you get a either a huge bandwidth bill or to turn your site off. You're just a student and can't afford the bill. But you have no choice; you must keep your site on for X months after you last distributed the binary. 3. It is not possible to guarantee that you'll be able to distribute the source for X months after you stop distributing the binary * Your web hosting company's Internet connection breaks. You are suddenly in violation of the license. * You fall ill and thus are unable to pay your hosting bills. Once again, you're in violation (though a good lawyer could help you out of this one, I'm sure). * You lose your job. Once again, you're unable to pay your hosting bills. Now you're violating the license. 4. Debian is already far too large. Many of our mirror ops have apparently been telling us we need to shrink our archive. FTP-masters (the people who run our FTP servers) are already splitting off a large section of the archive to help; certainly we don't want to make the archive even bigger! * It'd be difficult to track which programs require keeping source for X months after the binary. We'd have to track each different value of X individually as well. The end result would be that we'd wind up keeping all source for max(X₀, X₁, ...). This would substantially enlarge the archive. These are just some quick thoughts. As you can see, there are some problems with requiring source to be kept longer than the binary. I think we're right drawing the line at "no longer than the binary." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Tue, Apr 04, 2006 at 01:36:42PM +1000, Craig Southeren wrote: > On Mon, 03 Apr 2006 23:15:05 -0400 > Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > > Craig Southeren wrote: > > > > > > Does the NMU end up in the repository eventually? If so, then I don't > > > see this as a problem. > > > > > Merging the NMU into the repository is up to the maintainer (he is, > > after all, the one with commit access). Given Debian's persistent > > problems with MIA maintainers, it â unfortunately â does not always > > happen. Multiple NMU's often go completely unacknowledged by the maintainer. > > I guess I'm confused, probably because I'm not knowledgable about Debian > release procedures. > > Where does the source for the NMU reside? Is it just part of the source > code release, but not in the repository? If so, then I don't see any > problem - as long as the source code is available somewhere, then that's > all that is needed to conform the the license. The source code is stored adjacent to the binary packages, on the archive servers and mirrors. When the binary packages are removed, the associated source package is removed along with it. - Matt
Re: MPL and Source Code
On Tue, Apr 04, 2006 at 01:22:50PM +1000, Craig Southeren wrote: > On Mon, 3 Apr 2006 20:03:37 -0700 > Steve Langasek <[EMAIL PROTECTED]> wrote: > > On Tue, Apr 04, 2006 at 12:23:09PM +1000, Craig Southeren wrote: > > > > > Because if it is Debian policy to distribute binaries where the source > > > > > code is not guaranteed to be publically available, then yes, I think > > > > > that could be a problem regardless of whether the license is MPL or > > > > > GPL. > > > > > > The source code is guaranteed to be publicly available for as long as > > > > the binary is, but no longer. > > > > > This is in violation of most Open Source licenses. > > > > > For example, the GPL requires source to be available on demand for up to > > > three years after distribution of the binary by electronic means. > > > > False. The GPL requirements are satisfied by making the source code > > available together with the binaries. The FSF has clarified that > > distributing works together on an ftp site satisfies the intent of the GPL's > > requirement of "a medium customarily used for software interchange". > > Sorry, I disagree. > > Section 3 of the GPL states that the source code for a binary-only > distribution must be available on demand for three years. It's a good thing we're not doing binary-only distribution then. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Tue, Apr 04, 2006 at 01:51:05PM +1000, Craig Southeren wrote: > This means theoretically that the lifetime of a source release under the > GPL is the same as a binary release. Once the binary is no longer > distributed, then the source no longer has to be distributed either. > As a user, the seems more than a little unreasonable, but if that's what > the license says.. If you think you might want the source later, then download it when you download the binary. > The MPL requirement for 12 months seems quite reasonable, and I can't > see that any packager (Debian included) would have a problem with > meeting it. Perhaps not philosophically, but practially we really can't do it. First up, it'd take a non-trivial amount of modification to the archive scripts. Next, archiving every release for some period of time would almost certainly chew a whole hell of a lot more disk space, and I don't think we could differentiate between MPL and non-MPL easily enough to only archive the MPL stuff. I'm up in the air about whether the MPL would require every mirror operator to carry all previous releases, or if they could be somewhere off-to-the-side (mpl-compliance.debian.org, anyone?) -- if all mirror operators need to carry all previous versions, then that's an even bigger problem. