Re: [Firebird-devel] extern/SfIO/include/stdio.h license problem - Email found in subject
On Wed, May 23, 2012 at 7:12 PM, Michal Kubecek wrote: > I'm not sure it really is a problem but given the text on top of the > file, I can't be sure it is OK either, especially when our legal team > considers it to be bad enough to exclude it from OpenSuSE. This is why > I wanted to discuss it in the list. (Yes, I too would prefer to live > in a world where a developer doesn't need law school more then computer > science.) > > The problem I see is that the source tarball contains a file claiming it > contains a code proprietary to AT&T and not referring to any license. > For anyone who gets the tarball it means they don't now what they can or > cannot do with it - and therefore with the source tree as a whole. I wonder why you don't ask about whether distribution of this file is ok directly in AT&T?.. They claim rights on the file, so they know the answer for sure. -- WBR, SD. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] extern/SfIO/include/stdio.h license problem - Email found in subject
On Wed, May 23, 2012 at 7:12 PM, Michal Kubecek wrote: > On Tue, May 22, 2012 at 05:24:27PM -0400, Leyne, Sean wrote: > > > while reviewing Firebird 2.5 packages for OpenSuSE Factory, our legal > team > > > noticed that copyright notice on top of extern/SfIO/include/stdio.h > claims > > > that it contains "certain software code or other information > proprietary to > > > AT&T Corp." > > > > What is the problem with the FB packages having this file? > > I'm not sure it really is a problem but given the text on top of the > file, I can't be sure it is OK either, especially when our legal team > considers it to be bad enough to exclude it from OpenSuSE. This is why > I wanted to discuss it in the list. (Yes, I too would prefer to live > in a world where a developer doesn't need law school more then computer > science.) > > The problem I see is that the source tarball contains a file claiming it > contains a code proprietary to AT&T and not referring to any license. > For anyone who gets the tarball it means they don't now what they can or > cannot do with it - and therefore with the source tree as a whole. > > > There is no restriction on the distribution of the file. > > Which is not clear from the file itself. The page referenced in > extern/SfIO/read.me indicates SfIO is distributed under EPL but > > 1. The version from the page is different so strictly speaking there > is no source saying the file we include is covered by EPL as well. > 2. Nowhere in the downloaded tarball any license is mentioned, only > the comment about "containing code proprietary to AT&T" is there > 3. Actually, the page doesn't even say SfIO is distributed under EPL, > it just requests you to confirm you agree with EPL to allow you to > download it. > > This is quite unfortunate as e.g. the version embedded in ksh sources > explicitly mentions EPL and refers to URL where it can be found (and > there is no mention of proprietary code, just a simple copyright notice). In debian/ubuntu the files are removed https://launchpad.net/ubuntu/precise/+source/firebird2.5/+copyright * Removed sources with non-free/missing licensing The following files are removed as they contain only copyright information without any license allowing their distribution. Luckily, they are not needed when building on Debiian. - builds/install/arch-specific/solaris/ - src/install/arch-specific/solx86gcc/CS/postinstall.in - src/install/arch-specific/solx86gcc/CS/postremove.in - src/install/arch-specific/solx86gcc/CS/preinstall.in - src/msgs/templates.sql - extern/SfIO/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] extern/SfIO/include/stdio.h license problem - Email found in subject
On Tue, May 22, 2012 at 05:24:27PM -0400, Leyne, Sean wrote: > > while reviewing Firebird 2.5 packages for OpenSuSE Factory, our legal team > > noticed that copyright notice on top of extern/SfIO/include/stdio.h claims > > that it contains "certain software code or other information proprietary to > > AT&T Corp." > > What is the problem with the FB packages having this file? I'm not sure it really is a problem but given the text on top of the file, I can't be sure it is OK either, especially when our legal team considers it to be bad enough to exclude it from OpenSuSE. This is why I wanted to discuss it in the list. (Yes, I too would prefer to live in a world where a developer doesn't need law school more then computer science.) The problem I see is that the source tarball contains a file claiming it contains a code proprietary to AT&T and not referring to any license. For anyone who gets the tarball it means they don't now what they can or cannot do with it - and therefore with the source tree as a whole. > There is no restriction on the distribution of the file. Which is not clear from the file itself. The page referenced in extern/SfIO/read.me indicates SfIO is distributed under EPL but 1. The version from the page is different so strictly speaking there is no source saying the file we include is covered by EPL as well. 2. Nowhere in the downloaded tarball any license is mentioned, only the comment about "containing code proprietary to AT&T" is there 3. Actually, the page doesn't even say SfIO is distributed under EPL, it just requests you to confirm you agree with EPL to allow you to download it. This is quite unfortunate as e.g. the version embedded in ksh sources explicitly mentions EPL and refers to URL where it can be found (and there is no mention of proprietary code, just a simple copyright notice). Michal Kubecek -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] extern/SfIO/include/stdio.h license problem - Email found in subject
Michael, > while reviewing Firebird 2.5 packages for OpenSuSE Factory, our legal team > noticed that copyright notice on top of extern/SfIO/include/stdio.h claims > that it contains "certain software code or other information proprietary to > AT&T Corp." What is the problem with the FB packages having this file? There is no restriction on the distribution of the file. Sean -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel