From steve at lonetwin.net Mon Dec 1 14:46:07 2008 From: steve at lonetwin.net (Steve) Date: Mon, 1 Dec 2008 14:46:07 +0000 Subject: [Fedora-legal-list] Could you please review this license and add it .... Message-ID: <17310.1228142767@lonetwin.net> Greeting All ! This is related to a package I submitted for review: WordNet - https://bugzilla.redhat.com/show_bug.cgi?id=473583 This package is licensed under it's own specific license, something called the WordNet 3.0 license: http://wordnet.princeton.edu/license I would appreciate it if you could review this (very short, textwise) license and add it to the acceptable software licenses list at: http://fedoraproject.org/wiki/Licensing#SoftwareLicenses For what it's worth, I assume, this should not be too difficult to evaluate as an open source license. Further more, wordnet (the package) is already available along with a lot of linux distros. (which I understand would not automatically imply that it's OSS ...but still ...:) ) thanks for your help, regards, - steve PS: adding a note to the BZ once this is approved, might help, else, I can always point the package reviewer to the fedoraproject.org page. From tcallawa at redhat.com Mon Dec 1 16:09:43 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Mon, 01 Dec 2008 11:09:43 -0500 Subject: [Fedora-legal-list] Could you please review this license and add it .... In-Reply-To: <17310.1228142767@lonetwin.net> References: <17310.1228142767@lonetwin.net> Message-ID: <1228147783.3406.111.camel@localhost.localdomain> On Mon, 2008-12-01 at 14:46 +0000, Steve wrote: > Greeting All ! > > This is related to a package I submitted for review: > WordNet - https://bugzilla.redhat.com/show_bug.cgi?id=473583 > > This package is licensed under it's own specific license, something called the WordNet 3.0 license: > http://wordnet.princeton.edu/license > > I would appreciate it if you could review this (very short, textwise) license and add it to the acceptable software licenses list at: It's just another MIT variant. I've added a comment to the bz ticket. ~spot From tcallawa at redhat.com Mon Dec 1 21:37:46 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Mon, 01 Dec 2008 16:37:46 -0500 Subject: [Fedora-legal-list] License opinion required In-Reply-To: <0642D6A9-E46D-4C73-A831-5E3EEF9AD688@entertain-me.com> References: <0642D6A9-E46D-4C73-A831-5E3EEF9AD688@entertain-me.com> Message-ID: <1228167466.3406.128.camel@localhost.localdomain> On Sun, 2008-11-30 at 10:28 -0330, David Carter wrote: > Hi, > > I'm packaging software with the following license on part of the code, > and I need to know if it's OK. Unfortunately, it isn't okay. This is non-free, because there is no permission to redistribute modified versions of code under this license, only to "Make copies of the original file you download and distribute it". That, combined with: "Except as expressly stated above, HP and tang-IT grant no other licenses, express or implied, by estoppel or otherwise, to any intellectual property rights." means that we cannot assume permission to distribute modified/derived works is implied. HP usually does a better job of this, perhaps they'd be willing to fix this license, or re-license this work under an established free license? ~spot From adam at spicenitz.org Fri Dec 5 22:48:48 2008 From: adam at spicenitz.org (Adam Goode) Date: Fri, 05 Dec 2008 17:48:48 -0500 Subject: [Fedora-legal-list] jai-imageio-core license questions Message-ID: <4939AFD0.4070101@spicenitz.org> Hi, jai-imageio-core is a Java package from Sun that includes plugins for Java that adds various image codecs, most notably TIFF. It would be really useful to have this in Fedora, so I'm thinking of packaging. Unfortunately, there are a few issues: GOOD: the website claims it is BSD https://jai-imageio-core.dev.java.net/ BAD: it contains jj2000 which doesn't seem like BSD https://jai-imageio-core.dev.java.net/source/browse/jai-imageio-core/src/share/classes/jj2000/j2k/JJ2KInfo.java?rev=1.1&view=markup GOOD: TIFF seems to be BSD https://jai-imageio-core.dev.java.net/source/browse/jai-imageio-core/src/share/classes/com/sun/media/imageioimpl/plugins/tiff/TIFFImageReader.java?rev=1.13&view=markup I assume jj2000 can't go in to Fedora. I filed a Sun bugreport about this BSD confusion, but they are quiet on it. Am I wrong? Can jj2000 go in? (It would be useful.) Would I just need to strip jj2000 out of this package to make it ok for Fedora? Thanks, Adam -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From tcallawa at redhat.com Mon Dec 8 17:11:35 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Mon, 08 Dec 2008 12:11:35 -0500 Subject: [Fedora-legal-list] jai-imageio-core license questions In-Reply-To: <4939AFD0.4070101@spicenitz.org> References: <4939AFD0.4070101@spicenitz.org> Message-ID: <1228756295.21023.6.camel@localhost.localdomain> On Fri, 2008-12-05 at 17:48 -0500, Adam Goode wrote: > I assume jj2000 can't go in to Fedora. I filed a Sun bugreport about > this BSD confusion, but they are quiet on it. Am I wrong? Can jj2000 go > in? (It would be useful.) Would I just need to strip jj2000 out of this > package to make it ok for Fedora? For two reasons, jj2000 can't go into Fedora: 1. The license it is under is non-free (only "JJ2000 Partners" have right to use, there is no right to modify, heavy use restrictions based on standard compliance). 