[arch-general] readline GPL violation on two pkgs?
Hi, I just do a quick scan of soft linked with readline and I think that these two pkgs that are linked with readline violates GPL: extra/tftp-hpa community/ngspice Both have the "old" BSD (4-clause) license and is linked with readline that is GPL, so there is an incompatibility [#1] In the case of ngspice recomends to link with libedit to avoid legal issues [#2] Cheers, [#1] http://www.gnu.org/philosophy/license-list.html#OriginalBSD [#2] http://ngspice.sourceforge.net/relinfo.html -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
Le Wed, 24 Jun 2009 01:22:03 -0300, Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> a écrit :
Hi,
I just do a quick scan of soft linked with readline and I think that these two pkgs that are linked with readline violates GPL:
extra/tftp-hpa community/ngspice
Both have the "old" BSD (4-clause) license and is linked with readline that is GPL, so there is an incompatibility [#1]
For tftp-hpa, the license used in the PKGBUILD looks wrong. tftp-hpa is "available under the same license as the "OpenBSD" operating system", and OpenBSD uses a 3-clause license. I guess the packager just copied a part of http://www.openbsd.org/policy.html without looking further : "Berkeley rescinded the 3rd term (the advertising term) on 22 July 1999. Verbatim copies of the Berkeley license in the OpenBSD tree have that term removed." -- catwell
Pierre Chapuis wrote:
Le Wed, 24 Jun 2009 01:22:03 -0300, Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> a écrit :
Hi,
I just do a quick scan of soft linked with readline and I think that these two pkgs that are linked with readline violates GPL:
extra/tftp-hpa community/ngspice
Both have the "old" BSD (4-clause) license and is linked with readline that is GPL, so there is an incompatibility [#1]
For tftp-hpa, the license used in the PKGBUILD looks wrong. tftp-hpa is "available under the same license as the "OpenBSD" operating system", and OpenBSD uses a 3-clause license.
I guess the packager just copied a part of http://www.openbsd.org/policy.html without looking further :
"Berkeley rescinded the 3rd term (the advertising term) on 22 July 1999. Verbatim copies of the Berkeley license in the OpenBSD tree have that term removed."
Hi, See the source code, is "old" BSD, or maybe the author forgot to update the license ? for example tftp/main.c uses 4-clause and uses readline. -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
On Wed, Jun 24, 2009 at 8:05 AM, Gerardo Exequiel Pozzi<vmlinuz386@yahoo.com.ar> wrote:
Pierre Chapuis wrote:
Le Wed, 24 Jun 2009 01:22:03 -0300, Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> a écrit :
Hi,
I just do a quick scan of soft linked with readline and I think that these two pkgs that are linked with readline violates GPL:
extra/tftp-hpa community/ngspice
Both have the "old" BSD (4-clause) license and is linked with readline that is GPL, so there is an incompatibility [#1]
For tftp-hpa, the license used in the PKGBUILD looks wrong. tftp-hpa is "available under the same license as the "OpenBSD" operating system", and OpenBSD uses a 3-clause license.
I guess the packager just copied a part of http://www.openbsd.org/policy.html without looking further :
"Berkeley rescinded the 3rd term (the advertising term) on 22 July 1999. Verbatim copies of the Berkeley license in the OpenBSD tree have that term removed."
Hi,
See the source code, is "old" BSD, or maybe the author forgot to update the license ? for example tftp/main.c uses 4-clause and uses readline.
You think we should just remove the package? We have alternate tftp implementations, right?
On Wed, 2009-06-24 at 11:10 -0500, Aaron Griffin wrote:
See the source code, is "old" BSD, or maybe the author forgot to update the license ? for example tftp/main.c uses 4-clause and uses readline.
You think we should just remove the package? We have alternate tftp implementations, right?
I don't want to be an ass here, but shouldn't we remove openssl too? That is also licensed with a modified 4-clause BSD license, which includes the advertising claim. However, half of the distribution, including GPL2 software, is linked to it. That's actually why GNUTLS was developed. I don't know if it's impossible for a 4-clause BSD licensed product to link to GPL libraries, but the other way around is not possible at least. That's why Debian has been stuck with OpenLDAP 2.1.30 for so long: they had patched up OpenLDAP to use GNUTLS instead of openssl to get rid of the advertisement claim in OpenSSL so libldap stays usable for GPL projects.
Jan de Groot wrote:
On Wed, 2009-06-24 at 11:10 -0500, Aaron Griffin wrote:
See the source code, is "old" BSD, or maybe the author forgot to
update
the license ? for example tftp/main.c uses 4-clause and uses
readline.
You think we should just remove the package? We have alternate tftp implementations, right?
No, just do not link to readline. This action will depend on how much importance is given to the licenses in Arch.
This is why the question mark in the title ;) Personally I don't care if link or not link for these issues in licenses.
I don't want to be an ass here, but shouldn't we remove openssl too?
ugh!, this is ugly. And if we get in tight, there are conflicts between different versions of the GPL, this is ugly. To this are the lawyers, who enjoy these things, and not for us who are programmers, right? Good Luck. -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
On Wed, Jun 24, 2009 at 5:36 PM, Gerardo Exequiel Pozzi<vmlinuz386@yahoo.com.ar> wrote:
Jan de Groot wrote:
On Wed, 2009-06-24 at 11:10 -0500, Aaron Griffin wrote:
See the source code, is "old" BSD, or maybe the author forgot to
update
the license ? for example tftp/main.c uses 4-clause and uses
readline.
