Re: unknown license for package/debian/* in d/copyright in adopted package

[Ben Finney]

Ian Jackson  writes:

> Do you agree that my mail exchange as found in the sympathy package is
> a good example of how to ask these questions, and how to record the
> answers ?

Ian Jackson  writes:

> I meant this, which I provided a link to earlier:
>   https://browse.dgit.debian.org/sympathy.git/tree/COPYING.emails

Yes, that's a good record of the conversation.

It'd be better IMO if it included each message's Message-ID field, or
some other URI for each message so that the parties in the conversation
can later verify that it matches their own record of the discussion.

Are there messages in that file that could be removed? I typically try
to get a single message from the copyright holder, that contains an
explicit and unambiguous grant of a specific license.

Often that isn't forthcoming as clearly as we might like, because of how
the correspondence unfolds. I appreciate that you pressed for that in
the discussion for ‘sympathy’. Maybe that's just an example of a case
where no one message will clearly show the grant of license, and the
whole set needs to be examined.

-- 
 \“If it ain't bust don't fix it is a very sound principle and |
  `\  remains so despite the fact that I have slavishly ignored it |
_o__) all my life.” —Douglas Adams |
Ben Finney

Re: [licence] specific licenses for backdoor-factory software

[Paul Wise]

On Tue, May 30, 2017 at 8:45 PM, Philippe THIERRY wrote:

> The main tool is based on the  following license file (LICENSE.txt) :

This is almost identical to the 3-clause BSD license, the only change
is s/university|regents/copyright holder/

> You may not redistribute aPLib without all of the files.

May violate DFSG item 3.

> You may not edit or reverse engineer any of the files (except the header
> files and the decompression code, which you may edit as long as you do not 
> remove
> the copyright notice).

May violate DFSG item 5.

> You may not sell aPLib, or any part of it, for money (except for charging
> for the media).

May violate DFSG item 6.

> - Is the main software legaly acceptable for Debian ?

The 3-clause BSD license is a very common DFSG-free license.

> - Do i need to clean the upstream (deleting aPlib dir) making a dfsg package
> or the upstream can be kept in the source package untouched if the aPlib is
> not installed in the bin packages ?

If you want the source package in Debian main, it must be fully
DFSG-free. So your options are to either put the whole thing in
non-free, strip the aPlib dir or convince the aPlib copyright holders
to release it under a DFSG-free license.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: zstd: PATENTS application to copyright

[Mathieu Malaterre]

On Tue, May 30, 2017 at 2:56 PM, Ben Finney  wrote:
> Jeff Epler  writes:
>
>> Apparently,
>> https://github.com/facebook/zstd
>> https://github.com/facebook/zstd/blob/dev/LICENSE
>> https://github.com/facebook/zstd/blob/dev/PATENTS
>
> Thank you for this, and for the complete text of the conditions. It
> allows discussion to be more easily read in the archives of this forum.
>
>
>> Contents of .../LICENSE of this date:
>> BSD License
>>
>> For Zstandard software
>> […]
>
> That is a standard 3-clauses BSD license. It grants all the
> DFSG-required freedoms to every recipient.
>
>> Copyright (c) 2016-present, Facebook, Inc. All rights reserved.
>
> The “All rights reserved” is legal twaddle AFAICT, because it is then
> immediately contradicted by *granting* some rights to the recipient.
>
> The “Copyright (c) 2016-present” is an overreach. Copyright inheres when
> a work is published – fixed in a medium of expression – not forever into
> the future, whenever the “present” that the document is being read.
>
> Neither of those is a DFSG problem, I believe. They do exhibit a
> troubling disregard for the proper limits to copyright.
>
>
>> Contents of .../PATENTS of this date:
>> Additional Grant of Patent Rights Version 2
>>
>> "Software" means the Zstandard software distributed by Facebook, Inc.
>>
>> Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software
>> ("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable
>> (subject to the termination provision below) license under any Necessary
>> Claims, to make, have made, use, sell, offer to sell, import, and otherwise
>> transfer the Software.
>
> I'm less familiar with the effects of wording in patent law. This has
> the appearance of granting limited license to exercise patents held by
> Facebook.
>
>> The license granted hereunder will terminate, automatically and
>> without notice, if you […]
>
> What is “hereunder” intended to mean? No license is granted following
> that text; the only license granted in this document is *above* (prior
> to) this text.
>
> Does it mean “the license granted below”? If so, it appears to be null,
> because there is no such license.
>
> Does it mean “the license granted in this document”? If so, this clause
> is attempting to punish patent attacks with revocation of the patent
> license granted above.
>
>
> This clause is activated when the recipient asserts a proprietary idea
> patent over some other party's use of that idea.
>
> I am quite sure the act of asserting software idea patents is not a
> freedom anyone is guaranteed in free software; indeed, it is violently
> contrary to software freedom.
>
> So, because it does not appear to limit any DFSG freedom, this clause
> appears to me to be no problem for the DFSG.

OK, I understand your point. Thanks for your time.

[licence] specific licenses for backdoor-factory software

[phil]

Hi,

I'm currently packaging "backdoor-factory" for the pkg-security team. 
The tool is already in kali.

The upstream sources are hosted here:
https://github.com/secretsquirrel/the-backdoor-factory

The main tool is based on the  following license file (LICENSE.txt) :
---8<---
Copyright (c) 2013-2016, Joshua Pitts
All rights reserved.

