Re: supertuxkart non-redistributable?

[Joshua Root]

On 2020-8-28 00:50 , Ken Cunningham wrote:
> Wikipedia got the libressl license totally wrong then, which I have not
> found is not usually the case:
> 
> 
> 
> 
> Apache License  1.0,
> 4-clause BSD License , ISC
> License , and some are public
> domain 

"4-clause BSD license" is reasonably accurate for the code taken from
OpenSSL.

- Josh

Re: supertuxkart non-redistributable?

[Ken Cunningham]

Wikipedia got the libressl license totally wrong then, which I have not found 
is not usually the case:




Apache License 1.0, 4-clause BSD License, ISC License, and some are public 
domain

anyway, we're stuck for so many ports due to that openssl PITA rider, until 
version 3.0 rolls out at least.

Ken

Re: supertuxkart non-redistributable?

[Joshua Root]

On 2020-8-27 05:54 , Ken Cunningham wrote:
> 
> There is a new version of openssl coming with a more agreeable license
> we understand, due this year. That will help, eventually.
> 
> But I guess this is why Jeremy changes/fixes everything to build with
> libressl. I see curl uses libressl with ease. Our “port info” says
> libressl has the OpenSSL license, but that can’t be quite accurate as
> otherwise what’s the point?
> 
> License:              OpenSSL and SSLeay

No, it's completely accurate. LibreSSL is a fork of OpenSSL. See e.g.


Licensing isn't a reason for switching to LibreSSL.

- Josh

Re: supertuxkart non-redistributable?

[Ken Cunningham]

> On Aug 25, 2020, at 4:09 AM, Joshua Root  wrote:
> 
> On 2020-8-25 19:42 , Eric F (iEFdev) wrote:
>> Fedora, who usually are very restricted about things, have this take:
>> 
>>> “ However, we consider that the OpenSSL library is a system library,
>> as defined by the GPL, *on Fedora* and therefore we are allowed to ship
>> GPL software that links to the OpenSSL library. …”
>>> —
>> https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What.27s_the_deal_with_the_OpenSSL_license.3F
> 
> Fedora is an operating system. MacPorts is not. Also worth noting that
> not all distros agree with that interpretation.
> 
> - Josh


There is a new version of openssl coming with a more agreeable license we 
understand, due this year. That will help, eventually.

But I guess this is why Jeremy changes/fixes everything to build with libressl. 
I see curl uses libressl with ease. Our “port info” says libressl has the 
OpenSSL license, but that can’t be quite accurate as otherwise what’s the point?

License:  OpenSSL and SSLeay


It must be tempting for the managers to consider defaulting MacPorts to 
libressl and solve all this in one fell swoop until openssl fixes itself — 
seems to me you must have gone round and round and round this before when I 
wasn’t paying so much attention to it. I presume there is some incompatibility 
or other compelling problem with that plan.

I noted libressl is actively updated, last release was Aug 17, 2020….

Ken

Re: supertuxkart non-redistributable?

[Ryan Schmidt]

On Aug 24, 2020, at 20:57, Kurt Hindenburg wrote:

> https://trac.macports.org/browser/trunk/base/portmgr/jobs/port_binary_distributable.tcl

That's a link to our old Subversion repository; we moved to Git in late 2016. 
The link to the current version of that script is:

https://trac.macports.org/browser/macports-infrastructure/jobs/port_binary_distributable.tcl

Or:

https://github.com/macports/macports-infrastructure/blob/master/jobs/port_binary_distributable.tcl

Re: supertuxkart non-redistributable?

[Joshua Root]

On 2020-8-25 19:42 , Eric F (iEFdev) wrote:
> Fedora, who usually are very restricted about things, have this take:
> 
>> “ However, we consider that the OpenSSL library is a system library,
> as defined by the GPL, *on Fedora* and therefore we are allowed to ship
> GPL software that links to the OpenSSL library. …”
>> —
> https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What.27s_the_deal_with_the_OpenSSL_license.3F

Fedora is an operating system. MacPorts is not. Also worth noting that
not all distros agree with that interpretation.

- Josh

Re: supertuxkart non-redistributable?

[Eric F (iEFdev)]

Fedora, who usually are very restricted about things, have this take:

> “ However, we consider that the OpenSSL library is a system library, as 
> defined by the GPL, *on Fedora* and therefore we are allowed to ship GPL 
> software that links to the OpenSSL library. …”
> — 
> https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What.27s_the_deal_with_the_OpenSSL_license.3F


The STK license already says: 
https://github.com/supertuxkart/stk-code/blob/master/COPYING#L3-L10

>“The SuperTuxKart data files (textures, models, sounds, music, etc.) are 
>released under a mixture of licenses including, but not limited to, the 
>following:”

… but not limitied to…?


