[Fedora-legal-list] Re: Here's another couple

[Richard Fontana]

On Wed, Jan 18, 2023 at 12:06 PM David Cantrell  wrote:
>
> xmalloc.c from tmux:
>
> /*
>  * Author: Tatu Ylonen 
>  * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
>  *All rights reserved
>  * Created: Mon Mar 20 22:09:17 1995 ylo
>  *
>  * Versions of malloc and friends that check their results, and never return
>  * failure (they call fatal if they encounter an error).
>  *
>  * As far as I am concerned, the code I have written for this software
>  * can be used freely for any purpose.  Any derived versions of this
>  * software must be clearly marked as such, and if the derived work is
>  * incompatible with the protocol description in the RFC file, it must be
>  * called by a name other than "ssh" or "Secure Shell".
>  */
>
> Which to me means this originated from the original ssh, not that that's
> relevant.  Just historical.  So how does this one match?

I'm pretty sure it doesn't match anything currently on the SPDX license list.

This would not be surprising. One of the main reasons why Fedora
resisted using SPDX identifiers for so long was that the SPDX license
list had pretty poor coverage of the range of licenses found in Linux
distributions, especially for relatively old code. Of course now we
are trying to remedy that situation.

The first step here is to submit an issue to fedora-license-data to
determine whether the license is allowed for Fedora. We can't assume
that a license is allowed merely because Fedora has actually been
distributing code under the license for a long time (although that is
a relevant consideration). In this case, the allowability of the
license is not immediately obvious because that naming restriction is
pretty unusual.

If the license is allowed then it would have to be submitted to SPDX
because (if I'm right) it doesn't match a current SPDX license-list
license. This license would not qualify for the "UltraPermissive"
umbrella LicenseRef.

Richard
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Here's another couple

[Richard Fontana]

On Wed, Jan 18, 2023 at 12:06 PM David Cantrell  wrote:
>

> And what about:
>
> /*
>  * Portions Copyright (c) 1995 by International Business Machines, Inc.
>  *
>  * International Business Machines, Inc. (hereinafter called IBM) grants
>  * permission under its copyrights to use, copy, modify, and distribute this
>  * Software with or without fee, provided that the above copyright notice and
>  * all paragraphs of this notice appear in all copies, and that the name of 
> IBM
>  * not be used in connection with the marketing of any product incorporating
>  * the Software or modifications thereof, without specific, written prior
>  * permission.
>  *
>  * To the extent it has a right to do so, IBM grants an immunity from suit
>  * under its patents, if any, for the use, sale or manufacture of products to
>  * the extent that such products are used for performing Domain Name System
>  * dynamic updates in TCP/IP networks by means of the Software.  No immunity 
> is
>  * granted for any product per se or for any other function of any product.
>  *
>  * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
>  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
>  * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
>  * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER 
> ARISING
>  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
>  * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
>  */

This is pretty much an exact match to LicenseRef-IBM-BIND which is not
allowed in Fedora. The one difference is that "name" appears as
"legacy-name" which is so odd it made me wonder whether I'd miscopied
it ... but now I see it must be the result of Miroslav's script that
replaced "Fedora name" with "legacy-name".

We have a couple of options here. We could create an exception for a
particular use of this license in a package. Also IBM's Open
Technology Counsel has indicated IBM's willingness and ability to
relicense code under this license that was found in a couple of
(other, I assume) packages. In all likelihood, though, the code you're
seeing is the same as what was found in those other packages. The plan
we had was to have the IBM license change done in glibc (which is
probably the most significant project where this license is found) - I
need to follow up with the IBM counsel about this.

Richard
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue