[Fedora-marketing-list] Derivate distributions and GPL
Sankarshan Mukhopadhyay
sankar at redhat.com
Mon Jul 17 14:08:08 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patrick W. Barnes wrote:
> To a degree, we already do a lot to enable derivatives. Our licensing,
> trademark guidelines, and packaging processes are all friendly to
> derivatives. The issue at hand is whether or not we would be willing to
> accept responsibility for providing the source code as required by the GPL
> for a downstream distribution. I really don't think we should. I'm happy to
> enable derivatives, but I don't think we should take any responsibility for
> them. We also need to be very careful in establishing any sort of
> relationship with specific derivatives. There are plenty of political and
> liability concerns behind doing so.
The moot issue might just be whether upstream Fedora has the
means/methods/tools to validate that the binaries that are going into
the derivative are in-toto from the upstream repos. The derivative
distribution has the liability to produce sources for the binaries on
demand - if they can substantially establish that the so-claimed
upstream binaries packaged are no different from the ones obtained
through Fedora repos they might just be able to deliver a derivative
distribution.
I am not suggesting that upstream take on the onus for providing the
source, rather what I would like to know whether there can be a means
for the derivative distributions to point to upstream sources as
pristine and hence be able to (re)distribute them towards compliance.
:Sankarshan
ps; I am still looking into the earlier posts on this (MUA freakishness)
so pardon me if I post to a closed issue
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEu5nI+g4kmZ76nyERAtRWAJ9VtBDDTOKDb8LLWAIzRdvtZJje7QCffzzF
BH8/lsqgWCKVtMiMqIBn5Eg=
=2wWl
-----END PGP SIGNATURE-----
More information about the Fedora-marketing-list
mailing list