legal February 2012

legal@lists.fedoraproject.org

26 participants
21 discussions

Re: [Fedora-legal-list] CAcert.org license
by Tom Callaway 12 Feb '16

12 Feb '16

On Tue, 2008-12-09 at 23:03 +0100, Matthias Saou wrote: > > >>>>> "TC" == Tom \"spot\" Callaway <Tom> writes: > > > > TC> Given that it does not give permission for us to redistribute (the > > TC> cornerstone requirement for Content licenses), this license is not > > TC> acceptable for Fedora. > > > > I guess I'm glad I looked before approving the package, but I have to > > wonder: Do the cacert folks actually want anyone to use their > > certificates? I mean, this prevents basically everyone from using > > them, because they can't come with the OS or the browser. > > Personally, the more I read the document, the more I'm confused. > > "You may NOT distribute certificates or root keys under this > licence"... does this mean we can distribute under a different license? Well, sortof. The wording here is strange because you can get a different license from the CA issuer. We can't just pick a license, but the CA issuer might be willing to give us a different one. > Would it be worth getting in contact with CAcert.org in order to try > and have them allow us to redistribute the root certs under conditions > which are acceptable to the Fedora Project? Probably, yes. :) ~spot

4 6

Product logos in Boxes
by Zeeshan Ali 16 Mar '12

16 Mar '12

Hi, As you may or may not know, we have been working on a new GNOME application, Boxes[1] that (among other things) enables users to easily manage virtuat-machines. This also includes ability to detect operating-systems given an installation media and presenting an intuitive and impressive UI to user to easily install different operating systems with minimum or no interaction. Boxes makes use of a new library, libosinfo[2] that provides information about operating systems (which it internally keeps in an XML database). The reason I'm writing to you is that we really want (more like need) to show logos of different operating systems to the user[3]. In attempt to avoid violating possible trademark issues, here is the approach I took in my (currently unaccepted) patches: 1. libosinfo only provides (HTTP) URLs to logos of particular OS/product but not the logo itself in any form. 2. Boxes downloads the logo at runtime when needed (when user inserts installation media of the OS in question or has installer ISO image in her/his home directory), caches it on disk and presents it to the user as shown in the screenshot[3]. So I would very much appreciate it if you can provide answers to the following questions: 1. Is Boxes (or libosinfo) in this case is violating any trademarks already (assuming only the logos shown in the screenshot)? 2. If the answer to the question#1 is 'no', is there a good chance we violate trademarks of OS products in future? If so, is that avoidable? 3. If the answer to the question#1 is 'yes', could you please advice us how to implement this essential feature without violating any trademarks? -- Regards, Zeeshan Ali [1] http://fedoraproject.org/wiki/Features/Gnome3.4 [2] https://fedorahosted.org/libosinfo/ [3] http://static.fi/~zeenix/tmp/boxes+win-fedora-ubuntu-iso-logos.png

5 10

How to specify license? CCDL or GPLv2 or ASL 2.0?
by juan.hernandez＠redhat.com 09 Mar '12

09 Mar '12

Hello, I came accross the attached header in the source files for a package I am working on. What is the correct license tag for that? I guess that it should be "CDDL or GPLv2 or ASL 2.0". Is that correct? Thanks in advance, Juan Hernandez

4 5

Licensing Tool (diploma thesis)
by Tomas Radej 29 Feb '12

29 Feb '12

Hello, I would like to ask for your consent with me making a particular license-checking program as a thesis assignment. This program would be about to be deployed in production, mostly in Fedora package reviewing, or for the use of individual developers outside Fedora. The problem is that the information obtained by usage of the program or disclosing obtained data could be harmful towards Fedora. Please read on for details. The assignment is to invent a tool that: - searches a software project (for the purpose of the thesis, only a Java software project, but more language-specific modules are intended in the future) - determines the project's license (the means of doing that, beyond checking the license header, are to be invented) - reports any problems or license incompatibilities found (mostly as warnings, I expect most of the checks to be based on heuristics) - stores data in a publicly available database to speed up the process and share information, taking into consideration different builds of packages, different versions etc. The assignment also requires devising a way to manage the database, user contributions, credibility of such etc. It is to be noted that even though checking the compliance with Fedora licensing is a duty of every reviewer, my experience shows that it is beyond a standard package reviewer to see problems such as copy/pasted code, several classes taken from a different project with a different license (when a header is missing) etc. The aim of this program would be to help mainly with these problems as they often go unnoticed even now. The problem is that for a successful defense of the thesis, it would be necessary (admittedly not vital) to publish the source code of the program and probably the database properties as well. I am aware that disclosing the data accumulated while checking projects in Fedora could have potentially devastating consequences, therefore I would only publish the source code of the program and bindings to a database system, which a user would need to run separately from Fedora, thus not revealing the internal data to the public. My thesis advisor deemed this idea to be satisfactory for the academia. What I would like to ask you is if you too consider the execution of this project to be safe enough to be done and not threaten Fedora, e. g. by pointing out unnoticed licensing issues to a malefactor. Thank you, Tomas Radej FAS: tradej

