legal October 2018

legal@lists.fedoraproject.org

18 participants
13 discussions

Henry Spencer's license
by Petr Šabata 06 Mar '23

06 Mar '23

Dear legal, While checking the contents of our `perl' package, I noticed the following: (...) /* NOTE: this is derived from Henry Spencer's regexp code, and should not * confused with the original package (see point 3 below). Thanks, Henry! */ /* Additional note: this code is very heavily munged from Henry's version * in places. In some spots I've traded clarity for efficiency, so don't * blame Henry for some of the lack of readability. */ /* The names of the functions have been changed from regcomp and * regexec to pregcomp and pregexec in order to avoid conflicts * with the POSIX routines of the same names. */ (...) * pregcomp and pregexec -- regsub and regerror are not used in perl * * Copyright (c) 1986 by University of Toronto. * Written by Henry Spencer. Not derived from licensed software. * * Permission is granted to anyone to use this software for any * purpose on any computer system, and to redistribute it freely, * subject to the following restrictions: * * 1. The author is not responsible for the consequences of use of * this software, no matter how awful, even if they arise * from defects in it. * * 2. The origin of this software must not be misrepresented, either * by explicit claim or by omission. * * 3. Altered versions must be plainly marked as such, and must not * be misrepresented as being the original software. * **** Alterations to Henry's code are... **** **** Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, **** 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 **** by Larry Wall and others **** **** You may distribute under the terms of either the GNU General Public **** License or the Artistic License, as specified in the README file. (...) You can see the whole file here: https://metacpan.org/source/SHAY/perl-5.20.1/regexec.c I looked but couldn't find any common name for this license of Henry's. Is it on our list? Is it free? What name should I use in the License tag? Thank you, Petr

5 9

about openssl we may enable and build all elliptic curves on corp ?
by Sérgio Basto 05 Nov '22

05 Nov '22

Hello, I reopen or start thinking again on this question of enable elliptic curves of openssl [1] So going directly to the point, may I built all source of openssl in copr [2] ? or at least some other curves that fedora package don't ship? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1405843 [2] Version: 1.0.2k %global fips_version 2.0.14 I mean sources: http://ftp.o penssl.org/source/openssl-%{version}.tar.gz and http://ftp.openssl.org/s ource/openssl-fips-%{fips_version}.tar.gz Thanks , -- Sérgio M. B.

4 6

FDK-AAC license LGPL compatibility
by Dominik 'Rathann' Mierzejewski 10 Nov '18

10 Nov '18

According to https://www.gnu.org/licenses/license-list.html#fdk , the FDK-AAC license is GPL-incompatible. Is it LGPL-compatible, though? Can the table entry for FDK-AAC at https://fedoraproject.org/wiki/Licensing:Main#Good_Licenses be updated to mention its GPL-incompatibility explicitly? Regards, Dominik -- Fedora https://getfedora.org | RPMFusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan

1 1

The license of OpenMotif (Open Group Public License)
by Florian Weimer 26 Oct '18