2. JPEG 2000 is heavily patent mined. You'd need to strip jj2000 out of the source tarball and ship a "clean" tarball to make it okay for Fedora. Sun is historically really bad at licensing issues like this, although recently, they seem to be at least more interested in resolving these issues. Unfortunately, the patent issues around JPEG 2000 mean that even if this code was under an acceptable license, we still couldn't ship it. ~spot From adam at spicenitz.org Mon Dec 8 19:44:46 2008 From: adam at spicenitz.org (Adam Goode) Date: Mon, 08 Dec 2008 14:44:46 -0500 Subject: [Fedora-legal-list] jai-imageio-core license questions In-Reply-To: <1228756295.21023.6.camel@localhost.localdomain> References: <4939AFD0.4070101@spicenitz.org> <1228756295.21023.6.camel@localhost.localdomain> Message-ID: <493D792E.3030706@spicenitz.org> Tom "spot" Callaway wrote: > For two reasons, jj2000 can't go into Fedora: > > 1. The license it is under is non-free (only "JJ2000 Partners" have > right to use, there is no right to modify, heavy use restrictions based > on standard compliance). > 2. JPEG 2000 is heavily patent mined. > > You'd need to strip jj2000 out of the source tarball and ship a "clean" > tarball to make it okay for Fedora. Yeah, this is what I thought. Thanks for verifying this. > Sun is historically really bad at licensing issues like this, although > recently, they seem to be at least more interested in resolving these > issues. Unfortunately, the patent issues around JPEG 2000 mean that even > if this code was under an acceptable license, we still couldn't ship it. This seems strange to me: if patents are a problem then why does Fedora ship 2 other JPEG 2000 libraries already? (jasper since FC3, openjpeg since F7.) Thanks, Adam -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From tibbs at math.uh.edu Mon Dec 8 20:05:23 2008 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: 08 Dec 2008 14:05:23 -0600 Subject: [Fedora-legal-list] jai-imageio-core license questions In-Reply-To: <493D792E.3030706@spicenitz.org> References: <4939AFD0.4070101@spicenitz.org> <1228756295.21023.6.camel@localhost.localdomain> <493D792E.3030706@spicenitz.org> Message-ID: >>>>> "AG" == Adam Goode writes: AG> This seems strange to me: if patents are a problem then why does AG> Fedora ship 2 other JPEG 2000 libraries already? (jasper since AG> FC3, openjpeg since F7.) Maybe they need to removed. Not every reviewer feels able to do a patent review, you know, and occasionally things get in that shouldn't. - J< From tcallawa at redhat.com Mon Dec 8 21:40:08 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Mon, 08 Dec 2008 16:40:08 -0500 Subject: [Fedora-legal-list] jai-imageio-core license questions In-Reply-To: <493D792E.3030706@spicenitz.org> References: <4939AFD0.4070101@spicenitz.org> <1228756295.21023.6.camel@localhost.localdomain> <493D792E.3030706@spicenitz.org> Message-ID: <1228772408.21023.22.camel@localhost.localdomain> On Mon, 2008-12-08 at 14:44 -0500, Adam Goode wrote: > This seems strange to me: if patents are a problem then why does Fedora > ship 2 other JPEG 2000 libraries already? (jasper since FC3, openjpeg > since F7.) The lawyers are thinking extra-double hard about this (thanks for pointing it out). When they decide something, I'll let you know. In the interim, if you wanted to try to resolve the licensing issue with Sun, that might not be a bad idea. :) ~spot From adam at spicenitz.org Mon Dec 8 21:51:28 2008 From: adam at spicenitz.org (Adam Goode) Date: Mon, 08 Dec 2008 16:51:28 -0500 Subject: [Fedora-legal-list] jai-imageio-core license questions In-Reply-To: <1228772408.21023.22.camel@localhost.localdomain> References: <4939AFD0.4070101@spicenitz.org> <1228756295.21023.6.camel@localhost.localdomain> <493D792E.3030706@spicenitz.org> <1228772408.21023.22.camel@localhost.localdomain> Message-ID: <493D96E0.7010404@spicenitz.org> Tom "spot" Callaway wrote: > On Mon, 2008-12-08 at 14:44 -0500, Adam Goode wrote: > >> This seems strange to me: if patents are a problem then why does Fedora >> ship 2 other JPEG 2000 libraries already? (jasper since FC3, openjpeg >> since F7.) > > The lawyers are thinking extra-double hard about this (thanks for > pointing it out). > When they decide something, I'll let you know. Glad to be of help. :) > > In the interim, if you wanted to try to resolve the licensing issue with > Sun, that might not be a bad idea. :) Here is my old bug report (they basically said they weren't shipping the code, which is not true, and left it at that): https://jai-imageio-core.dev.java.net/issues/show_bug.cgi?id=162 I also tried contacting some of the jj2000 authors a year ago, and they basically said that as reference software for ISO, "the code becomes pretty flexible to use", but didn't know about open source interoperability. Adam -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net Tue Dec 9 11:57:36 2008 From: thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net (Matthias Saou) Date: Tue, 9 Dec 2008 12:57:36 +0100 Subject: [Fedora-legal-list] CAcert.org license Message-ID: <20081209125736.77609055@python3.es.egwn.lan> Hi, For the following review : https://bugzilla.redhat.com/show_bug.cgi?id=474549 I would need to know if the "Non Related Persons Disclaimer and Licence" under which the CAcert root certificates files are is acceptable for Fedora or not. Full text here : http://www.cacert.org/policy/NRPDisclaimerAndLicence.php What I see is that it only really applies to liability, and doesn't cover modifications since those wouldn't make much sense. What does bother me somewhat is the last part of the "License" section : "You may NOT distribute certificates or root keys under this licence, nor make representation about them." as well as the fact that liability might be transferred to the Fedora Project if the certificates are shipped in the distribution. IANAL and I found nothing relevant in the "Licensing" wiki page, which is why I'm posting here. Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 10 (Cambridge) - Linux kernel 2.6.27.5-117.fc10.x86_64 Load : 0.52 0.55 0.87 From tcallawa at redhat.com Tue Dec 9 16:00:12 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Tue, 09 Dec 2008 11:00:12 -0500 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <20081209125736.77609055@python3.es.egwn.lan> References: <20081209125736.77609055@python3.es.egwn.lan> Message-ID: <1228838412.3553.22.camel@localhost.localdomain> On Tue, 2008-12-09 at 12:57 +0100, Matthias Saou wrote: > Hi, > > For the following review : > https://bugzilla.redhat.com/show_bug.cgi?id=474549 > > I would need to know if the "Non Related Persons Disclaimer and > Licence" under which the CAcert root certificates files are is > acceptable for Fedora or not. Full text here : > http://www.cacert.org/policy/NRPDisclaimerAndLicence.php > > What I see is that it only really applies to liability, and doesn't > cover modifications since those wouldn't make much sense. What does > bother me somewhat is the last part of the "License" section : "You may > NOT distribute certificates or root keys under this licence, nor make > representation about them." as well as the fact that liability might be > transferred to the Fedora Project if the certificates are shipped in > the distribution. Yeah, so this would be a Content license rather than a software license. Given that it does not give permission for us to redistribute (the cornerstone requirement for Content licenses), this license is not acceptable for Fedora. ~spot From tibbs at math.uh.edu Tue Dec 9 16:30:34 2008 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: 09 Dec 2008 10:30:34 -0600 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <1228838412.3553.22.camel@localhost.localdomain> References: <20081209125736.77609055@python3.es.egwn.lan> <1228838412.3553.22.camel@localhost.localdomain> Message-ID: >>>>> "TC" == Tom \"spot\" Callaway writes: TC> Given that it does not give permission for us to redistribute (the TC> cornerstone requirement for Content licenses), this license is not TC> acceptable for Fedora. I guess I'm glad I looked before approving the package, but I have to wonder: Do the cacert folks actually want anyone to use their certificates? I mean, this prevents basically everyone from using them, because they can't come with the OS or the browser. - J< From tcallawa at redhat.com Tue Dec 9 22:17:07 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Tue, 09 Dec 2008 17:17:07 -0500 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <20081209230338.0cd9ca93@twister> References: <20081209125736.77609055@python3.es.egwn.lan> <1228838412.3553.22.camel@localhost.localdomain> <20081209230338.0cd9ca93@twister> Message-ID: <1228861027.3553.39.camel@localhost.localdomain> On Tue, 2008-12-09 at 23:03 +0100, Matthias Saou wrote: > > >>>>> "TC" == Tom \"spot\" Callaway writes: > > > > TC> Given that it does not give permission for us to redistribute (the > > TC> cornerstone requirement for Content licenses), this license is not > > TC> acceptable for Fedora. > > > > I guess I'm glad I looked before approving the package, but I have to > > wonder: Do the cacert folks actually want anyone to use their > > certificates? I mean, this prevents basically everyone from using > > them, because they can't come with the OS or the browser. > > Personally, the more I read the document, the more I'm confused. > > "You may NOT distribute certificates or root keys