On Wed, May 24, 2017 at 2:42 PM, lumin wrote: > Hi Debian Legal Team,
debian-legal are not Debian's legal advisors, just a bunch of people subscribed to a mailing list. > I intend to package[1] a proprietary deep learning > library named "cuDNN"[2], which is definitely useful > to deep learning researchers. Personally I would like to see the amount of proprietary nVidia stuff in Debian reduced, not increased. I would suggest focussing your efforts on OpenCL/Vulkan based and open source deep learning libraries instead of proprietary stuff that only acts as lock-in for other proprietary nVidia technologies (CUDA). > @lyeager kindly provided some help[3] on this but I'm > not really good at these legal terms. > > Generally, to download the cudnn library, one needs > to fist register or login at nvidia's website. Next, > the user is required to click "I agree ..."[4] to continue. > Now the secured library download link is exposed to the user.[5] The license you linked to both allows and disallows redistribution, seems like it needs a rewrite to be less bizarre. The allowance of distribution is time-limited. Personally I would not be comfortable distributing this and I do not think that Debian should do so either. > Initially I don't think such a well-protected proprietary > can be distributed by Debian, untill I find this package > in Archlinux's community repo[6]. They may be relying on the clauses allowing time-limited redistribution, or they may have simply not read the EULA. > I don't know how the Arch guys achieved this but in their > PKGBUILD file (arch packaging script) there is a anonymously > downloadable link to the cudnn library[7]. What is notable > is the "redist" keyword in the URL. I can't find this "redist" > URL in nvidia's website. Probably nVidia need to remove this redist directory from their website, since it is supposed to be only distributed behind a click-wrap license. > What makes me more confused is nvidia legal guy's word conveyed > by @lyeager [8]. Once a package is uploaded to the Archive, isn't > the distributor (legally) the Debian Organization? It's so weird > for an individual to take the role of distributor for a package > in Archive and I think it's impossible. There is a long chain of many distributors: firstly you distribute it to mentors.d.n, then mentors.d.n distributes it to your sponsor, then your sponsor distributes it to Debian ftpmasters, then Debian ftpmasters distribute it to Debian mirrors and CD vendors, then Debian mirrors and CD vendors distribute it to Debian users, then Debian derivatives (Ubuntu etc) distribute it to their mirrors and users. Every one of those is potentially liable if they have been found to do something illegal. -- bye, pabs https://wiki.debian.org/PaulWise