26 Oct '18

Motif has since been released under the LGPL, so this is largely of historic interest. Was the license of OpenMotif ever submitted to OSI? <http://www.opengroup.org/openmotif/license/> Debian clearly considered it non-DFSG-compliant, but I can't find a discussion why this was the case. In the FAQ, the Open Group wrote: | QUESTION: | | Does the Open Group Public License for Motif meet the Open Source | Guidelines? | | ANSWER: | | No. The Open Group Public License for Motif grants rights only to | use the software on or with operating systems that are themselves | Open Source programs. In restricting the applicability of the | license to Open Source platforms this does not meet term 8 of the | Open Software Definition (http://www.opensource.org/osd.html) <http://www.opengroup.org/openmotif/faq.html> I find this surprising. The license is not worded in such a way that it is specific to a particular distribution: any free software distribution will do. The license doesn't even require that the software linked with OpenMotif is free software. It's true that their definition of “Open Source” does not match OSI's, but as theirs is more encompassing (to the degree that it misses the point), that's not an issue at all. I'm also puzzled why both Debian and Fedora rejected the license (but Debian did consider it suitable for non-free). For Fedora, I found this: <https://www.redhat.com/archives/fedora-advisory-board/2006-August/msg00261.…> But it's just a reference ot the FAQ, and then the answer is merely rephrased: <https://www.redhat.com/archives/fedora-advisory-board/2006-August/msg00305.…> The FSF list does not mention the license under either name. Richard Stallman wrote about the license here: <https://www.gnu.org/philosophy/motif.html> It's not very illuminating, unfortunately. This is the most relevant part: | The license is restricted to use on certain operating systems, those | which fit a category they call “open source”. Both the free software | movement and the open source camp consider use restrictions | unacceptable. I assume that I myself at the time thought this restriction as overly burdensome, but I don't think I would do so today, especially since the license does not require that *all* software on a computer needs to be open source. In fact, it looks fairly liberal to me. However, when OpenMotif came out, many systems still used proprietary SSH and the Netscape browser, so perhaps the OpenMotif license was thought to be too corrosive back then. (But that was a non-issue when Fedora removed OpenMotif from the distribution many years later.) Fedora says “Commercial use restrictions” under <https://fedoraproject.org/wiki/Licensing:Main#Bad_Licenses>, but the reason for that remains unclear to me. It looks like a confusion of proprietary vs commercial licensing. Any ideas why it's so clear-cut that this license violates the DFSG or the OSD? Do you still think it does?

5 6

Ruby license
by Vít Ondruch 26 Oct '18

26 Oct '18

Hi, It is ages, since Ruby was relicensed: https://github.com/ruby/ruby/commit/2cd6800fd8437b1f862f3f5c44db877159271d17 Now I just realized, that on licenses page, there is link to LICENSE.txt, which probably changed at that time as well, but I am not sure if the rest of the information is still valid, e.g. "Compatible if dual licensed with GPL, otherwise Incompatible" V.

1 0

Microsoft & OIN - ExFAT, subpixel font rendering (ClearType), etc. allowed now
by Neal Gompa 25 Oct '18

25 Oct '18

Hey, Today, I just saw the news that Microsoft has joined the OIN[1]. Does this allow Fedora to finally include ExFAT in the distribution, as well as enable ClearType-style font rendering (subpixel rgba hinting)? [1]: https://www.openinventionnetwork.com/pressrelease_details/?id=89 -- 真実はいつも一つ！/ Always, there's only one truth!

4 6

Bruce Perens - inconsistent statements regarding Copyright, GPL, Open Source Security.
by voisinsdualice＠8chan.co 19 Oct '18

19 Oct '18

1 0

Bruce Perens, inconsistent statements regarding Copyright, GPL, Open Source Security. (Edit: PDF attached)
by visionsofalice＠redchan.it 18 Oct '18