under this > licence"... does this mean we can distribute under a different license? Well, sortof. The wording here is strange because you can get a different license from the CA issuer. We can't just pick a license, but the CA issuer might be willing to give us a different one. > Would it be worth getting in contact with CAcert.org in order to try > and have them allow us to redistribute the root certs under conditions > which are acceptable to the Fedora Project? Probably, yes. :) ~spot From tibbs at math.uh.edu Tue Dec 9 22:22:05 2008 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: 09 Dec 2008 16:22:05 -0600 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <20081209230338.0cd9ca93@twister> References: <20081209125736.77609055@python3.es.egwn.lan> <1228838412.3553.22.camel@localhost.localdomain> <20081209230338.0cd9ca93@twister> Message-ID: >>>>> "MS" == Matthias Saou writes: MS> Would it be worth getting in contact with CAcert.org in order to MS> try and have them allow us to redistribute the root certs under MS> conditions which are acceptable to the Fedora Project? Those conditions would have to be pretty liberal, since we insist that anyone who gets the package from us also be able to distribute it. An agreement that applies to the Fedora project isn't sufficient. I don't see why they wouldn't want everyone to include their certs, but there's no understanding it. The best thing to do would be to ask them. - J< From cfarrell at suse.de Wed Dec 10 09:20:56 2008 From: cfarrell at suse.de (Ciaran Farrell) Date: Wed, 10 Dec 2008 10:20:56 +0100 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <1228861027.3553.39.camel@localhost.localdomain> References: <20081209125736.77609055@python3.es.egwn.lan> <20081209230338.0cd9ca93@twister> <1228861027.3553.39.camel@localhost.localdomain> Message-ID: <200812101020.59884.cfarrell@suse.de> On Tuesday 09 December 2008 23:17:07 Tom "spot" Callaway wrote: > On Tue, 2008-12-09 at 23:03 +0100, Matthias Saou wrote: > > > >>>>> "TC" == Tom \"spot\" Callaway writes: > > > > > > TC> Given that it does not give permission for us to redistribute (the > > > TC> cornerstone requirement for Content licenses), this license is not > > > TC> acceptable for Fedora. > > > > > > I guess I'm glad I looked before approving the package, but I have to > > > wonder: Do the cacert folks actually want anyone to use their > > > certificates? I mean, this prevents basically everyone from using > > > them, because they can't come with the OS or the browser. > > > > Personally, the more I read the document, the more I'm confused. > > > > "You may NOT distribute certificates or root keys under this > > licence"... does this mean we can distribute under a different license? > > Well, sortof. The wording here is strange because you can get a > different license from the CA issuer. We can't just pick a license, but > the CA issuer might be willing to give us a different one. > > > Would it be worth getting in contact with CAcert.org in order to try > > and have them allow us to redistribute the root certs under conditions > > which are acceptable to the Fedora Project? > > Probably, yes. :) Just thought I'd chime in on this CACert issue. We at openSUSE have the same problem with the CACert license and we are in contact with them about it. They don't seem to be sure about what to do and are open for suggestions, especially from distributors. They want to get their root certs into our distributions, but worry about possible implications of their private key being compromised. I think it would make sense to coordinate our efforts here - openSUSE and Fedora want to distribute the CaCert.org root certs and we are both unhappy with the current terms of distribution. @spot - if you like, I'll forward you our correspondence with the cacert people thus far. Ciaran -- Ciaran Farrell __o cfarrell at suse.de _`\<,_ Phone: +49 (0)911 74053 262 (_)/ (_) SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG N?rnberg) Maxfeldstrasse 5, 90409, Nuremberg, Germany /?ki?.r?n/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From tcallawa at redhat.com Wed Dec 10 14:56:02 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Wed, 10 Dec 2008 09:56:02 -0500 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <200812101020.59884.cfarrell@suse.de> References: <20081209125736.77609055@python3.es.egwn.lan> <20081209230338.0cd9ca93@twister> <1228861027.3553.39.camel@localhost.localdomain> <200812101020.59884.cfarrell@suse.de> Message-ID: <1228920963.10108.7.camel@localhost.localdomain> On Wed, 2008-12-10 at 10:20 +0100, Ciaran Farrell wrote: > I think it would make sense to coordinate our efforts here - openSUSE > and > Fedora want to distribute the CaCert.org root certs and we are both > unhappy > with the current terms of distribution. So, given that Fedora has two classes of licensing (Code and Content) and that these CaCert.org root certs would safely fall into