[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Board Recap 2007-JUL-10



On 7/12/07, Luis Villa <luis tieguy org> wrote:
[Note that this is not an official position of Red Hat Legal; I am not
a lawyer (yet), and I am particularly not your lawyer (yet). Were I
speaking as part of Red Hat Legal, I would speak with an @redhat.com
address.]

On 7/12/07, Josh Boyer <jwboyer jdub homelinux org> wrote:
> > == Brief discussion of GPL v2/v3 and EULA for F8 ==
> >  * Consider adding license version tagging to spec file - push to FESCo
> >  * Need to raise awareness to examine code coming from upstream during version updates
> >  * Mostly packaging issues that need to be discussed with legal
>
> Can you explain this a bit more please?  Particularly if you're going to
> push it to FESCo.
>
> 1) Why do we need to examine code coming from upstream updates?  (E.g.
> only to make sure the license tag spells out the correct version?)

Consider a not very hypothetical hypothetical: (the details of the
incompatibility are simplified and possibly even incorrect, because I
have been at the office *a lot* the past three days, but the basic
idea is there)

* Samba releases a library which is GPLv3. They are upstream for
libsmbclient; it is their prerogative to do this.

* Fedora packages and ships this new, GPL v3 libsmbclient.

* Fedora rebuilds things which link against libsmbclient, but which
are not GPL v3.

* Fedora distributes. Voila... a (potential, depending on the details)
license violation!

Here, all relevant upstreams have done the right thing, and yet Fedora
has committed a license violation. So Fedora might wish to put into
place review procedures which minimize the risk of this occurring.

Probably worth noting, finally, that of course this also eventually
becomes an upstream problem which the library and application will
have to work out between themselves. But because Fedora is the
integrator, and Fedora is the one who (by linking) actually violates
the license (and in the v2 case, technically immediately loses the
right to distribute in the future!), Fedora needs to be on its toes
and not wait for the two of them to work it out; instead it should try
to see the problems before the upstreams do and help both sides to
work it out instead of just waiting and hoping that they do.

Luis


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]