18 Oct '18

In a prior public statement, Bruce Perens put forth a legal theory where users of a certain piece of Software would be liable for contributory copyright infringement*[1]. This statement, specifically the pronouncement of such damages reachable, is predicated on a pure copyright License theory regarding the grant under-which the Linux Kernel is distributed and modified. * (https://perens.com/2017/06/28/warning-grsecurity-potential-contributory-inf… ) As we all know, under a contract theory, damages are quite limited regarding opensource licenses** (See the initial district court determination of Jacobsen v. Katzer) and the legal theory published by Bruce Perens, if analyzed under a contract theory regarding the GPL would become a less-than-likely scenario. ** (For this very reason, the FSF specifically drafted version 2 of the GPL to avoid language that would tend to induce a contract reading rather than a bare license construction. The FSF has maintained for decades that the GPL is a bare license and is not a contract) It is just that utterance, added by Bruce Perens, regarding contributory copyright infringement damages reachable vis a vis the GPL version 2, that induced upwards of 70 of Open Source Security's clients to cease their business dealings with Open Source Security. Bruce Perens has recently made known, publicly, that he currently believes in a Contract theory regarding the GPL version 2, specifically regarding the Linux Kernel. He has stated that he, infact, in the past has supplied expert testimony praying to the court for it to find that the GPL is, in fact, a contract (and not a bare (copyright) license). He has stated that the court has indeed relied on his testimony in various pleadings. ***[3] Here, ( https://developers.slashdot.org/comments.pl?sid=12767438&cid=57489528 ) Bruce Perens argues that case law has overridden the esteemed Raymond Nimmer's opinion that the GPL is not a contract and is, at best, a failed contract, and likely a bare license akin to a property license. Bruce Perens further clarifies that it was his very own testimony that has convinced the court that the GPL is in-fact not a bare license and is instead a contract. If these pleadings were to have occurred prior to the theory published regarding Open Source Security and its Contributor Access Agreement, that would put the lie to any suggestion that Bruce Perens in fact believed in the theory that he published at the time of publication and would instead suggest that rather than proffering his opinion regarding a matter - he was instead intentionally publishing a theory he believed to be a lie in-order to harm Open Source Security - A goal that has indeed been effected (specifically by the "Contributory Copyright Infringement" addendum). *[1] ------- https://perens.com/2017/06/28/warning-grsecurity-potential-contributory-inf… Posted on June 28, 2017 by Bruce Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers ***[3] ------- https://developers.slashdot.org/comments.pl?sid=12767438&cid=57489528 ------- Re:Who gives a FUCK about Nimmer? (Score:2) by Bruce Perens ( 3872 ) <bruce(a)perens.com> on Tuesday October 16, 2018 @09:10PM (#57489528) Homepage Journal If lawyers were never wrong, we'd have no need for courts. Which means they're wrong half the time, or at least the adopt unsupportable arguments half of the time. Case law has overridden him on the GPL question, thanks in part to my pro-bono testimony. But courts and lawyers still take him seriously. And me, sometimes. ------- In response to: > Who gives a FUCK about Nimmer? (Score:0) > by Anonymous Coward on Tuesday October 16, 2018 @08:30PM (#57489396) > > Who gives a FUCK about Nimmer? > > He said the GPLv2 was "not a contract" - was "at best" "a failed > contract" - "has no consideration" - and thus it is a bare license > revocable by >the grantor. > > Free Software has REJECTED this CLOWN Nimmer. > Thus he is wrong. > > http://illinoisjltp.com/journal/wp-content/uploads/2013/10/kumar.pdf > http://oxwugzccvk3dk6tj.onion/tech/res/987076.html > ...

1 0

Bruce Perens, inconsistent statements regarding Copyright, GPL, Open Source Security.
by visionsofalice＠redchan.it 18 Oct '18