the Content category, we really only need permission to copy and redistribute the root certs without restriction. We don't need the right to modify them. I'm not sure how their private keys come into this, are they distributing them for some odd reason? > @spot - if you like, I'll forward you our correspondence with the > cacert > people thus far. Sure, thanks! ~spot From cfarrell at suse.de Wed Dec 10 15:36:37 2008 From: cfarrell at suse.de (Ciaran Farrell) Date: Wed, 10 Dec 2008 16:36:37 +0100 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <1228920963.10108.7.camel@localhost.localdomain> References: <20081209125736.77609055@python3.es.egwn.lan> <200812101020.59884.cfarrell@suse.de> <1228920963.10108.7.camel@localhost.localdomain> Message-ID: <200812101636.43564.cfarrell@suse.de> On Wednesday 10 December 2008 15:56:02 Tom "spot" Callaway wrote: > On Wed, 2008-12-10 at 10:20 +0100, Ciaran Farrell wrote: > > I think it would make sense to coordinate our efforts here - openSUSE > > and > > Fedora want to distribute the CaCert.org root certs and we are both > > unhappy > > with the current terms of distribution. > > So, given that Fedora has two classes of licensing (Code and Content) > and that these CaCert.org root certs would safely fall into the Content > category, we really only need permission to copy and redistribute the > root certs without restriction. We don't need the right to modify them. > > I'm not sure how their private keys come into this, are they > distributing them for some odd reason? Sorry, I should have been more clear about this. One of the discussion points was that the CaCert people were worried about liability if their private key were somehow to be compromised. They were therefore seeking to force end users to accept some type of disclaimer. To do this, they wanted distributors to write it directly into the EULA/SLA. Ciaran > > > @spot - if you like, I'll forward you our correspondence with the > > cacert > > people thus far. > > Sure, thanks! > > ~spot -- Ciaran Farrell __o cfarrell at suse.de _`\<,_ Phone: +49 (0)911 74053 262 (_)/ (_) SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG N?rnberg) Maxfeldstrasse 5, 90409, Nuremberg, Germany /?ki?.r?n/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From tcallawa at redhat.com Wed Dec 10 15:43:19 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Wed, 10 Dec 2008 10:43:19 -0500 Subject: [Fedora-legal-list] CAcert.org license In-Reply-To: <200812101636.43564.cfarrell@suse.de> References: <20081209125736.77609055@python3.es.egwn.lan> <200812101020.59884.cfarrell@suse.de> <1228920963.10108.7.camel@localhost.localdomain> <200812101636.43564.cfarrell@suse.de> Message-ID: <1228923799.10108.15.camel@localhost.localdomain> On Wed, 2008-12-10 at 16:36 +0100, Ciaran Farrell wrote: > Sorry, I should have been more clear about this. One of the discussion > points > was that the CaCert people were worried about liability if their > private key > were somehow to be compromised. They were therefore seeking to force > end users > to accept some type of disclaimer. To do this, they wanted > distributors to > write it directly into the EULA/SLA. Yuck. I'm not sure why they think they would have more liability if Fedora/openSUSE distribute their root certs than they would have if they only distributed them directly to end users. A traditional disclaimer of warranty should suffice in such scenarios. ~spot From johnterhune at gmail.com Tue Dec 16 00:06:37 2008 From: johnterhune at gmail.com (John Terhune) Date: Mon, 15 Dec 2008 16:06:37 -0800 Subject: [Fedora-legal-list] Fedora GPL Violation Message-ID: We recently purchased a traffic shaping network device from a company called Exinda. While the device performs quite well, from looking at a firmware update image I noticed that it was based on Fedora Core. Nowhere in their documentation is it mentioned they are using GPLed software, and there is no offer to release source code. I opened a ticket with them asking for code under the GPL but was ignored. Would this be the appropriate place be to report such a violation? Here is some of the text from the build script included with the firmware image. The bulk of the image is GPG encrypted. BUILD_HOST_OS="LINUX" export BUILD_HOST_OS BUILD_HOST_OS_LC="linux" export BUILD_HOST_OS_LC BUILD_HOST_PLATFORM="LINUX_FEDORA" export BUILD_HOST_PLATFORM BUILD_HOST_PLATFORM_LC="linux_fedora" export BUILD_HOST_PLATFORM_LC BUILD_HOST_PLATFORM_VERSION="CORE6" export BUILD_HOST_PLATFORM_VERSION BUILD_HOST_PLATFORM_VERSION_LC="core6" export BUILD_HOST_PLATFORM_VERSION_LC BUILD_HOST_PLATFORM_FULL="LINUX_FEDORA_CORE6" export BUILD_HOST_PLATFORM_FULL BUILD_HOST_PLATFORM_FULL_LC="linux_fedora_core6" From jwboyer at gmail.com Tue Dec 16 14:04:13 2008 From: jwboyer at gmail.com (Josh Boyer) Date: Tue, 16 Dec 2008 09:04:13 -0500 Subject: [Fedora-legal-list] Fedora GPL Violation In-Reply-To: References: Message-ID: <20081216140413.GA2538@yoda.jdub.homelinux.org> On Mon, Dec 15, 2008 at 04:06:37PM -0800, John Terhune wrote: >We recently purchased a traffic shaping network device from a company >called Exinda. While the device performs quite well, from looking at a >firmware update image I noticed that it was based on Fedora Core. >Nowhere in their documentation is it mentioned they are using GPLed >software, and there is no offer to release source code. I opened a >ticket with them asking for code under the GPL but was ignored. > >Would this be the appropriate place be to report such a violation? > >Here is some of the text from the build script included with the >firmware image. The bulk of the image is GPG encrypted. > > >BUILD_HOST_OS="LINUX" >export BUILD_HOST_OS >BUILD_HOST_OS_LC="linux" >export BUILD_HOST_OS_LC >BUILD_HOST_PLATFORM="LINUX_FEDORA" >export BUILD_HOST_PLATFORM >BUILD_HOST_PLATFORM_LC="linux_fedora" >export BUILD_HOST_PLATFORM_LC >BUILD_HOST_PLATFORM_VERSION="CORE6" >export BUILD_HOST_PLATFORM_VERSION >BUILD_HOST_PLATFORM_VERSION_LC="core6" >export BUILD_HOST_PLATFORM_VERSION_LC >BUILD_HOST_PLATFORM_FULL="LINUX_FEDORA_CORE6" >export BUILD_HOST_PLATFORM_FULL >BUILD_HOST_PLATFORM_FULL_LC="linux_fedora_core6" While I am certainly not a lawyer, the above seems entirely inconclusive to me. I read that as "This was built on a Fedora Core 6 host." That doesn't mean that the image itself contains GPL code. While it may be very likely that it does, I think you need to dig further to figure that out for sure. josh From johnterhune at gmail.com Tue Dec 16 17:06:11 2008 From: johnterhune at gmail.com (John Terhune) Date: Tue, 16 Dec 2008 09:06:11 -0800 Subject: [Fedora-legal-list] Fedora GPL Violation In-Reply-To: <20081216140413.GA2538@yoda.jdub.homelinux.org> References: <20081216140413.GA2538@yoda.jdub.homelinux.org> Message-ID: Ooops, looks like I copied the wrong section of the build script. Build target is much more incriminating than build host. BUILD_TARGET_OS="LINUX" export BUILD_TARGET_OS BUILD_TARGET_OS_LC="linux" export BUILD_TARGET_OS_LC BUILD_TARGET_PLATFORM="LINUX_FEDORA" export BUILD_TARGET_PLATFORM BUILD_TARGET_PLATFORM_LC="linux_fedora" export BUILD_TARGET_PLATFORM_LC BUILD_TARGET_PLATFORM_VERSION="CORE6" export BUILD_TARGET_PLATFORM_VERSION BUILD_TARGET_PLATFORM_VERSION_LC="core6" export BUILD_TARGET_PLATFORM_VERSION_LC BUILD_TARGET_PLATFORM_FULL="LINUX_FEDORA_CORE6" export BUILD_TARGET_PLATFORM_FULL BUILD_TARGET_PLATFORM_FULL_LC="linux_fedora_core6" export BUILD_TARGET_PLATFORM_FULL_LC John On Tue, Dec 16, 2008 at 6:04 AM, Josh Boyer wrote: > On Mon, Dec 15, 2008 at 04:06:37PM -0800, John Terhune wrote: >>We recently purchased a traffic shaping network device from a company >>called Exinda. While the device performs quite well, from looking at a >>firmware update image I noticed that it was based on Fedora Core. >>Nowhere in their documentation is it mentioned they are using GPLed >>software, and there is no offer to release source code. I opened a >>ticket with them asking for code under the GPL but was ignored. >> >>Would this be the appropriate place be to report such a violation? >> >>Here is some of the text from the build script included with the >>firmware image. The bulk of the image is GPG encrypted. >> >> >>BUILD_HOST_OS="LINUX" >>export BUILD_HOST_OS >>BUILD_HOST_OS_LC="linux" >>export BUILD_HOST_OS_LC >>BUILD_HOST_PLATFORM="LINUX_FEDORA" >>export BUILD_HOST_PLATFORM >>BUILD_HOST_PLATFORM_LC="linux_fedora" >>export BUILD_HOST_PLATFORM_LC >>BUILD_HOST_PLATFORM_VERSION="CORE6" >>export BUILD_HOST_PLATFORM_VERSION >>BUILD_HOST_PLATFORM_VERSION_LC="core6" >>export BUILD_HOST_PLATFORM_VERSION_LC >>BUILD_HOST_PLATFORM_FULL="LINUX_FEDORA_CORE6" >>export BUILD_HOST_PLATFORM_FULL >>BUILD_HOST_PLATFORM_FULL_LC="linux_fedora_core6" > > While I am certainly not a lawyer, the above seems entirely > inconclusive to me. I read that as "This was built on a > Fedora Core 6 host." That doesn't mean that the image itself > contains GPL code. > > While it may be very likely that it does, I think you need > to dig further to figure that out for sure. > > josh > From rfontana at redhat.com Wed Dec 17 03:57:09 2008 From: rfontana at redhat.com (Richard Fontana) Date: Tue, 16 Dec 2008 22:57:09 -0500 Subject: [Fedora-legal-list] Fedora GPL Violation In-Reply-To: References: Message-ID: <20081217035709.GA4330@redhat.com> On Mon, Dec 15, 2008 at 04:06:37PM -0800, John Terhune wrote: > We recently purchased a traffic shaping network device from a company > called Exinda. While the device performs quite well, from looking at a > firmware update image I noticed that it was based on Fedora Core. > Nowhere in their documentation is it mentioned they are using GPLed > software, and there is no offer to release source code. I opened a > ticket with them asking for code under the GPL but was ignored. John, Red Hat Legal Affairs is investigating this. Thanks for bringing this to