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On 04 Apr 2006 00:04:32 -0400 Michael Poole <[EMAIL PROTECTED]> wrote: ..deleted > [snip] > > The MPL specifies (see para 3.2) that source must be provided via an > > agreed "Electronic Distribution Mechanism", which is defined as (see > > para 1.4) "...a mechanism generally accepted in the software development > > community for the electronic transfer of data." > > > > I don't see why this excludes FTP. I would expect to also include HTTP, > > scp, rsync, or for that matter, CVS and SVN. > > The "Electronic Distribution Mechanism" clause applies if you want to > continue to provide source for six or twelve months, which is the > objection -- given package update rates, this could add up to hundreds > of megabytes of compressed files. Very true, but the alternative is that source code for an executable could disappear the moment that a new version of the executable is made available. While strictly speaking this would appear to conform to the letter of the license, I don't see it as being particularly useful. This would appear to impose a serious caveat on Open Source users, namely "get the source when you get the executable because the source may not be there there tomorrow" Which is why I originally suggested that making the source available via SVN or CVS could be considered as a performance of the "Electronic Distribution Mechanism" requirement. Thanks against for the education! Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
To all, OK - I've just gone through and re-re-re-read the posts, and I think I now see the point everyone is making: 1) The GPL provide three alternate and equivalent delivery mechanisms for binary distributions. Only one of them (physical delivery of media as defines in 3b) has a time limit associated with it. The others do not. 2) The MPL has two delivery mechanisms; same media as received, or electronic delivery. If the latter is used, then it must be available for 12 months after the date it initially become available. This means theoretically that the lifetime of a source release under the GPL is the same as a binary release. Once the binary is no longer distributed, then the source no longer has to be distributed either. As a user, the seems more than a little unreasonable, but if that's what the license says.. The MPL requirement for 12 months seems quite reasonable, and I can't see that any packager (Debian included) would have a problem with meeting it. Thanks to everyone for my ongoing education. Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
Craig Southeren writes: [snip] > Section 3 of the GPL states that the source code for a binary-only > distribution must be available on demand for three years. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) Which part of "one of the following" was unclear about giving a distributor the option to follow 3(a) but not 3(b)? [snip] > The MPL specifies (see para 3.2) that source must be provided via an > agreed "Electronic Distribution Mechanism", which is defined as (see > para 1.4) "...a mechanism generally accepted in the software development > community for the electronic transfer of data." > > I don't see why this excludes FTP. I would expect to also include HTTP, > scp, rsync, or for that matter, CVS and SVN. The "Electronic Distribution Mechanism" clause applies if you want to continue to provide source for six or twelve months, which is the objection -- given package update rates, this could add up to hundreds of megabytes of compressed files. The alternative listed is to distribute source "on the same media", and then canons of contract construction kick in; specifically, expressio unius est exclusio alterius, where the specification of "Electronic Distribution Mechanism" as a thing distinct from "media" means that the safe assumption is that an "Electronic Distribution Mechanism" cannot be "the same media". See, for example, Clinchfield Coal Co. v. FMSHRC, 895 F.2d 773, 779 (D.C. Cir. 1990). Michael Poole -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Mon, 03 Apr 2006 23:15:05 -0400 Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > Craig Southeren wrote: > > > > Does the NMU end up in the repository eventually? If so, then I don't > > see this as a problem. > > > Merging the NMU into the repository is up to the maintainer (he is, > after all, the one with commit access). Given Debian's persistent > problems with MIA maintainers, it â unfortunately â does not always > happen. Multiple NMU's often go completely unacknowledged by the maintainer. I guess I'm confused, probably because I'm not knowledgable about Debian release procedures. Where does the source for the NMU reside? Is it just part of the source code release, but not in the repository? If so, then I don't see any problem - as long as the source code is available somewhere, then that's all that is needed to conform the the license. Whether this is good development practise is a different question :) > > This is in violation of most Open Source licenses. > > > > For example, the GPL requires source to be available on demand for up to > > three years after distribution of the binary by electronic means. > > > > It's been pointed out elsewhere that this is not true. However, to > reiterate and clarify: > > The GPL gives three *alternative* (notice the "or"s after 3a and 3b) > ways to provide source; you may use any of the three you want. Debian > picks 3a, which is: > > 3(a). Accompany it with the complete corresponding machine-readable > source code, which must be distributed under the terms of Sections 1 > and 2 above on a medium customarily used for software interchange; or, > > This is clarified by the last paragraph of Section 3: > > If distribution of executable or object code is made by offering > access to copy from a designated place, then offering equivalent > access to copy the source code from the same place counts as > distribution of the source code, even though third parties are not > compelled to copy the source along with the object code. > > And this is exactly what Debian does: We place the binary in a > designated place (our FTP servers). We offer equivalent access to the > source code from the same place. And I agree with *all* of this. My problem is not with the *means* of the delivery. Both the GPL and the MPL allow both electronic and physical delivery of the source code. That's not the point I am making. My issue is that both the GPL and MPL (and other licenses too, probably) require that the source code must remain available for some period of time. As an open source user, this makes perfect sense. If I grab an executable for a Open Source program, I want to be able to go back and get the source for it at some later date. It's not reasonable to force everyone to grab sources when they get an executable, just in case the sources aren't there next week. On the other It makes sense to have some kind of sunset clause on this requirment, because we can't keep every version of everything forever. Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
On Mon, 3 Apr 2006 20:03:37 -0700 Steve Langasek <[EMAIL PROTECTED]> wrote: > On Tue, Apr 04, 2006 at 12:23:09PM +1000, Craig Southeren wrote: > > > > Because if it is Debian policy to distribute binaries where the source > > > > code is not guaranteed to be publically available, then yes, I think > > > > that could be a problem regardless of whether the license is MPL or GPL. > > > > The source code is guaranteed to be publicly available for as long as > > > the binary is, but no longer. > > > This is in violation of most Open Source licenses. > > > For example, the GPL requires source to be available on demand for up to > > three years after distribution of the binary by electronic means. > > False. The GPL requirements are satisfied by making the source code > available together with the binaries. The FSF has clarified that > distributing works together on an ftp site satisfies the intent of the GPL's > requirement of "a medium customarily used for software interchange". Sorry, I disagree. Section 3 of the GPL states that the source code for a binary-only distribution must be available on demand for three years. Your statement above means that the FSF has decided that FTP is a valid means to perform that distribution, which makes excellent sense. But it does not affect the time period over which the distrbution must be made available, which is 3 years. > In contrast, the MPL includes language that explicitly excludes this > interpretation. I disagree again The MPL specifies (see para 3.2) that source must be provided via an agreed "Electronic Distribution Mechanism", which is defined as (see para 1.4) "...a mechanism generally accepted in the software development community for the electronic transfer of data." I don't see why this excludes FTP. I would expect to also include HTTP, scp, rsync, or for that matter, CVS and SVN. Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
Craig Southeren wrote: Does the NMU end up in the repository eventually? If so, then I don't see this as a problem. Merging the NMU into the repository is up to the maintainer (he is, after all, the one with commit access). Given Debian's persistent problems with MIA maintainers, it — unfortunately — does not always happen. Multiple NMU's often go completely unacknowledged by the maintainer. This is in violation of most Open Source licenses. For example, the GPL requires source to be available on demand for up to three years after distribution of the binary by electronic means. It's been pointed out elsewhere that this is not true. However, to reiterate and clarify: The GPL gives three *alternative* (notice the "or"s after 3a and 3b) ways to provide source; you may use any of the three you want. Debian picks 3a, which is: 3(a). Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, This is clarified by the last paragraph of Section 3: If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. And this is exactly what Debian does: We place the binary in a designated place (our FTP servers). We offer equivalent access to the source code from the same place. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Tue, Apr 04, 2006 at 12:23:09PM +1000, Craig Southeren wrote: > On Mon, 03 Apr 2006 22:13:24 -0400 > Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > > > Craig Southeren wrote: > > > I'm not sure what an NMU is, but why are these not put into the SVN > > > archive? > > > > > A NMU (non-maintainer upload) is an upload by a person who is not the > > maintainer of the package. Reasons for this happening are numerous; > > trivial example is an urgent fix when the maintainer is on vacation, is > > missing, is too busy, etc. An NMU would often not be put in the revision > > control archive because the person doing the NMU does not have commit > > access to said repository. > > Does the NMU end up in the repository eventually? If so, then I don't > see this as a problem. 1) Not necessarily. 