Re: Spam message when using CVS for webpages
On Thu, Oct 19, 2023 at 11:21:43AM +0100, Gavin Smith wrote: > > Also, if sv_membersh is copyrighted to the FSF a simple solution would > be relicensing it to avoid this requirement. No, it isn't.
Re: Spam message when using CVS for webpages
On Thu, Oct 19, 2023 at 11:16:06AM +0100, Gavin Smith wrote: > > I proposed that the program could offer the source via some kind of > messaging service on the Savannah web portal that users would be > guaranteed to be aware of and have access to, in order to satisfy the > AGPL requirements. There could be an entry in the side menu like > "Automatic notices" along with the number of unread notices. > > sv_membersh together with what helper scripts or programs are > providing the notifications would be considered a single unit that is > providing its notifications in accordance with the AGPL. First, Savane has no messaging service, it relies on email; more important, I'm not sure how to guarantee the awareness. sv_membersh could send the offer via email, but then it would have to depend on that additional service (if I'm not mistaken, hosts like download0 currently don't use it); then, having emails on every VCS network transaction wouldn't be better than what we have now. I can think of adding a command like 'offer-source' to sv_membersh, with a message on the page where the users register their SSH keys. that would reasonably guarantee the awareness for the new users, but the existing users rarely change their SSH keys. clearing all SSH keys in Savannah would make Savannah admins unable to use them for recovering lost accounts. of course, we could save a reserved copy, but the need for the users to re-fill their keys would alone be quite annoying. signature.asc Description: PGP signature
Re: Spam message when using CVS for webpages
> On Thu, Oct 19, 2023 at 10:57 AM Ineiev wrote: > > > > In contrast, sv_membersh is distributed under the AGPL; now, > > the AGPL does include the same provisions, but also adds Section 13 > > requiring that our modified version prominently offer all users > > interacting with it remotely an opportunity to receive > > the corresponding source of our version; and AGPL Section 13 has > > nothing like "you needn't make it do so if it doesn't." Also, if sv_membersh is copyrighted to the FSF a simple solution would be relicensing it to avoid this requirement.
Re: Spam message when using CVS for webpages
On Thu, Oct 19, 2023 at 10:57 AM Ineiev wrote: > > In contrast, sv_membersh is distributed under the AGPL; now, > the AGPL does include the same provisions, but also adds Section 13 > requiring that our modified version prominently offer all users > interacting with it remotely an opportunity to receive > the corresponding source of our version; and AGPL Section 13 has > nothing like "you needn't make it do so if it doesn't." I proposed that the program could offer the source via some kind of messaging service on the Savannah web portal that users would be guaranteed to be aware of and have access to, in order to satisfy the AGPL requirements. There could be an entry in the side menu like "Automatic notices" along with the number of unread notices. sv_membersh together with what helper scripts or programs are providing the notifications would be considered a single unit that is providing its notifications in accordance with the AGPL.
Re: Spam message when using CVS for webpages
On Wed, Oct 18, 2023 at 01:15:30PM -0600, Bob Proulx wrote: > Ineiev wrote: > > Savane is the free software hosting system savannah.gnu.org runs. > > > > sv_membersh is the restricted shell used as the login shell for Savane users > > when they connect via SSH. > > > > Savane released under the AGPL; offering the corresponding source code > > is a requirement of the AGPL. > > I spent some time looking at this issue and my assessment is that > sv_membersh is only a peripheral part of Savannah at best. It isn't > needed for Savannah to operate. It's a security gate that we use to > protect the host from potentially malicious activity or potentially > accidental harm. I can't see why this matters. what matters is the fact that we use it. since we use it, we must comply with its license. > It does not need to be savane software and might be > any suitable component program. Only part of the message depends on this, the one saying it's part of Savane. if it were part of Giungla, it would say, "sv_membersh is part of Giungla." > Even though Savannah as a whole is distributed under the AGPL Savannah > makes use of many programs which are licensed under other licenses > such as the other various GPL versions and other permissive licenses. I feel that as expressed, this mixes Savane, the package we maintain in Savannah 'administration' group, and Savannah, the set of services the GNU Project provides. we don't distribute Savannah, and it is based on a few separate programs, each with its own licensing terms. > That the whole of Savannah is available under the AGPL does not make a > requirement that every component used in Savannah be forced into the > AGPL. No, but sv_membersh and the Savane Perl modules it uses were released under the AGPL, and we both jointly can't just reconsider that decision. > For example GNU ls does not emit its license upon every invocation. > That would interfere with its primary function. But ls will emit its > license information when this is asked for with ls --version. GNU ls is distributed under the GPL, and what you are speaking about is covered by the GPLv3 Section 5d, which explains that the legal notices may be accessible via a prominent item in the list of options the interface presents, and moreover, when an interactive interface doesn't display the notices, the licensee isn't required to make it display them. In contrast, sv_membersh is distributed under the AGPL; now, the AGPL does include the same provisions, but also adds Section 13 requiring that our modified version prominently offer all users interacting with it remotely an opportunity to receive the corresponding source of our version; and AGPL Section 13 has nothing like "you needn't make it do so if it doesn't." signature.asc Description: PGP signature