our attention. Regards, Richard E. Fontana Open Source Licensing and Patent Counsel Red Hat, Inc. direct: +1 978 392 2423 mobile: +1 718 344 1545 fax: +1 978 392 1001 mail: rfontana at redhat.com From rjones at redhat.com Thu Dec 18 14:50:35 2008 From: rjones at redhat.com (Richard W.M. Jones) Date: Thu, 18 Dec 2008 14:50:35 +0000 Subject: [Fedora-legal-list] Old Sun RPC license - what is it? Message-ID: <20081218145035.GA8886@amd.home.annexia.org> In PortableXDR [0] we have used some old (1988) Sun RPC code which has the license text below. The question arose during review for inclusion in Fedora[1] what this license is, and whether it can be included in Fedora. Note that this code has been extensively used and modified all over the place, so if this license isn't free, and if Sun didn't relicense it since 1988, then we may have a problem. For example, glibc: http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr.c?rev=1.28&content-type=text/x-cvsweb-markup&cvsroot=glibc also in FreeBSD: http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/xdr/xdr.c?rev=1.15 Suggestions? Rich. ---------------------------------------------------------------------- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape * media and as a part of the software program in whole or part. Users * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 ---------------------------------------------------------------------- [0] http://et.redhat.com/~rjones/portablexdr/ [1] https://bugzilla.redhat.com/show_bug.cgi?id=467324 -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v From tcallawa at redhat.com Thu Dec 18 16:01:40 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Thu, 18 Dec 2008 11:01:40 -0500 Subject: [Fedora-legal-list] Old Sun RPC license - what is it? In-Reply-To: <20081218145035.GA8886@amd.home.annexia.org> References: <20081218145035.GA8886@amd.home.annexia.org> Message-ID: <1229616100.3472.20.camel@localhost.localdomain> On Thu, 2008-12-18 at 14:50 +0000, Richard W.M. Jones wrote: > In PortableXDR [0] we have used some old (1988) Sun RPC code which has > the license text below. The question arose during review for > inclusion in Fedora[1] what this license is, and whether it can be > included in Fedora. > > Note that this code has been extensively used and modified all over > the place, so if this license isn't free, and if Sun didn't relicense > it since 1988, then we may have a problem. Yes, we have a problem. We've been trying to work with Sun to relicense this code under something free and GPL compatible, but things are moving slowly on this front. Until this issue is resolved, nothing new can come into Fedora under that license. I'll try to poke Sun again today. Thanks, ~spot From tibbs at math.uh.edu Fri Dec 19 21:10:30 2008 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: 19 Dec 2008 15:10:30 -0600 Subject: [Fedora-legal-list] MgOpen font license Message-ID: The license for the MgOpen fonts seems almost identical to the Bistream Vera font license: http://www.ellak.gr/fonts/mgopen/index.en.html#license http://www.gnome.org/fonts/#Final_Bitstream_Vera_Fonts Currently our mgopen-fonts pacakge uses "Bitstream Vera" for its license tag, but a query came up in IRC as to whether they really are the same license. The Vera license included a note at the end, after the ALL CAPS section, about the use of certain names in advertising which the MgOpen license does not have, and the MgOpen license included one additional phrase in the third paragraph: "or if the modifications are accepted for inclusion in the Font Software itself by the each appointed Administrator." Are these licenses sufficiently identical to have the same License: tag in Fedora? - J< From nhorman at redhat.com Fri Dec 19 20:31:13 2008 From: nhorman at redhat.com (Neil Horman) Date: Fri, 19 Dec 2008 15:31:13 -0500 Subject: [Fedora-legal-list] License question regarding Hylafax Message-ID: <20081219203113.GR16899@hmsendeavour.rdu.redhat.com> Hey all- I was looking to package Hylafax for fedora, and found that its copyright is rather custom. It looks rather like a creative commons license, but since IANAL, I wasn't 100% sure. Heres their copyright: http://www.hylafax.org/content/Copyright Does that qualify as an acceptible license to package for Fedora? Regards Neil From tibbs at math.uh.edu Fri Dec 19 21:22:49 2008 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: 19 Dec 2008 15:22:49 -0600 Subject: [Fedora-legal-list] License question regarding Hylafax In-Reply-To: <20081219203113.GR16899@hmsendeavour.rdu.redhat.com> References: <20081219203113.GR16899@hmsendeavour.rdu.redhat.com> Message-ID: >>>>> "NH" == Neil Horman writes: NH> I was looking to package Hylafax for fedora, FYI, https://bugzilla.redhat.com//show_bug.cgi?id=188542 I believe the license tag we worked out on that package is "libtiff and BSD with advertising". However, the whole thing is a big mess, with multiple packages