GPL compliance

Paul W. Frields stickster at
Wed Mar 19 11:24:00 UTC 2008

Giving out CDs/DVDs

The Fedora Project Board wants our project to remain in
compliance with Free and Open Source Software licenses.  We also
want to make sure our Ambassadors are properly following those
licenses when they distribute Fedora.  By making sure we are
meeting our obligations under these licenses, we protect Fedora
and all its contributors, including you, our Ambassadors.
The Board asks you to do the following at events where
you hand out CDs or DVDs of Fedora:

1) Let people know that source code for everything on the
   CDs/DVDs is available for download from
   Place at least a simple piece of paper on the table at the
   booth, which states:

     Source Code available on  Physical
     media with source code available upon request.

2) Bring blank CDs, a computer with a CD burner, and a copy of
   the SRPMS directory matching the Fedora release for which
   you're handing out media.

   Encourage anyone who asks for the source code to download it
   from  If someone insists, burn them CDs
   containing the source code.  You will probably not need to do
   this often, but this step is necessary to comply with the
   contains the list of SRPMS corresponding to the packages on
   the Fedora 8 i686 and x86_64 Live images.  Use whichever tools
   you like to download and burn those to media.

Thank you for your attention to this matter, and thank you for
supporting Fedora!

Reasons Why This is Important

The Fedora Project distributes its software under terms of each
of the licenses, including the GNU General Public License,
version 2.  These licenses often have a requirement, such as in
GPLv2 paragraph 3, to make the "corresponding source code"
available to recipients of binary code.  The Fedora Project
publishes the binaries, and source code, on the same web sites
for download.  By that definition, the Fedora Project distributes
under paragraph 3(a).  Refer also to: 

When Ambassadors hand out CDs and DVDs at events, they need to be
able to give recipients the corresponding source code on physical
media.  One way to do this is to produce (or be ready to burn
on-site) a few CDs with the source code, as downloaded from  At events, you could post a sign such as:

    Source Code available on  CDs with
    source code available upon request.

Now, if someone at the show asks, you can encourage them to download the
code themselves (and become a contributor to Fedora).  If they insist on
getting source code on physical media, then provide them with CDs with
the source code.  This is an additional bit of work on the part of our
Ambassadors, but it protects both the Ambassadors, and the Fedora
Project, from any undue criticism and future obligation under these

Matt Domsch has started a project on, called
'correspondingsource'.  The goal of 'correspondingsource' is to
make it easy to get the Source RPMs for any binary bits that may
be on any Fedora media.  This facility would allow the Fedora
Project to start relying upon GPLv2 paragraph 3(b).  GPLv2
paragraph 3(b) requires us to make the source code available for
at least three (3) years (from the last date anyone hands out a CD/DVD -
so quite a long time).  This capability is not in place today -
the code is in the Fedora Package Source Code Control
system (currently CVS), but we don't hang on to the built SRPMS
indefinitely, nor do we have a way to easily generate an ISO
image with SRPMS on it.

Matt would welcome help with this project, and the Board
encourages Fedora contributors to get involved to help ease any
burden on the community.

The Fedora Project Board
Paul W. Frields, Chair

Paul W. Frields                      
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717   -  -  -  - stickster @ #fedora-docs, #fedora-devel, #fredlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the fedora-advisory-board mailing list