[aur-general] PKGBUILD that downloads ilegal content

[Johannes Löthberg]

On 07/07, Philipp Wolfer wrote:
>2015-07-05 19:39 GMT+02:00 Hugo Osvaldo Barrera <hugo at barrera.io>:
>
>> There's a PKGBUILD[1] on the AUR that downloads a binary that is illegal
>> to distribute (due to licensing, it may only be distributed in source
>> form).
>>
>> IMHO, it's a bit of a grey area if the PKGBUILD is legal or not (I
>> believe it is not in some jurisdictions), but anyone running it is
>> receiving illegal content, so I don't think we should keep it around.
>>
>
>Can somebody explain to me, why this binary should be illegal at all? I
>looked at the site and the code provided, and from what I can see the
>entire product is covered by the GPLv3. And the license does *not* forbid
>distributing binaries, it just makes it a requirement to also provide
>access to the source code. Now we can discuss whether the PKGBUILD in its
>current form satisfies that requirement (it provides a link to upstream,
>but not directly to a source download location).
>

Their code is GPLv3. OpenSSL is not and has a GPL-incompatible license, 
and thus software using the GPLv3 needs a special version of the GPL 
with an explicit OpenSSL linking exception, otherwise you cannot 
distribute the software while it links to OpenSSL.


>Also this implies that upstream is doing something illegal by providing
>binaries of their own software, which is nonsense. They are free to do
>whatever they want with their own software.
>

It's not nonsense. They can do what they want with their software, yes, 
but not when it breaks the license of other software they use.

-- 
Sincerely,
  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1495 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20150707/77b0966a/attachment.asc>