all calling themselves "Hylafax" and a package submitter who refuses to rename his package to avoid confusion. If you want to help out with that ticket, I would really appreciate it. It sapped all of my will to deal with it, and now I've been ignoring it for months. - J< From tcallawa at redhat.com Fri Dec 19 21:21:56 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Fri, 19 Dec 2008 16:21:56 -0500 Subject: [Fedora-legal-list] License question regarding Hylafax In-Reply-To: <20081219203113.GR16899@hmsendeavour.rdu.redhat.com> References: <20081219203113.GR16899@hmsendeavour.rdu.redhat.com> Message-ID: <1229721716.3432.117.camel@localhost.localdomain> On Fri, 2008-12-19 at 15:31 -0500, Neil Horman wrote: > Hey all- > I was looking to package Hylafax for fedora, and found that its > copyright is rather custom. It looks rather like a creative commons license, > but since IANAL, I wasn't 100% sure. Heres their copyright: > > http://www.hylafax.org/content/Copyright > > Does that qualify as an acceptible license to package for Fedora? Yeah, that's just MIT. Added as: https://fedoraproject.org/wiki/Licensing/MIT#Hylafax_Variant ~spot From tcallawa at redhat.com Fri Dec 19 21:34:07 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Fri, 19 Dec 2008 16:34:07 -0500 Subject: [Fedora-legal-list] MgOpen font license In-Reply-To: References: Message-ID: <1229722447.3432.118.camel@localhost.localdomain> On Fri, 2008-12-19 at 15:10 -0600, Jason L Tibbitts III wrote: > The Vera license included a note at the end, after > the ALL CAPS section, about the use of certain names in advertising > which the MgOpen license does not have, and the MgOpen license > included one additional phrase in the third paragraph: > "or if the modifications are accepted for inclusion in the Font > Software itself by the each appointed Administrator." These differences are enough for the MgOpen font to merit its own license tag, use: License: MgOpen (added at https://fedoraproject.org/wiki/Licensing/ ) ~spot From abartlet at samba.org Fri Dec 19 23:18:18 2008 From: abartlet at samba.org (Andrew Bartlett) Date: Sat, 20 Dec 2008 10:18:18 +1100 Subject: [Fedora-legal-list] Heads-up on new Samba4 licence Message-ID: <1229728698.3901.8.camel@naomi.s4.naomi.abartlet.net> Samba4 (which is under review for inclusion into Fedora) will soon ship some data (the Active Directory schema) under less-than-usual licence terms. The attached file gives the text. I believe it is no less free than Free licences on Fonts that require redistribution with software. The review ticket is: https://bugzilla.redhat.com/show_bug.cgi?id=453083 If this causes a problem, presumably the packager can strip setup/ad-schema (and the whole server implementation) from the tarball. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. -------------- next part -------------- NOTE: The licence on these schema files is not GPL, or a standard Open Source licence. Be careful to redistribute thes files as part of Samba or 'your implementation', but not alone. -- Intellectual Property Rights Notice for Protocol Documentation Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL's, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft?s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol at microsoft.com. Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From tcallawa at redhat.com Sun Dec 21 15:40:10 2008 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Sun, 21 Dec 2008 10:40:10 -0500 Subject: [Fedora-legal-list] Heads-up on new Samba4 licence In-Reply-To: <1229728698.3901.8.camel@naomi.s4.naomi.abartlet.net> References: <1229728698.3901.8.camel@naomi.s4.naomi.abartlet.net> Message-ID: <1229874010.19374.56.camel@localhost.localdomain> On Sat, 2008-12-20 at 10:18 +1100, Andrew Bartlett wrote: > Samba4 (which is under review for inclusion into Fedora) will soon ship > some data (the Active Directory schema) under less-than-usual licence > terms. > > The attached file gives the text. > > I believe it is no less free than Free licences on Fonts that require > redistribution with software. > > The review ticket is: https://bugzilla.redhat.com/show_bug.cgi?id=453083 > > If this causes a problem, presumably the packager can strip > setup/ad-schema (and the whole server implementation) from the tarball. Andrew, do you know if these specific schemas fall under the OSP? ~spot From musuruan at gmail.com Fri Dec 26 10:50:31 2008 From: musuruan at gmail.com (Andrea Musuruane) Date: Fri, 26 Dec 2008 11:50:31 +0100 Subject: [Fedora-legal-list] xBill legal opinion required Message-ID: <29fee02b0812260250g564e1b38h199c69255fee8cd6@mail.gmail.com> Hi all, I'd like to now if xBill is suitable for inclusion in Fedora: http://www.xbill.org/ License, as stated in the man entry, is GPL (no version specified). My concerns regard the use of various logos in the game. Also note that this game has been packaged until 2001 in Red Hat. Regards, Andrea Musuruane.