From mmahut at fedoraproject.org Mon Mar 10 11:03:37 2008 From: mmahut at fedoraproject.org (Marek Mahut) Date: Mon, 10 Mar 2008 12:03:37 +0100 Subject: [Fedora-legal-list] GNU Space chart and CDS catalogues Message-ID: <47D51589.2000009@fedoraproject.org> Hello legal team, I would like to package GNU spacechart application [1], but I'm not sure if we can ship their data files. Gnu Space Chart is a 3D star-mapping program that uses data (not directly the catalogue [2], only set of data from there) with this copyright notice: ################################################################## Catalogues available at CDS contain scientific data distributed for free, for a scientific usage. Only the expenses related to copying and mailing are charged if relevant. Companies including such data in their commercial products cannot charge their clients for the data. Furthermore, users must be informed of the origin of the data: this means an explicit reference to the service provided by the CDS and also to the original author(s) of each catalogue. ################################################################## Now, I'm not sure if we can ship it with Fedora, because even if someone sell Fedora for money, they sell the program and not data directly. However I don't know how the law looks on this problem. Any ideas? Workarounds? [1] http://www.gnu.org/software/spacechart/#download [2] http://cdsweb.u-strasbg.fr/ Thanks, -- Marek Mahut https://fedoraproject.org/wiki/SIGs/Astronomy/ Fedora Project http://www.jamendo.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature URL: From tcallawa at redhat.com Mon Mar 10 13:45:51 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Mon, 10 Mar 2008 09:45:51 -0400 Subject: [Fedora-legal-list] GNU Space chart and CDS catalogues In-Reply-To: <47D51589.2000009@fedoraproject.org> References: <47D51589.2000009@fedoraproject.org> Message-ID: <1205156752.2956.94.camel@localhost.localdomain> On Mon, 2008-03-10 at 12:03 +0100, Marek Mahut wrote: > Hello legal team, > > I would like to package GNU spacechart application [1], but I'm not sure > if we can ship their data files. Gnu Space Chart is a 3D star-mapping > program that uses data (not directly the catalogue [2], only set of data > from there) with this copyright notice: > > > > ################################################################## > Catalogues available at CDS contain scientific data distributed > for free, for a scientific usage. Only the expenses related to > copying and mailing are charged if relevant. > Companies including such data in their commercial products cannot > charge their clients for the data. Furthermore, users must be informed > of the origin of the data: this means an explicit reference to the > service > provided by the CDS and also to the original author(s) of each > catalogue. > ################################################################## > > > > Now, I'm not sure if we can ship it with Fedora, because even if someone > sell Fedora for money, they sell the program and not data directly. > However I don't know how the law looks on this problem. I suspect that what you want to do is permitted by the terms of that poorly worded notice, however, it would be a very good idea to confirm that with the copyright holders. Be explicit in what you want to do, as well as the permitted commercial use scenario where the data catalogues are included as part of the larger Fedora offering. ~spot From rjones at redhat.com Mon Mar 10 15:38:07 2008 From: rjones at redhat.com (Richard W.M. Jones) Date: Mon, 10 Mar 2008 15:38:07 +0000 Subject: [Fedora-legal-list] Some licenses which need checking Message-ID: <20080310153807.GA2889@amd.home.annexia.org> [This is a repost of a message which I incorrectly sent to fedora-packaging list, so my apologies if you've seen it before.] I'm trying to package a Unicode library which contains lots of different " to Unicode" mappings files. https://bugzilla.redhat.com/show_bug.cgi?id=253564 I've got some questions: (1) Codepage 932 is an MS extension to Shift JIS. The file that is shipped in the source package is derived from this one: http://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP932.TXT Note that we also ship essentially the same set of mappings in other Fedora packages, eg: /usr/share/xemacs-21.5-b28/etc/unicode/unicode-consortium/CP932.TXT /usr/share/cups/charmaps/windows-932.txt There's no license information but it was my understanding (IANAL) that simple lists of facts like this couldn't be monopolized in the US. (2) The package ships Unicode data with the license below. Is it OK? http://www.unicode.org/Public/3.2-Update/UnicodeData-3.2.0.html#UCD_Terms (3) The package contains locales from the IBM ICU project. The license for this looks like BSD to me, so is this OK? http://source.icu-project.org/repos/icu/icu/trunk/license.html (4) Finally there is one file whose license is described like this: The file allkey.txt [sic] is obtained from Unicode Consortium Web site. Its copyright is owned by Unicode Consortium. Its use, reproduction, distribution are permitted under the term of http://www.unicode.org/copyright.html where the link goes to a long-winded and confusing page. The file itself is just a list of facts (http://www.annexia.org/tmp/allkeys.txt). Ancillary question: (5) If it turns out that some files aren't safe to distribute, do I need to remove them from the source tarball, and if so how? Do I have to prepare my own tarball and host it too? Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://et.redhat.com/~rjones/virt-top From stickster at gmail.com Tue Mar 11 12:59:13 2008 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 11 Mar 2008 08:59:13 -0400 Subject: [Fedora-legal-list] Some licenses which need checking In-Reply-To: <20080310153807.GA2889@amd.home.annexia.org> References: <20080310153807.GA2889@amd.home.annexia.org> Message-ID: <1205240353.3965.9.camel@localhost.localdomain> On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote: > Ancillary question: > > (5) If it turns out that some files aren't safe to distribute, do I > need to remove them from the source tarball, and if so how? Do I have > to prepare my own tarball and host it too? You can do the fllowing: 1. Extract the files from the tarball. 2. Create a shell script which removes the questionable files from the tree. 3. Create a new tarball with an appropriate name (foobar-1.2-nouni.tar.bz2). 4. Replace the old source tarball: $ make FILES="foobar-1.2-nouni.tar.gz2" new-sources 5. Add and commit the shell script to CVS. You can see an example of this in my packaging of drivel, which removes an MD5 implementation that was using the Aladdin Software License. That license is incompatible with the GPL code used in the rest of that software. http://cvs.fedoraproject.org/viewcvs/rpms/drivel/F-8/?root=pkgs -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From stickster at gmail.com Tue Mar 11 12:59:13 2008 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 11 Mar 2008 08:59:13 -0400 Subject: [Fedora-legal-list] Some licenses which need checking In-Reply-To: <20080310153807.GA2889@amd.home.annexia.org> References: <20080310153807.GA2889@amd.home.annexia.org> Message-ID: <1205240353.3965.10.camel@localhost.localdomain> On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote: > Ancillary question: > > (5) If it turns out that some files aren't safe to distribute, do I > need to remove them from the source tarball, and if so how? Do I have > to prepare my own tarball and host it too? You can do the fllowing: 1. Extract the files from the tarball. 2. Create a shell script which removes the questionable files from the tree. 3. Create a new tarball with an appropriate name (foobar-1.2-nouni.tar.bz2). 4. Replace the old source tarball: $ make FILES="foobar-1.2-nouni.tar.gz2" new-sources 5. Add and commit the shell script to CVS. You can see an example of this in my packaging of drivel, which removes an MD5 implementation that was using the Aladdin Software License. That license is incompatible with the GPL code used in the rest of that software. http://cvs.fedoraproject.org/viewcvs/rpms/drivel/F-8/?root=pkgs -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From tcallawa at redhat.com Wed Mar 12 19:32:47 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Wed, 12 Mar 2008 15:32:47 -0400 Subject: [Fedora-legal-list] Some licenses which need checking In-Reply-To: <20080310153807.GA2889@amd.home.annexia.org> References: <20080310153807.GA2889@amd.home.annexia.org> Message-ID: <1205350368.2998.66.camel@localhost.localdomain> On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote: > There's no license information but it was my understanding (IANAL) > that simple lists of facts like this couldn't be monopolized in the > US. Yes. This is fine to include. > (2) The package ships Unicode data with the license below. Is it OK? > > > http://www.unicode.org/Public/3.2-Update/UnicodeData-3.2.0.html#UCD_Terms > This is already listed in the "Good License" list, use "UCD" in the License tag. http://fedoraproject.org/wiki/Licensing/UCD > (3) The package contains locales from the IBM ICU project. The > license for this looks like BSD to me, so is this OK? > http://source.icu-project.org/repos/icu/icu/trunk/license.html This is yet another MIT variant, use "MIT" in the License tag. (I've added it to the Licensing/MIT page) > (4) Finally there is one file whose license is described like this: > > The file allkey.txt [sic] is obtained from Unicode Consortium Web > site. > Its copyright is owned by Unicode Consortium. Its use, > reproduction, > distribution are permitted under the term of > http://www.unicode.org/copyright.html Believe it or not, this long winded document eventually refers to "Exhibit A", which is still another MIT variant (I named it "Modern Style without sublicense (Unicode)" at Licensing/MIT). So, it is also fine. So, with all of that in hand, this is what your License tag should look like for your specific package (from 253564): # Several files are MIT and UCD licensed, but the overall work is LGPLv2 + # and the LGPL/GPL supercedes compatible licenses. License: LGPLv2+ Note that you had "LGPLv2", which is extremely uncommon, since the LGPLv2 by default has an "or greater clause", thus, the only way you can get LGPLv2 (which means only v2) is to explicitly exclaim that the license is v2 only. ~spot From andreas.bierfert at lowlatency.de Fri Mar 14 14:19:09 2008 From: andreas.bierfert at lowlatency.de (Andreas Bierfert) Date: Fri, 14 Mar 2008 15:19:09 +0100 Subject: [Fedora-legal-list] Possible nessus-core license problem Message-ID: <20080314151909.1f8629e3@alkaid.a.lan> Hi there, it was just brought to my attention that nessus-core, specifically the client may have a license issue if build with ssl support: https://bugzilla.redhat.com/show_bug.cgi?id=437474 Since I have no clue about these things it would be nice of someone could elaborate a bit more on this, specifically if we need to take action and remove it. Regards, Andreas -- Andreas Bierfert, M.Sc. | http://awbsworld.de | GPG: C58CF1CB andreas.bierfert at lowlatency.de | http://lowlatency.de | signed/encrypted phone: +49 2402 102373 | cell: +49 173 5803043 | mail preferred -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From tcallawa at redhat.com Sun Mar 23 15:43:17 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Sun, 23 Mar 2008 11:43:17 -0400 Subject: [Fedora-legal-list] Sendmail license In-Reply-To: <1194003604.21765.117.camel@localhost.localdomain> References: <46D55DFA.3050402@city-fan.org> <472AEB51.8080301@city-fan.org> <1194003604.21765.117.camel@localhost.localdomain> Message-ID: <1206286997.4438.15.camel@localhost.localdomain> On Fri, 2007-11-02 at 07:40 -0400, Tom "spot" Callaway wrote: > On Fri, 2007-11-02 at 09:18 +0000, Paul Howarth wrote: > > The sendmail license (http://www.sendmail.org/ftp/LICENSE) is not > > currently listed in the "Good licenses" list, nor is it listed on the > > FSF "list of licenses" page. However, sendmail *is* listed in the FSF > > directory of free software (http://directory.fsf.org/sendmail.html). > > > > Please can the sendmail license be added to the good licenses list? > > Believe it or not, this license is still pending review from the FSF > since the first time you asked. :/ Answer: Free, and GPL compatible as long as the copyright holder is Eric Allman, Sendmail Inc, or the University of California. ~spot From nphilipp at redhat.com Tue Mar 25 15:53:48 2008 From: nphilipp at redhat.com (Nils Philippsen) Date: Tue, 25 Mar 2008 16:53:48 +0100 Subject: [Fedora-legal-list] Sendmail license In-Reply-To: <1206286997.4438.15.camel@localhost.localdomain> References: <46D55DFA.3050402@city-fan.org> <472AEB51.8080301@city-fan.org> <1194003604.21765.117.camel@localhost.localdomain> <1206286997.4438.15.camel@localhost.localdomain> Message-ID: <1206460428.3606.11.camel@gibraltar.str.redhat.com> On Sun, 2008-03-23 at 11:43 -0400, Tom "spot" Callaway wrote: > On Fri, 2007-11-02 at 07:40 -0400, Tom "spot" Callaway wrote: > > On Fri, 2007-11-02 at 09:18 +0000, Paul Howarth wrote: > > > The sendmail license (http://www.sendmail.org/ftp/LICENSE) is not > > > currently listed in the "Good licenses" list, nor is it listed on the > > > FSF "list of licenses" page. However, sendmail *is* listed in the FSF > > > directory of free software (http://directory.fsf.org/sendmail.html). > > > > > > Please can the sendmail license be added to the good licenses list? > > > > Believe it or not, this license is still pending review from the FSF > > since the first time you asked. :/ > > Answer: > > Free, and GPL compatible as long as the copyright holder is Eric Allman, > Sendmail Inc, or the University of California. That's an interesting restriction. Is there a story hidden behind it? Nils -- Nils Philippsen / Red Hat / nphilipp at redhat.com "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 From rfontana at redhat.com Tue Mar 25 17:32:59 2008 From: rfontana at redhat.com (Richard Fontana) Date: Tue, 25 Mar 2008 13:32:59 -0400 Subject: [Fedora-legal-list] Sendmail license In-Reply-To: <1206460428.3606.11.camel@gibraltar.str.redhat.com> References: <46D55DFA.3050402@city-fan.org> <472AEB51.8080301@city-fan.org> <1194003604.21765.117.camel@localhost.localdomain> <1206286997.4438.15.camel@localhost.localdomain> <1206460428.3606.11.camel@gibraltar.str.redhat.com> Message-ID: <20080325173259.GA13078@redhat.com> (IAARHL, TINLA) On Tue, Mar 25, 2008 at 04:53:48PM +0100, Nils Philippsen wrote: > > On Sun, 2008-03-23 at 11:43 -0400, Tom "spot" Callaway wrote: > > Answer: > > > > Free, and GPL compatible as long as the copyright holder is Eric Allman, > > Sendmail Inc, or the University of California. > > That's an interesting restriction. Is there a story hidden behind it? Not really, but here's the explanation. The sendmail license was drafted by Eric Allman with (among other things) the intent of making it GPL-compatible. However, the