2) It's not appropriate for us to be violating the licence until someone gets around to importing the NMU into the repository (assuming it ever does go in). > > > Because if it is Debian policy to distribute binaries where the source > > > code is not guaranteed to be publically available, then yes, I think > > > that could be a problem regardless of whether the license is MPL or GPL. > > > > > The source code is guaranteed to be publicly available for as long as > > the binary is, but no longer. > > This is in violation of most Open Source licenses. > > For example, the GPL requires source to be available on demand for up to > three years after distribution of the binary by electronic means. No. It. Doesn't. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Tue, Apr 04, 2006 at 12:23:09PM +1000, Craig Southeren wrote: > > > Because if it is Debian policy to distribute binaries where the source > > > code is not guaranteed to be publically available, then yes, I think > > > that could be a problem regardless of whether the license is MPL or GPL. > > The source code is guaranteed to be publicly available for as long as > > the binary is, but no longer. > This is in violation of most Open Source licenses. > For example, the GPL requires source to be available on demand for up to > three years after distribution of the binary by electronic means. False. The GPL requirements are satisfied by making the source code available together with the binaries. The FSF has clarified that distributing works together on an ftp site satisfies the intent of the GPL's requirement of "a medium customarily used for software interchange". In contrast, the MPL includes language that explicitly excludes this interpretation. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: MPL and Source Code
On Mon, 03 Apr 2006 22:13:24 -0400 Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > Craig Southeren wrote: > > I'm not sure what an NMU is, but why are these not put into the SVN > > archive? > > > A NMU (non-maintainer upload) is an upload by a person who is not the > maintainer of the package. Reasons for this happening are numerous; > trivial example is an urgent fix when the maintainer is on vacation, is > missing, is too busy, etc. An NMU would often not be put in the revision > control archive because the person doing the NMU does not have commit > access to said repository. Does the NMU end up in the repository eventually? If so, then I don't see this as a problem. > > Because if it is Debian policy to distribute binaries where the source > > code is not guaranteed to be publically available, then yes, I think > > that could be a problem regardless of whether the license is MPL or GPL. > > > The source code is guaranteed to be publicly available for as long as > the binary is, but no longer. This is in violation of most Open Source licenses. For example, the GPL requires source to be available on demand for up to three years after distribution of the binary by electronic means. Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
Craig Southeren wrote: I'm not sure what an NMU is, but why are these not put into the SVN archive? A NMU (non-maintainer upload) is an upload by a person who is not the maintainer of the package. Reasons for this happening are numerous; trivial example is an urgent fix when the maintainer is on vacation, is missing, is too busy, etc. An NMU would often not be put in the revision control archive because the person doing the NMU does not have commit access to said repository. Because if it is Debian policy to distribute binaries where the source code is not guaranteed to be publically available, then yes, I think that could be a problem regardless of whether the license is MPL or GPL. The source code is guaranteed to be publicly available for as long as the binary is, but no longer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
Scripsit Craig Southeren <[EMAIL PROTECTED]> > But the same licenses that provide this freedom requires the distributor > to make the source code available for the appropriate period regardless > of what the upstream developer does. For free software, "the appropriate period" is exactly as long as binaries are distributed. If the licence terms require a longer period, then the software is not free. > This would appear to be a problem that applies to any Open Source work > that is distributed in binary form, and not on physical media. For > example, the GPL requires a distributor to provide source code on demand > for up to three years (see 3b) if the code is distrbuted in binary form. No it does not. Read the GPL. Clause 3(b) is a non-free option but fortunately the GPL also allows a distributor to use the free clause 3(a) instead. -- Henning Makholm "Also, the letters are printed. That makes the task of identifying the handwriting much more difficult." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
El lunes, 3 de abril de 2006 a las 13:02:58 +1000, Craig Southeren escribía: > If Debian is not ensuring that all source code for it's distribution is > publically available via it's archives, then I agree that this is not > only a problem for Debian, but it is definitaly a problem for downstream > repackagers who rely on this. Debian does not ensure that it will have source code for any given package one year after its initial release. For example, if package foo 3.17, which is only in unstable, is replaced by package foo 3.18, the source code for 3.17 is deleted immediately. If foo were distributed under the terms of the MPL, Debian would have to keep the source code for any version released less than one year ago, and Debian's not willing to do it. -- Jacobo Tarrío | http://jacobo.tarrio.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