4 5

Fw: Re: Letter to Legal
by Tomas Radej 28 Feb '12

28 Feb '12

1 0

python-virtualenvwrapper licensing
by Ralph Bean 28 Feb '12

28 Feb '12

I'm thinking about packaging python-virtualenvwrapper for use with moksha 2.0. It has a permissive but non-standard license: http://www.doughellmann.com/projects/virtualenvwrapper/#license Is this compatible with Fedora guidelines? If so, what should I use for the License: field? -RJ

2 1

*GPL ... approaching 1990s?
by Matej Cepl 27 Feb '12

27 Feb '12

Hi, I was contemplating to use LGPL for a small project of mine (in the end I've decided otherwise for other reasons) but I was again struck by the sheer nonsense of attaching 481 lines long COPYING.LGPL to 194 lines long script. Would there be anything wrong with replacing the standard LGPL copyright blurb with this acknowledging an existence of the Internet? This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. A copy of the full GNU Lesser General Public License is available at http://www.gnu.org/licenses/old-licenses\ /lgpl-2.1.html (or some better URL). Best, Matěj -- http://www.ceplovi.cz/matej/, Jabber: mcepl<at>ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC undefined

2 3

DTrace for Linux
by Carsten Mattner 24 Feb '12

24 Feb '12

Hi Fedora legal, the code mentioned by Elena is not yet available in the git repo, but there seems to be earlier code there. https://forums.oracle.com/forums/thread.jspa?threadID=2351031&tstart=0 http://oss.oracle.com/git/?p=linux-2.6-dtrace-modules-beta.git;a=summary http://oss.oracle.com/git/?p=linux-2.6-dtrace-unbreakable-beta.git;a=summary In both repositories there's a commit titled "Finish GPL/CDDL splitting work". It seems to me that Oracle plans to at least make the kernel part GPL, and thereby increase the chances of merging this upstream. Did anybody from Fedora legal take a look or consider including that in a future release?

2 1

Comments on draft trademark guidelines regarding non-software merchandise produced by the Fedora Project
by inode0 24 Feb '12