clause in question does not clearly achieve that effect. It says you can redistribute, even for profit, provided: Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this license. It is not clear from a literal analysis how to interpret that second sentence, but one could argue that if you incorporate sendmail code into a larger GPL-licensed work, there are licensing terms governing subsequent distribution of the whole which are no longer "substantially the same terms" as those of the sendmail license. (For example, sendmail permits binary-only distribution, whereas the GPL requires that the recipient of a binary be provided with complete corresponding source code.) There's enough evidence to satisfy me that Eric Allman didn't intend that interpretation. I think it is reasonable to consider Eric Allman and Sendmail, Inc. licensing alter egos for purposes of this analysis. As for the University of California, there's a 3-clause BSD-like license embedded in the Sendmail license that applies to portions copyrighted by UC. If some third party licensor started using this license for some other code, I don't think you could assume they'd share the view of Eric Allman that the clause in question was designed to facilitate GPL compatibility. Indeed, the best literal reading of the clause leads to the opposite conclusion. Licenses are generally interpreted according to the intent of the licensor. I think this might take care of all code in sendmail that is actually covered by the Sendmail license, but I haven't checked closely. -- Richard E. Fontana Red Hat, Inc. From gc at falconpl.org Tue Mar 25 19:56:57 2008 From: gc at falconpl.org (Giancarlo Niccolai) Date: Tue, 25 Mar 2008 20:56:57 +0100 Subject: [Fedora-legal-list] Falcon Programming Language license In-Reply-To: <1200739655.4387.10.camel@localhost.localdomain> References: <4791D2AA.5070006@falconpl.org> <1200739655.4387.10.camel@localhost.localdomain> Message-ID: <47E95909.7060500@falconpl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom "spot" Callaway wrote: > On Sat, 2008-01-19 at 11:36 +0100, Giancarlo Niccolai wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Hello, I have submitted the Falcon package for review and >> inclusion at >> >> https://bugzilla.redhat.com/show_bug.cgi?id=428603 >> >> I will clear the rpmlint report later today. >> >> The Falcon Programming Language is released under FPLL: this is >> mainly an Apache2 license modified to extend the openness of the >> license to the embedding application and to the scripts. Here I >> am submitting the license to fedora-legal for approval. > > I've passed this on to the FSF's lawyers for review. > > ~spot Hello; I have reached an agreement with Debian about double licensing; I will distribute Falcon there as GPL or FPLL as the user wish. I have been provided with documentation and samples on how to accomplish this. I didn't have news for some while from Fedora, witch accepted the package with the exception of the license. If I repackage with double licensing, would this clear the package for release? TIA, Giancarlo Niccolai. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH6VkI5nwsoBIDC4YRAk94AJ9MCq4NNgOCZudZHr7eV5bmc7Kl+QCgmU4m lawOE0VfMWkI6IHjaRgI78Q= =GAs3 -----END PGP SIGNATURE----- From tcallawa at redhat.com Tue Mar 25 20:12:40 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Tue, 25 Mar 2008 16:12:40 -0400 Subject: [Fedora-legal-list] Falcon Programming Language license In-Reply-To: <47E95909.7060500@falconpl.org> References: <4791D2AA.5070006@falconpl.org> <1200739655.4387.10.camel@localhost.localdomain> <47E95909.7060500@falconpl.org> Message-ID: <1206475960.11450.25.camel@localhost.localdomain> On Tue, 2008-03-25 at 20:56 +0100, Giancarlo Niccolai wrote: > I didn't have news for some while from Fedora, witch accepted the > package with the exception of the license. If I repackage with double > licensing, would this clear the package for release? Yes, if you dual licensed it with GPL, it would be fine for Fedora (we would distribute under GPL). ~spot From sundaram at fedoraproject.org Tue Mar 25 20:14:52 2008 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Wed, 26 Mar 2008 01:44:52 +0530 Subject: [Fedora-legal-list] Falcon Programming Language license In-Reply-To: <47E95909.7060500@falconpl.org> References: <4791D2AA.5070006@falconpl.org> <1200739655.4387.10.camel@localhost.localdomain> <47E95909.7060500@falconpl.org> Message-ID: <47E95D3C.8010302@fedoraproject.org> Giancarlo Niccolai wrote: > > Hello; I have reached an agreement with Debian about double licensing; > I will distribute Falcon there as GPL or FPLL as the user wish. I have > been provided with documentation and samples on how to accomplish this. Great. This is usually called dual licensing. > I didn't have news for some while from Fedora, witch accepted the > package with the exception of the license. If I repackage with double > licensing, would this clear the package for release? Yes, under the terms of GPL. Rahul