Craig Southeren <[EMAIL PROTECTED]> wrote: > On Sun, 2 Apr 2006 15:22:31 -0400 > Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > >> On Sun, Apr 02, 2006 at 08:54:53PM +1000, Craig Southeren wrote: >> >> > A problem would only occur if there was a Debian release that contained >> > source code that is is not in the SVN archive. Does this ever occur? >> >> Security updates and NMU's come to mind. > > I'm not sure what an NMU is, A Non-maintainer upload by some other Debian developer > but why are these not put into the SVN > archive? Mostly because that other Debian developer doesn't necessarily have write access to the maintainer's SVN archive. > Because if it is Debian policy to distribute binaries where the source > code is not guaranteed to be publically available, then yes, I think > that could be a problem regardless of whether the license is MPL or GPL. We always distribute the source code; but we don't *archive* the source code after there's been a new upload with new source code. That's no problem with the GPL, but it appears to be with the MPL. Regards, Frank -- Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX)
Re: MPL and Source Code
Michael Poole <[EMAIL PROTECTED]> > This is not the only issue with the MPL -- as Mike Hommey recently > reminded -legal, there are others[1]. [...] > [1]- http://lists.debian.org/debian-legal/2004/06/msg00221.html Don't trust everything you read so much. That draft summary was written by a newbie after practically no discussion. The MPL isn't very clear, but I think software released under it can be free or non-free depending on its particular use and the licensor's statements about changelogs, source control, patents and so on. -- MJR/slef My Opinion Only: see http://people.debian.org/~mjr/ Please follow http://www.uk.debian.org/MailingLists/#codeofconduct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Sun, 02 Apr 2006 19:28:26 -0700 Josh Triplett <[EMAIL PROTECTED]> wrote: > Anthony DeRobertis wrote: > > On Sun, Apr 02, 2006 at 08:54:53PM +1000, Craig Southeren wrote: > >> A problem would only occur if there was a Debian release that contained > >> source code that is is not in the SVN archive. Does this ever occur? > > > > Security updates and NMU's come to mind. > > As do non-Debian distributors and CDDs, who can currently rely on the > fact that if they mirror/distribute source along with binaries, they > satisfy all relevant licensing requirements. Furthermore, any CDD > modifying Debian packages could not rely on Debian's SVN repository. If Debian is not ensuring that all source code for it's distribution is publically available via it's archives, then I agree that this is not only a problem for Debian, but it is definitaly a problem for downstream repackagers who rely on this. Debian (and any other distro packager for that matter) can decide to repackage whatever Open Source work they choose, and they can do this without consulting the original author because this is one of the specific freedoms that an Open Source license provides. But the same licenses that provide this freedom requires the distributor to make the source code available for the appropriate period regardless of what the upstream developer does. You can't have one without the other. > Also, if you ever stopped maintaining the software, and some other > maintainer wanted to work on it, they would then need to make use of a > version control system or similar mechanism as well. If a license said > "you must develop the software in a version control system", I don't > think we'd quibble over its non-freeness; this requirement constrains > development practices only slightly less. I would agree that a license requiring the use of a version control system could be classified an unnecessarily onerous. Fortunately, I don't think any such license exists :) But I also don't think that anyone would argue that maintaining source code in a VCS fails to fulfill requirement of making the source code available as required by most Open Source license, provided of course that the repository is accessible using freely available tools. > I think "any mirror operator, CD distributor, system distributor, or > other distributor of Debian could face a lawsuit if Debian's systems go > down or Debian stops distributing source" falls pretty clearly on the > non-free side. This would appear to be a problem that applies to any Open Source work that is distributed in binary form, and not on physical media. For example, the GPL requires a distributor to provide source code on demand for up to three years (see 3b) if the code is distrbuted in binary form. Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
On Sun, 2 Apr 2006 15:22:31 -0400 Anthony DeRobertis <[EMAIL PROTECTED]> wrote: > On Sun, Apr 02, 2006 at 08:54:53PM +1000, Craig Southeren wrote: > > > A problem would only occur if there was a Debian release that contained > > source code that is is not in the SVN archive. Does this ever occur? > > Security updates and NMU's come to mind. I'm not sure what an NMU is, but why are these not put into the SVN archive? Because if it is Debian policy to distribute binaries where the source code is not guaranteed to be publically available, then yes, I think that could be a problem regardless of whether the license is MPL or GPL. Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
