[aur-general] PKGBUILD that downloads ilegal content
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form). IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I believe it is not in some jurisdictions), but anyone running it is receiving illegal content, so I don't think we should keep it around. I put up a deletion request[2] for this, and the response was "The AUR does not distribute binaries.". While this is true, it does distribute the PKGBUILD for downloading the ilegal binary. This is not a case of "the package can be used to do something possibly illegal", this is a case of "this script was tailored exclusively and with the sole objective of distributing something illegal, and can only be used for that". [1]: https://aur4.archlinux.org/pkgbase/telegram-desktop/ [2]: https://lists.archlinux.org/pipermail/aur-requests/2015-July/007698.html -- Hugo Osvaldo Barrera
Sun, 05 Jul 2015 14:39:01 -0300 Hugo Osvaldo Barrera <hugo@barrera.io>:
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form).
As long as we're not keen on playing Internet Police[tm], there's not much to do here. The "Get Telegram" download might contradict the GPL3 but it's still available and so far no TG developer as done anything about the Github issue [1]. And just to be clear about "distributing" - that term simply doesn't apply to anything not explicitly hosted on the AUR and instead only referenced via source("...") URLs. You're free to publish PKGBUILDs for commercial/binary games, applications, whatever ... just make sure to inform users about the prerequisites. Interactive prompts to accept licenses are common too. --byte [1] https://github.com/telegramdesktop/tdesktop/issues/850
On 05/07, Hugo Osvaldo Barrera wrote:
While this is true, it does distribute the PKGBUILD for downloading the ilegal binary. This is not a case of "the package can be used to do something possibly illegal", this is a case of "this script was tailored exclusively and with the sole objective of distributing something illegal, and can only be used for that".
There is one big flaw with your argumentation: Downloading a binary is not the same as distributing it. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
On 05/07/15 01:39 PM, Hugo Osvaldo Barrera wrote:
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form).
IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I believe it is not in some jurisdictions), but anyone running it is receiving illegal content, so I don't think we should keep it around.
I put up a deletion request[2] for this, and the response was "The AUR does not distribute binaries.".
While this is true, it does distribute the PKGBUILD for downloading the ilegal binary. This is not a case of "the package can be used to do something possibly illegal", this is a case of "this script was tailored exclusively and with the sole objective of distributing something illegal, and can only be used for that".
[1]: https://aur4.archlinux.org/pkgbase/telegram-desktop/ [2]: https://lists.archlinux.org/pipermail/aur-requests/2015-July/007698.html
The AUR doesn't redistribute it. A better complaint would be that the package should have a -bin suffix. It's open source so the unsuffixed version should be built from the sources. The legal issues are upstream's problem as they're the ones choosing to keep illegally distributing it. It's not going to be much of a problem for them because it's unlikely that any of the contributors to the GPL code actually cares. It's a technicality, not something that's actually causing damages or that's ethically wrong. I don't see a good reason to remove it, either from a legal or ethical standpoint. It would only be a problem if Arch was actually distributing it.
On 2015-07-06 13:16, Daniel Micay wrote:
On 05/07/15 01:39 PM, Hugo Osvaldo Barrera wrote:
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form).
IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I believe it is not in some jurisdictions), but anyone running it is receiving illegal content, so I don't think we should keep it around.
I put up a deletion request[2] for this, and the response was "The AUR does not distribute binaries.".
While this is true, it does distribute the PKGBUILD for downloading the ilegal binary. This is not a case of "the package can be used to do something possibly illegal", this is a case of "this script was tailored exclusively and with the sole objective of distributing something illegal, and can only be used for that".
[1]: https://aur4.archlinux.org/pkgbase/telegram-desktop/ [2]: https://lists.archlinux.org/pipermail/aur-requests/2015-July/007698.html
The AUR doesn't redistribute it. A better complaint would be that the package should have a -bin suffix. It's open source so the unsuffixed version should be built from the sources.
I noticed this too, but it didn't worry me as much.
The legal issues are upstream's problem as they're the ones choosing to keep illegally distributing it. It's not going to be much of a problem for them because it's unlikely that any of the contributors to the GPL code actually cares. It's a technicality, not something that's actually causing damages or that's ethically wrong. I don't see a good reason to remove it, either from a legal or ethical standpoint. It would only be a problem if Arch was actually distributing it.
Arch is giving users a tool which has the sole purpose in helping distribute those binaries, and that's a really dark-grey area that might be dangerous to step into, IMHO. -- Hugo Osvaldo Barrera A: Because we read from top to bottom, left to right. Q: Why should I start my reply below the quoted text?
On 07/07, Hugo Osvaldo Barrera wrote:
On 2015-07-06 13:16, Daniel Micay wrote:
The legal issues are upstream's problem as they're the ones choosing to keep illegally distributing it. It's not going to be much of a problem for them because it's unlikely that any of the contributors to the GPL code actually cares. It's a technicality, not something that's actually causing damages or that's ethically wrong. I don't see a good reason to remove it, either from a legal or ethical standpoint. It would only be a problem if Arch was actually distributing it.
Arch is giving users a tool which has the sole purpose in helping distribute those binaries, and that's a really dark-grey area that might be dangerous to step into, IMHO.
Which tool are you talking about that "helps distribute those binaries"? Because, again, downloading a binary isn't the same as distributing it. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
2015-07-05 19:39 GMT+02:00 Hugo Osvaldo Barrera <hugo@barrera.io>:
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form).
IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I believe it is not in some jurisdictions), but anyone running it is receiving illegal content, so I don't think we should keep it around.
Can somebody explain to me, why this binary should be illegal at all? I looked at the site and the code provided, and from what I can see the entire product is covered by the GPLv3. And the license does *not* forbid distributing binaries, it just makes it a requirement to also provide access to the source code. Now we can discuss whether the PKGBUILD in its current form satisfies that requirement (it provides a link to upstream, but not directly to a source download location). Also this implies that upstream is doing something illegal by providing binaries of their own software, which is nonsense. They are free to do whatever they want with their own software. Philipp
On 07/07, Philipp Wolfer wrote:
2015-07-05 19:39 GMT+02:00 Hugo Osvaldo Barrera <hugo@barrera.io>:
There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal to distribute (due to licensing, it may only be distributed in source form).
IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I believe it is not in some jurisdictions), but anyone running it is receiving illegal content, so I don't think we should keep it around.
Can somebody explain to me, why this binary should be illegal at all? I looked at the site and the code provided, and from what I can see the entire product is covered by the GPLv3. And the license does *not* forbid distributing binaries, it just makes it a requirement to also provide access to the source code. Now we can discuss whether the PKGBUILD in its current form satisfies that requirement (it provides a link to upstream, but not directly to a source download location).
Their code is GPLv3. OpenSSL is not and has a GPL-incompatible license, and thus software using the GPLv3 needs a special version of the GPL with an explicit OpenSSL linking exception, otherwise you cannot distribute the software while it links to OpenSSL.
Also this implies that upstream is doing something illegal by providing binaries of their own software, which is nonsense. They are free to do whatever they want with their own software.
It's not nonsense. They can do what they want with their software, yes, but not when it breaks the license of other software they use. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
2015-07-07 11:03 GMT+02:00 Johannes Löthberg <johannes@kyriasis.com>:
On 07/07, Philipp Wolfer wrote:
Their code is GPLv3. OpenSSL is not and has a GPL-incompatible license, and thus software using the GPLv3 needs a special version of the GPL with an explicit OpenSSL linking exception, otherwise you cannot distribute the software while it links to OpenSSL.
Thanks for pointing this out, Johannes
participants (5)
-
Daniel Micay
-
Hugo Osvaldo Barrera
-
Jens Adam
-
Johannes Löthberg
-
Philipp Wolfer