18 Oct '18

In a prior public statement, Bruce Perens put forth a legal theory where users of a certain piece of Software would be liable for contributory copyright infringement*[1]. This statement, specifically the pronouncement of such damages reachable, is predicated on a pure copyright License theory regarding the grant under-which the Linux Kernel is distributed and modified. * (https://perens.com/2017/06/28/warning-grsecurity-potential-contributory-inf… ) As we all know, under a contract theory, damages are quite limited regarding opensource licenses** (See the initial district court determination of Jacobsen v. Katzer) and the legal theory published by Bruce Perens, if analyzed under a contract theory regarding the GPL would become a less-than-likely scenario. ** (For this very reason, the FSF specifically drafted version 2 of the GPL to avoid language that would tend to induce a contract reading rather than a bare license construction. The FSF has maintained for decades that the GPL is a bare license and is not a contract) It is just that utterance, added by Bruce Perens, regarding contributory copyright infringement damages reachable vis a vis the GPL version 2, that induced upwards of 70 of Open Source Security's clients to cease their business dealings with Open Source Security. Bruce Perens has recently made known, publicly, that he currently believes in a Contract theory regarding the GPL version 2, specifically regarding the Linux Kernel. He has stated that he, infact, in the past has supplied expert testimony praying to the court for it to find that the GPL is, in fact, a contract (and not a bare (copyright) license). He has stated that the court has indeed relied on his testimony in various pleadings. ***[3] Here, ( https://developers.slashdot.org/comments.pl?sid=12767438&cid=57489528 ) Bruce Perens argues that case law has overridden the esteemed Raymond Nimmer's opinion that the GPL is not a contract and is, at best, a failed contract, and likely a bare license akin to a property license. Bruce Perens further clarifies that it was his very own testimony that has convinced the court that the GPL is infact not a bare license and is instead a contract. If these pleadings were to have occurred prior to the theory published regarding Open Source Security and its Contributor Access Agreement, that would put the lie to any suggestion that Bruce Perens in fact believed in the theory that he published at the time of publication and would instead suggest that rather than proffering his opinion regarding a matter - he was instead intentionally publishing a theory he believed to be a lie in-order to harm Open Source Security - A goal that has indeed been effected (specifically by the "Contributory Copyright Infringement" addendum). *[1] ------- https://perens.com/2017/06/28/warning-grsecurity-potential-contributory-inf… Posted on June 28, 2017 by Bruce Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers ***[3] ------- https://developers.slashdot.org/comments.pl?sid=12767438&cid=57489528 ------- Re:Who gives a FUCK about Nimmer? (Score:2) by Bruce Perens ( 3872 ) <bruce(a)perens.com> on Tuesday October 16, 2018 @09:10PM (#57489528) Homepage Journal If lawyers were never wrong, we'd have no need for courts. Which means they're wrong half the time, or at least the adopt unsupportable arguments half of the time. Case law has overridden him on the GPL question, thanks in part to my pro-bono testimony. But courts and lawyers still take him seriously. And me, sometimes. ------- In response to: > Who gives a FUCK about Nimmer? (Score:0) > by Anonymous Coward on Tuesday October 16, 2018 @08:30PM (#57489396) > > Who gives a FUCK about Nimmer? > > He said the GPLv2 was "not a contract" - was "at best" "a failed > contract" - "has no consideration" - and thus it is a bare license > revocable by >the grantor. > > Free Software has REJECTED this CLOWN Nimmer. > Thus he is wrong. > > http://illinoisjltp.com/journal/wp-content/uploads/2013/10/kumar.pdf > http://oxwugzccvk3dk6tj.onion/tech/res/987076.html > ...

1 0

Server Side Public License, Version 1 (SSPL v1)
by Florian Weimer 18 Oct '18

18 Oct '18

I think it's clear that the SSPL does not meet the Fedora licensing requirements: | “If you make the functionality of the Program or a modified version | available to third parties as a service, you must make the Service | Source Code available via network download to everyone at no charge, | under the terms of this License. Making the functionality of the | Program or modified version available to third parties as a service | includes, without limitation, enabling third parties to interact with | the functionality of the Program or modified version remotely through | a computer network, offering a service the value of which entirely or | primarily derives from the value of the Program or modified version, | or offering a service that accomplishes for users the primary purpose | of the Software or modified version. | | “Service Source Code” means the Corresponding Source for the Program | or the modified version, and the Corresponding Source for all programs | that you use to make the Program or modified version available as a | service, including, without limitation, management software, user | interfaces, application program interfaces, automation software, | monitoring software, backup software, storage software and hosting | software, all such that a user could run an instance of the service | using the Service Source Code you make available.” <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2…> This means that we cannot update certain software (which I will not name here because I find the name offensive) past their Ocotber 15, 2018 versions. Patch backports are also out of the quesiton because the old (AGPLv3) and new licenses are mutually incompatble, and the patches would have to be assumed to be licensed under the new license if taken from a branch that has already been relicensed. Correct? Thanks, Florian

3 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

legal October 2018