Anthony DeRobertis wrote: > On Sun, Apr 02, 2006 at 08:54:53PM +1000, Craig Southeren wrote: >> A problem would only occur if there was a Debian release that contained >> source code that is is not in the SVN archive. Does this ever occur? > > Security updates and NMU's come to mind. As do non-Debian distributors and CDDs, who can currently rely on the fact that if they mirror/distribute source along with binaries, they satisfy all relevant licensing requirements. Furthermore, any CDD modifying Debian packages could not rely on Debian's SVN repository. Also, if you ever stopped maintaining the software, and some other maintainer wanted to work on it, they would then need to make use of a version control system or similar mechanism as well. If a license said "you must develop the software in a version control system", I don't think we'd quibble over its non-freeness; this requirement constrains development practices only slightly less. I think "any mirror operator, CD distributor, system distributor, or other distributor of Debian could face a lawsuit if Debian's systems go down or Debian stops distributing source" falls pretty clearly on the non-free side. - Josh Triplett signature.asc Description: OpenPGP digital signature
Re: MPL and Source Code
On Mon, Apr 03, 2006 at 09:33:02AM +1000, Craig Southeren wrote: > The MPL has the same requirement as the GPL regard distribution, i.e. > distrbution of source on the same same media fulfills the license terms. > For electronic distrbution, the terms are met by the historical nature > of the SVN repository. Compare this to the GPL which requires source > code to be available on demand for three years after release. This is not the same as the GPL. The GPL says in section 3a) that it's sufficient for the source code to *accompany* the executable; the MPL 1.1 says in 3.2 that: 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. which evidently means that it's not sufficient for the source to accompany the executable in the case of electronic distribution (i.e., where no physical media are transferred). The problem with just saying "oh, it's ok, svn is for*ever*" is that accidents can and do happen, and any mishap resulting in loss of source code corresponding to binaries that Debian stopped distributing less than twelve months after their introduction potentially results in legal liability for Debian. Debian itself does not have any infrastructure to permit phasing out source and binary packages at different times; nor do any of our redistributors, who also incur liability under MPL section 3.6 if the source code ceases to become available. Fundamentally, I have a problem with the idea that our license to distribute a package *now* depends on what happens in the *future*, particularly if we allow it to depend on what *others* do in the future to preserve the availability of source code. If Debian is to distribute MPL-licensed code, *Debian* (which means, in effect, the ftpmasters) must assume the responsibility of ensuring the availability of source code, instead of relying on outside repositories (whether that's on alioth.debian.org or on some other site that's outside the control of the ftpmasters). > The specification of a venue only applies if one party is in the US. Which is the case for myself, for many Debian redistributors, for ftp-master.debian.org, and for any MPL-licensed works whose copyright holder is in the US. > In any case, anyone can be sued by anyone else in any venue. You could be > just as easily sued by someone in London as in Santa Clara - why does this > clause add a specific burden? This is a tired old argument. Educate yourself with the debian-legal archives if you care. Or look up the term "personal jurisdiction". -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: MPL and Source Code
On 02 Apr 2006 08:15:50 -0400 Michael Poole <[EMAIL PROTECTED]> wrote: ..deleted > This is not the only issue with the MPL -- as Mike Hommey recently > reminded -legal, there are others[1]. GPL section 3(b) is considered > non-free in itself, but it is one of several options; a distributor > may satisfy the GPL by making the work's source code available at the > same time and in the same place as the object code. > > [1]- http://lists.debian.org/debian-legal/2004/06/msg00221.html I've just read the email reference above. IANAL, but I disagree with the points made. I say this has someone who has been distrbuting software under the MPL for nearly 7 years :) The problems with 2.1 are avoided by choosing not to distribute any MPL work that has patent encumbrances. Note that any such encumbrances must be announced (see 3.4). The MPL has the same requirement as the GPL regard distribution, i.e. distrbution of source on the same same media fulfills the license terms. For electronic distrbution, the terms are met by the historical nature of the SVN repository. Compare this to the GPL which requires source code to be available on demand for three years after release. 3.4 is handled by the same means as above. In the case of submarine patents, I don't see why this is any more a problem for MPL works than any other work. The specification of a venue only applies if one party is in the US. In any case, anyone can be sued by anyone else in any venue. You could be just as easily sued by someone in London as in Santa Clara - why does this clause add a specific burden? Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
Re: MPL and Source Code
On Sun, Apr 02, 2006 at 08:54:53PM +1000, Craig Southeren wrote: > A problem would only occur if there was a Debian release that contained > source code that is is not in the SVN archive. Does this ever occur? Security updates and NMU's come to mind. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