Perhaps someone could just ask STK to add the openssl licens to their mix of 
(other) licenses, or as an additional permission as described in 
https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs to make it a 
proper exeption?

> “ If you're using GPLv3, you can accomplish this goal by granting an 
> additional permission under section 7.”

· Eric


On 8/25/20 10:40 , Joshua Root wrote:
> On 2020-8-25 12:18 , Ken Cunningham wrote:
>>> On Aug 24, 2020, at 7:13 PM, Joshua Root >> > wrote:
>>> Doesn't supertuxkart itself depend on curl?
>>>
>>> - Josh
>> Oh, yes, of course you are right. It does.
>>
>> Is that what makes it non-distributable? Even though it doesn’t link
>> against openssl?
> Supertuxkart uses curl, curl uses openssl. They form a single program.
>
> You thus have to follow the licenses of all the component parts, and
> because of certain clauses in the GPL and the OpenSSL license, you
> cannot distribute the combination at all.
>
> 
>
> - Josh

Re: supertuxkart non-redistributable?

[Joshua Root]

On 2020-8-25 12:18 , Ken Cunningham wrote:
> 
> 
>> On Aug 24, 2020, at 7:13 PM, Joshua Root > > wrote:
>>
>>
> 
>> Doesn't supertuxkart itself depend on curl?
>>
>> - Josh
> 
> Oh, yes, of course you are right. It does.
> 
> Is that what makes it non-distributable? Even though it doesn’t link
> against openssl?

Supertuxkart uses curl, curl uses openssl. They form a single program.

You thus have to follow the licenses of all the component parts, and
because of certain clauses in the GPL and the OpenSSL license, you
cannot distribute the combination at all.



- Josh

Re: supertuxkart non-redistributable?

[Nils Breunese]

Ken Cunningham  wrote:

> Just curious what makes this port non-redistributable….
> 
> it’s likely a pain for users to have to build it.

I don’t know, but Linux distributions like Fedora Linux are distributing binary 
packages for supertuxkart:

http://mirrors.kernel.org/fedora/releases/32/Everything/x86_64/os/Packages/s/supertuxkart-1.1-3.fc32.x86_64.rpm
http://mirrors.kernel.org/fedora/releases/32/Everything/x86_64/os/Packages/s/supertuxkart-data-1.1-3.fc32.noarch.rpm

Nils.

Re: supertuxkart non-redistributable?

[Ken Cunningham]

> On Aug 24, 2020, at 7:13 PM, Joshua Root  wrote:
> 
> 

> Doesn't supertuxkart itself depend on curl?
> 
> - Josh

Oh, yes, of course you are right. It does.

Is that what makes it non-distributable? Even though it doesn’t link against 
openssl?

Ken

Re: supertuxkart non-redistributable?

[Joshua Root]

On 2020-8-25 11:46 , Ken Cunningham wrote:
>> On 8/24/20 7:30 PM, Ken Cunningham wrote:
>> >/Just curious what makes this port non-redistributable…. />//>/it’s likely 
>> >a pain for users to have to build it. />//>/Ken /
>>
>> A quick check shows:
>>
>>
>> "supertuxkart" is not distributable because its license "gpl" conflicts 
>> with license "OpenSSL" of dependency "openssl"
>>
>>
>> Kurt
> 
> Excellent.
> 
> BTW -  what command gave you that “quick check”?
> 
> I don’t really understand the OpenSSL thing… supertuxkart doesn’t link
> against openssl, and the only thing I can see in the tree is cmake that
> uses curl that uses openssl.

Doesn't supertuxkart itself depend on curl?

- Josh

Re: supertuxkart non-redistributable?

[Kurt Hindenburg]

On 8/24/20 9:46 PM, Ken Cunningham wrote:

On 8/24/20 7:30 PM, Ken Cunningham wrote:
>/Just curious what makes this port non-redistributable…. />//>/it’s likely a pain 
for users to have to build it. />//>/Ken /

A quick check shows:


"supertuxkart" is not distributable because its license "gpl" conflicts
with license "OpenSSL" of dependency "openssl"


Kurt


Excellent.

BTW -  what command gave you that “quick check”?

I don’t really understand the OpenSSL thing… supertuxkart doesn’t link 
against openssl, and the only thing I can see in the tree is cmake 
that uses curl that uses openssl.