You think we should just remove the package? We have alternate tftp implementations, right?
No, just do not link to readline. This action will depend on how much importance is given to the licenses in Arch.
This is why the question mark in the title ;) Personally I don't care if link or not link for these issues in licenses.
I don't want to be an ass here, but shouldn't we remove openssl too?
ugh!, this is ugly.
And if we get in tight, there are conflicts between different versions of the GPL, this is ugly. To this are the lawyers, who enjoy these things, and not for us who are programmers, right?
Good Luck.
To paraphrase what Thomas said to me: This is all free software, we should be able to use free software with other free software, damnit. It seems to go against the spirit to do things like this. I like this sentiment. I mean, I get that there are zealots out there who strongly believe in their Chosen License as if it were a soccer team, but seriously - it's all free software, and we may be subtly violating the letter of the license, but the letter of the license is violating the _spirit_ of the license.
Aaron Griffin wrote:
And if we get in tight, there are conflicts between different versions of the GPL, this is ugly. To this are the lawyers, who enjoy these things, and not for us who are programmers, right?
Good Luck.
To paraphrase what Thomas said to me: This is all free software, we should be able to use free software with other free software, damnit. It seems to go against the spirit to do things like this. I like this sentiment. I mean, I get that there are zealots out there who strongly believe in their Chosen License as if it were a soccer team, but seriously - it's all free software, and we may be subtly violating the letter of the license, but the letter of the license is violating the _spirit_ of the license.
Ok Aaron thanks for the clarification :) I liked this phrase: "...but the letter of the license is violating the _spirit_ of the license" ;) -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
Excerpts from Gerardo Exequiel Pozzi's message of Wed Jun 24 21:51:14 -0400 2009:
Aaron Griffin wrote:
And if we get in tight, there are conflicts between different versions of the GPL, this is ugly. To this are the lawyers, who enjoy these things, and not for us who are programmers, right?
Good Luck.
To paraphrase what Thomas said to me: This is all free software, we should be able to use free software with other free software, damnit. It seems to go against the spirit to do things like this. I like this sentiment. I mean, I get that there are zealots out there who strongly believe in their Chosen License as if it were a soccer team, but seriously - it's all free software, and we may be subtly violating the letter of the license, but the letter of the license is violating the _spirit_ of the license.
Ok Aaron thanks for the clarification :)
I liked this phrase: "...but the letter of the license is violating the _spirit_ of the license" ;)
This may be bad thinking, but to be honest -- is Stallman, Linus, or <BSD Guy> _really_ going to sue a fellow open source program / distro for just using their stuff? -- Andrei Thorp, Developer: Xandros Corp. (http://www.xandros.com)
Ever heard of .cshrc? That's a city in Bosnia. Right? -- Discussion in comp.os.linux.misc on the intuitiveness of commands
To paraphrase what Thomas said to me: This is all free software, we should be able to use free software with other free software, damnit.
And you are! You *are* free to use any free software with any other. The only problem is with distribution of binary/compiled/linked packages :) Install everything from ABS and you are 100% legit
It seems to go against the spirit to do things like this. I like this sentiment. I mean, I get that there are zealots out there who strongly believe in their Chosen License as if it were a soccer team, but seriously - it's all free software, and we may be subtly violating the letter of the license, but the letter of the license is violating the _spirit_ of the license.
-- damjan
On Thursday 25 June 2009 11:01:18 am Damjan Georgievski wrote:
To paraphrase what Thomas said to me: This is all free software, we should be able to use free software with other free software, damnit.
And you are! You *are* free to use any free software with any other. The only problem is with distribution of binary/compiled/linked packages :)
Install everything from ABS and you are 100% legit
It seems to go against the spirit to do things like this. I like this sentiment. I mean, I get that there are zealots out there who strongly believe in their Chosen License as if it were a soccer team, but seriously - it's all free software, and we may be subtly violating the letter of the license, but the letter of the license is violating the _spirit_ of the license.
1. Start Here: http://www.fsf.org/licensing/licenses/ Note: GPLv3 is not compatible with GPLv2 *by itself*. However, *most software* released under GPLv2 allows you to use the terms of later versions of the GPL as well. When this is the case, you can use GPL2 code under GPLv3 to make the desired combination. The *only time* you may not be able to combine code under two GPL licenses is when you want to use code that's *only* under an older version of a license with code that's under a newer version. HOW DO YOU TELL? 2. Read the GPL V2 license included with whatever package or library you are looking at. Go to section 9 of the GPLV2 license included with the code. If section 9 reads: " 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation." Then no mixed licensing issue apply and the GPL2 code can be used without issue in GPL3 release code. Only if the paragraph: "Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation." is *NOT* included in the GLP2 license of the code you want to use, then check the compatibility matrix below to determine if a compatibility issue exists: http://www.fsf.org/licensing/licenses/gpl-faq.html#AllCompatibility 3. If, and only if, a compatibility issues still remains after you have completed steps 1 & 2, then you will need to contact the author for permission to re-license. P.S. Note: nothing contained here constitutes legal advise, rather it is simply a handy reference with the applicable links and text provided to allow you to analyze whether a potential for a licensing conflict exists. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com
participants (7)
-
Aaron Griffin
-
Andrei Thorp
-
Damjan Georgievski
-
David C. Rankin
-
Gerardo Exequiel Pozzi
-
Jan de Groot
-
Pierre Chapuis