[EMAIL PROTECTED] wrote: >This is not the only issue with the MPL -- as Mike Hommey recently Other people disagree. Reality is, the "tests" are not part of the DSFG and people like you so far have not managed to persuade the ftpmasters that choice of venue clauses violate the DFSG. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
Craig Southeren <[EMAIL PROTECTED]> writes: > On Sun, 02 Apr 2006 11:55:01 +0200 > Jose Carlos Garcia Sogo <[EMAIL PROTECTED]> wrote: > > > Reading your previous posts about MPL, seems that the main problem MPL > > presents is that Debian does not keep source code for every change at > > least 6 months, as required in point 3.2. > > > > While this can be true for MPL packages being only in the archive it > > is not if the package is being maintained in svn.debian.org, as it will > > keep every change (released or not) for more than required 6 months, and > > nowhere in MPL it says that those changes has to be shipped together > > with binary, only made available. > > A problem would only occur if there was a Debian release that contained > source code that is is not in the SVN archive. Does this ever occur? > > In any case, this seems less onerous than GPL 3b) which requires > effectively the same for three years. This is not the only issue with the MPL -- as Mike Hommey recently reminded -legal, there are others[1]. GPL section 3(b) is considered non-free in itself, but it is one of several options; a distributor may satisfy the GPL by making the work's source code available at the same time and in the same place as the object code. [1]- http://lists.debian.org/debian-legal/2004/06/msg00221.html Michael Poole -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MPL and Source Code
On Sun, 02 Apr 2006 11:55:01 +0200 Jose Carlos Garcia Sogo <[EMAIL PROTECTED]> wrote: > Reading your previous posts about MPL, seems that the main problem MPL > presents is that Debian does not keep source code for every change at > least 6 months, as required in point 3.2. > > While this can be true for MPL packages being only in the archive it > is not if the package is being maintained in svn.debian.org, as it will > keep every change (released or not) for more than required 6 months, and > nowhere in MPL it says that those changes has to be shipped together > with binary, only made available. A problem would only occur if there was a Debian release that contained source code that is is not in the SVN archive. Does this ever occur? In any case, this seems less onerous than GPL 3b) which requires effectively the same for three years. > Of course, as required by 3.6, the place source code or modifications > are must be made public. This can be comply by a note in > debian/copyright file, as it will be included with every package > released. Para 3.2 requires modifications to be made available for 12 months after the initial release, or after six months after a subsequent version has been released. 3.6 applies to distribution of binaries, and essentially says that if you comply to the terms of source release, you are OK to release binaries > P.S: In my previous post I forgot about CC Debian VoIP Team. Please keep CC, > as I am not subcribed to d-legal and I think that Debian VoIP Team must be > kept informed. Good idea :) Craig --- Craig Southeren Post Increment VoIP Consulting and Software [EMAIL PROTECTED] www.postincrement.com.au Phone: +61 243654666 ICQ: #86852844 Fax:+61 243673140 MSN: [EMAIL PROTECTED] Mobile: +61 417231046 "It takes a man to suffer ignorance and smile. Be yourself, no matter what they say." Sting
MPL and Source Code
Reading your previous posts about MPL, seems that the main problem MPL presents is that Debian does not keep source code for every change at least 6 months, as required in point 3.2. While this can be true for MPL packages being only in the archive it is not if the package is being maintained in svn.debian.org, as it will keep every change (released or not) for more than required 6 months, and nowhere in MPL it says that those changes has to be shipped together with binary, only made available. Of course, as required by 3.6, the place source code or modifications are must be made public. This can be comply by a note in debian/copyright file, as it will be included with every package released. Cheers, P.S: In my previous post I forgot about CC Debian VoIP Team. Please keep CC, as I am not subcribed to d-legal and I think that Debian VoIP Team must be kept informed. -- Jose Carlos Garcia Sogo [EMAIL PROTECTED] signature.asc Description: Esta parte del mensaje está firmada digitalmente
MPL and Source Code
Reading your previous posts about MPL, seems that the main problem MPL presents is that Debian does not keep source code for every change at least 6 months, as required in point 3.2. While this can be true for MPL packages being only in the archive it is not if the package is being maintained in svn.debian.org, as it will keep every change (released or not) for more than required 6 months, and nowhere in MPL it says that those changes has to be shipped together with binary, only made available. Of course, as required by 3.6, the place source code or modifications are must be made public. This can be comply by a note in debian/copyright file, as it will be included with every package released. Cheers, -- Jose Carlos Garcia Sogo [EMAIL PROTECTED] signature.asc Description: Esta parte del mensaje está firmada digitalmente