I remain confused….any help appreciated.

Ken


https://trac.macports.org/browser/trunk/base/portmgr/jobs/port_binary_distributable.tcl

% port_binary_distributable.tcl -v supertuxkart

The whole openssl license is beyond me; there is a "license_noconflict  
openssl" which might help.


Kurt





$ port rdeps supertuxkart
The following ports are dependencies of supertuxkart @1.1_1:
  xz
    libiconv
      gperf
    gettext
      ncurses
  cmake
    libcxx
    curl
      pkgconfig
      libidn2
        autoconf
        automake
        libtool
          xattr
            unzip
        libunistring
          perl5
            perl5.28
              db48
              gdbm
                readline
          texinfo
            help2man
              p5.28-locale-gettext
            perl5.30
      libpsl
        python38
          bzip2
          expat
          libedit
          libffi
          openssl
            zlib
          sqlite3
          python_select
          python3_select
        glib2
          libxml2
            icu
          pcre
      curl-ca-bundle
    libarchive
      lzo2
      lz4
      zstd
    libuv
  freetype
    brotli
    libpng
  fribidi
  glew
  harfbuzz
    cairo
      libpixman
      fontconfig
        ossp-uuid
      xrender
        xorg-libX11
          xorg-xtrans
          xorg-xorgproto
          xorg-util-macros
          xorg-libXdmcp
          xorg-libXau
          xorg-libxcb
            xorg-xcb-proto
            xorg-libpthread-stubs
      xorg-libXext
      xorg-xcb-util
    graphite2
      fonttools
        py37-setuptools
          python37
        py37-unicodedata2
        py37-brotli
  jpeg
  libogg
  libvorbis
  nettle
    gmp
  openal-soft
    openal-soft-native-tools
    libmysofa

Re: supertuxkart non-redistributable?

[Ken Cunningham]

> On 8/24/20 7:30 PM, Ken Cunningham wrote:
> > Just curious what makes this port non-redistributable….
> >
> > it’s likely a pain for users to have to build it.
> >
> > Ken
> 
> 
> A quick check shows:
> 
> 
> "supertuxkart" is not distributable because its license "gpl" conflicts 
> with license "OpenSSL" of dependency "openssl"
> 
> 
> Kurt

Excellent.

BTW -  what command gave you that “quick check”?

I don’t really understand the OpenSSL thing… supertuxkart doesn’t link against 
openssl, and the only thing I can see in the tree is cmake that uses curl that 
uses openssl.

I remain confused….any help appreciated.

Ken




$ port rdeps supertuxkart
The following ports are dependencies of supertuxkart @1.1_1:
  xz
libiconv
  gperf
gettext
  ncurses
  cmake
libcxx
curl
  pkgconfig
  libidn2
autoconf
automake
libtool
  xattr
unzip
libunistring
  perl5
perl5.28
  db48
  gdbm
readline
  texinfo
help2man
  p5.28-locale-gettext
perl5.30
  libpsl
python38
  bzip2
  expat
  libedit
  libffi
  openssl
zlib
  sqlite3
  python_select
  python3_select
glib2
  libxml2
icu
  pcre
  curl-ca-bundle
libarchive
  lzo2
  lz4
  zstd
libuv
  freetype
brotli
libpng
  fribidi
  glew
  harfbuzz
cairo
  libpixman
  fontconfig
ossp-uuid
  xrender
xorg-libX11
  xorg-xtrans
  xorg-xorgproto
  xorg-util-macros
  xorg-libXdmcp
  xorg-libXau
  xorg-libxcb
xorg-xcb-proto
xorg-libpthread-stubs
  xorg-libXext
  xorg-xcb-util
graphite2
  fonttools
py37-setuptools
  python37
py37-unicodedata2
py37-brotli
  jpeg
  libogg
  libvorbis
  nettle
gmp
  openal-soft
openal-soft-native-tools
libmysofa

Re: supertuxkart non-redistributable?

[Kurt Hindenburg]

On 8/24/20 7:30 PM, Ken Cunningham wrote:

Just curious what makes this port non-redistributable….

it’s likely a pain for users to have to build it.

Ken



A quick check shows:


"supertuxkart" is not distributable because its license "gpl" conflicts 
with license "OpenSSL" of dependency "openssl"



Kurt

supertuxkart non-redistributable?

[Ken Cunningham]

Just curious what makes this port non-redistributable….

it’s likely a pain for users to have to build it.

Ken