[aur-general] Copyrighted source on https://aur.archlinux.org/

Tue Jun 25 17:17:20 UTC 2019

On 6/25/19 10:53 AM, Jones, Philip via aur-general wrote:
> Jerome
> 
> I appreciate that the package
> (https://aur.archlinux.org/packages/libccmio/) is not hosted on the
> site but if you Google " libccmio-2.6.1.tar.gz" it is the top hit.

This sounds like an SEO problem, have you tried contacting Google to
discuss why your brand is being diluted by links to some unofficial
website? I'm afraid we don't have any power over this, though.

Note that the Google SEO ranking is an unrelated matter -- it does not
have an impact on the legality of the use of the package.

If the package is hosting copyright-infringing content, then the package
is illegal to distribute, regardless of its SEO ranking.

If the package is *not* hosting copyright-infringing content, then the
package is completely legal to distribute, again regardless of its SEO
ranking.

> The source has a copyright that states  “The unauthorized use,
> distribution, or duplication of this program is prohibited.”

And indeed, we do not use, distribute, or duplicate the libccmio
program. We do, however, host a tutorial (in script form) that teaches
people how they can, on their own, acquire and use the program.

As far as I am aware, this tutorial is legal.

One potential concern is the link itself: is the
https://portal.nersc.gov/ website illegally redistributing this source
code? If so, have you tried talking to them about it?

> I don’t want to enter into a legal argument if the link is
> distribution or not, all I ask is that the listing be removed as a
> matter of courtesy. The material is clearly not designed to be
> publicly distributed.

There is no legal argument if the link is distribution -- it may be
advocacy (or "contributory copyright infringement"), but distribution is
a whole 'nother kettle of fish. :/ But as far as I can tell, it all
boils down to whether that link is legally distributing the product. It
is plainly distributing it in some manner...

If I look at the google search links following the AUR search result, I
see many search results all pointing to the OpenFOAM developer resources
and source code repositories. For example,
https://github.com/OpenFOAM/ThirdParty-6#miscellaneous

Since the libccmio source code linked in the AUR build tutorial/script
is also used all over by the OpenFOAM project, it seems that it is being
publicly distributed for the sake of many people. Is this infringement
as well? Have you discussed this with them?

The AUR package is only used by the AUR build tutorial/script for
OpenFOAM, so my guess is that this primarily impacts OpenFOAM users --
one of whom has converted existing OpenFOAM documentation into
AUR-compatible documentation.

The OpenFOAM documentation exists irrespective of the existence of this
AUR package, and if the latter is removed, the former will graduate to
being the top Google search result anyway, so it is probably worth
looking into that either way (and fixing the root of the problem, which
is the distribution by https://portal.nersc.gov/ which may or may not
have the right to do so).

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190625/8d216e69/attachment.sig>