24 Feb '12

Hi Pam and everyone, I'd like to give some feedback and will try my hardest to not be negative about it. Here is the section I'm considering and how it might affect our current work. http://fedoraproject.org/wiki/User:Pchestek/TMGuidelinesDraft#Non-software_… One general observation is that not all non-software promotional merchandise is designed or arranged by ambassadors. Most of the time this work is done by ambassadors, but not always. So, if possible, I'd like to describe these sections a bit more generally to not exclude people who do make contributions this way who are not in the ambassador group when they do it. Maybe something like "Fedora Event Promotional Merchandise" rather than "Ambassador giveaways" and having more emphasis throughout on "contributors" rather than on "ambassadors" although we do want to be clear that we are talking about merchandise designed and made by members of the Fedora Project primarily or exclusively for the purpose of distribution at Fedora events. I think a trac instance to enter some basic information about what is produced is fine, actually a good thing generally. Will it be visible to the public? Can it include some additional fields that we might desire for our own tracking and expense recording as long as it includes the fields you need as well? I do have a few comments about the listed fields. Contact info for responsible ambassador <- Fine aside from preferring contributor to ambassador. Main event(s) where materials will be given away <- This one could be problematic so I'd like to understand what you really need at a minimum for this field. We have, for example, produced 20,000 temporary tattoos in a single run and distributed those worldwide. >From there they found their way (and still do) to Fedora events all over the world over a number of years. So this list would be long and would need updated a lot and really the original reporter (responsible ambassador/contributor) probably isn't in a position to follow up on where the item was used. We very seldom produce merchandise for a specific event. Almost always it is produced in large quantities, distributed to various geographic regions, and then finds its way on to the events where it is needed. Design of non-software promotional item(s) <- What does this mean? A copy of the artwork? A proof from the vendor? A general description? Information on vendor producing materials <- This one is easy if a URL or basic contact info is enough. Description of materials being used (e.g. type of tshirt, type of coffee cup, etc) <- I'm not really sure what you want here. Just a description of the product being made? Amount of materials to be produced at this time in this design for this event or events <- This is fine but the "for this event or events" concerns me because as I said before we don't usually have a specific list of events in mind that we are producing merchandise for beyond any Fedora event that comes up where the item is appropriate until we run out of it. "If the design is simply an unmodified Fedora logo, word-mark, or previously approved design, with nothing else, the merchandise is appropriate, and the material type/quality is acceptable, the request will be granted, and the Fedora Ambassador will be given a one-time permission to produce the specified non-software promotional goods in the amount requested." Ok, this sounds like for this subset of cases the approval is automatic? Or do we need something in writing from someone telling us we can proceed? While I don't much like having to ask twice to reorder more of an item that is popular when we run out of it, I can see some benefit to tracking each order but would prefer to not need to wait for permission if possible and if some fields don't really apply to reorders noting them would ease the paperwork burden some. "Any other request must have Board approval, and may require that the Ambassador produce a two item proof batch of the proposed non-software promotional goods. Please note that designs must be in compliance with the Fedora Logo Usage Guidelines, and all requests must be made at least one month before expected production of the non-software promotional goods." This part worries me some. Does it mean that each and every new item that the project wants to produce has a bigger burden, possibly a lot bigger burden? My radar tells me this will result in far fewer new items getting produced which I think is undesirable. The delay this introduces into the process is really unhelpful. I'm not sure all our vendors would even give us binding price quotes that would allow us to approve funding before sending the request to the Board for approval of the trademark use. Worse, volunteers doing this will lose their enthusiasm by this process becoming a multi-month long ordeal just to make a new t-shirt. I'm not clear on whether the one month delay applies to items that will be automatically approved. If it does I really would like to shorten that for items in that case as no one is going to want to work on ordering some pens if that work needs to be stretched out that long. I do hope that most of things we produce now would fall into the earlier category since we very often use the unmodified Fedora logo or word-mark on items. Would it be possible to look over common Fedora merchandise (buttons, pens, stickers, t-shirts, etc.) and tell us which would fall into the former case and which would fall into this latter case requiring Board approval and time delays? I'm guessing things like t-shirts would fall into the latter more than most other items. And I really hope you find something in the above helpful. Thanks, John

3 3

Re: [Fedora-legal-list] libzrtpcpp build faild: missing openssl/ec.h
by alekcejk＠googlemail.com 23 Feb '12

23 Feb '12

Hi, I sent mail to libzrtpcpp developer, he answered that disabling elliptic curve stuff is not a good idea (libzrtpcpp built now without EC). > Other distributins seem to have no problem with it because openSSL does > not use any of the patented enhancements for elliptic curve computations. > I know, some time ago there were discussions about this. However, Certicom > lost the law suits regarding their ECC patents. For more infor please > refer to > > http://en.wikipedia.org/wiki/ECC_patents So, if openSSL does not use patented ECC algorithms then maybe it can be re-enabled in openssl package? > On 12/26/2011 05:56 PM, alekcejk(a)googlemail.com wrote: > > Hi, > > > > I tried to build libzrtpcpp-2.0.0 (see http://ftp.gnu.org/gnu/ccrtp/ ). > > But it is impossible to build it in Fedora because > > openssl/ec.h is disabled in openssl which is build with no-ec option. > > > > libzrtpcpp/crypto/openssl/ZrtpDH.cpp:46:24: fatal error: openssl/ec.h: No such file or directory > > > > Is it possible to build openssl with enabled openssl/ec.h? > > If this is impossible is there any workaround for building libzrtpcpp-2.0.0? > > Not at this time. I am researching this issue, and hopefully we will be > able to enable ec in the future. > > ~tom > > == > Fedora Project -- Alexey Kurov <nucleo(a)fedoraproject.org>

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

legal February 2012