Redistribution and use in source and binary forms, with or without 
modification,

are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright 
notice,

this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright 
notice,
this list of conditions and the following disclaimer in the 
documentation

and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its 
contributors
may be used to endorse or promote products derived from this 
software without

specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 
IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS 
BE

LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 
THE

POSSIBILITY OF SUCH DAMAGE.
---8<---

The upstream sources also contain a subdir (not required for the tool 
but existing in the upstream git repository), containing the tool aPlib 
(a compression library).
This tool is using the following license (looks like common license), 
file aPLib/readme.txt:


---8<---
[...]

License
---

aPLib is freeware. If you use aPLib in a product, an acknowledgement 
would be
appreciated, e.g. by adding something like the following to the 
documentation:


This product uses the aPLib compression library,
Copyright (c) 1998-2014 Joergen Ibsen, All Rights Reserved.
For more information, please visit: http://www.ibsensoftware.com/

You may not redistribute aPLib without all of the files.

You may not edit or reverse engineer any of the files (except the header 
files
and the decompression code, which you may edit as long as you do not 
remove

the copyright notice).

You may not sell aPLib, or any part of it, for money (except for 
charging for

the media).

#ifndef COMMON_SENSE

This software is provided "as is". In no event shall I, the author, 
be
liable for any kind of loss or damage arising out of the use, abuse 
or
the inability to use this software. USE IT ENTIRELY AT YOUR OWN 
RISK!


This software comes without any kind of warranty, either expressed 
or

implied, including, but not limited to the implied warranties of
merchantability or fitness for any particular purpose.

If you do not agree with these terms or if your jurisdiction does 
not
allow the exclusion of warranty and liability as stated above you 
are

NOT allowed to use this software at all.

#else

Bla bla bla .. the usual stuff - you know it anyway:

If anything goes even remotely wrong - blame _yourself_, NOT me!

#endif
---8<---

- Is the main software legaly acceptable for Debian ?
- Do i need to clean the upstream (deleting aPlib dir) making a dfsg 
package or the upstream can be kept in the source package untouched if 
the aPlib is not installed in the bin packages ?


Thanks a lot for your response,
--
Philippe THIERRY.

Re: zstd: PATENTS application to copyright

[Ben Finney]

Jeff Epler  writes:

> Apparently,
> https://github.com/facebook/zstd
> https://github.com/facebook/zstd/blob/dev/LICENSE
> https://github.com/facebook/zstd/blob/dev/PATENTS

Thank you for this, and for the complete text of the conditions. It
allows discussion to be more easily read in the archives of this forum.


> Contents of .../LICENSE of this date:
> BSD License
>
> For Zstandard software
> […]

That is a standard 3-clauses BSD license. It grants all the
DFSG-required freedoms to every recipient.

> Copyright (c) 2016-present, Facebook, Inc. All rights reserved.

The “All rights reserved” is legal twaddle AFAICT, because it is then
immediately contradicted by *granting* some rights to the recipient.

The “Copyright (c) 2016-present” is an overreach. Copyright inheres when
a work is published – fixed in a medium of expression – not forever into
the future, whenever the “present” that the document is being read.

Neither of those is a DFSG problem, I believe. They do exhibit a
troubling disregard for the proper limits to copyright.


> Contents of .../PATENTS of this date:
> Additional Grant of Patent Rights Version 2
>
> "Software" means the Zstandard software distributed by Facebook, Inc.
>
> Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software
> ("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable
> (subject to the termination provision below) license under any Necessary
> Claims, to make, have made, use, sell, offer to sell, import, and otherwise
> transfer the Software.

I'm less familiar with the effects of wording in patent law. This has
the appearance of granting limited license to exercise patents held by
Facebook.

> The license granted hereunder will terminate, automatically and
> without notice, if you […]

What is “hereunder” intended to mean? No license is granted following
that text; the only license granted in this document is *above* (prior
to) this text.

Does it mean “the license granted below”? If so, it appears to be null,
because there is no such license.

Does it mean “the license granted in this document”? If so, this clause
is attempting to punish patent attacks with revocation of the patent
license granted above.


This clause is activated when the recipient asserts a proprietary idea
patent over some other party's use of that idea.

I am quite sure the act of asserting software idea patents is not a
freedom anyone is guaranteed in free software; indeed, it is violently
contrary to software freedom.

So, because it does not appear to limit any DFSG freedom, this clause
appears to me to be no problem for the DFSG.

-- 
 \ “No great artist ever sees things as they really are. If he |
  `\did, he would cease to be an artist.” —Oscar Wilde, _The Decay |
_o__)  of Lying_, 1889 |
Ben Finney

Re: zstd: PATENTS application to copyright

[Jeff Epler]

Apparently,
https://github.com/facebook/zstd
https://github.com/facebook/zstd/blob/dev/LICENSE
https://github.com/facebook/zstd/blob/dev/PATENTS

Contents of .../LICENSE of this date:
BSD License

For Zstandard software

Copyright (c) 2016-present, Facebook, Inc. All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

 * Redistributions of source code must retain the above copyright notice, this
   list of conditions and the following disclaimer.

 * Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution.

 * Neither the name Facebook nor the names of its contributors may be used to
   endorse or promote products derived from this software without specific
   prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Contents of .../PATENTS of this date:
Additional Grant of Patent Rights Version 2

"Software" means the Zstandard software distributed by Facebook, Inc.

Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software
("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable
(subject to the termination provision below) license under any Necessary
Claims, to make, have made, use, sell, offer to sell, import, and otherwise
transfer the Software. For avoidance of doubt, no license is granted under
Facebook’s rights in any patent claims that are infringed by (i) modifications
to the Software made by you or any third party or (ii) the Software in
combination with any software or other technology.

The license granted hereunder will terminate, automatically and without notice,
if you (or any of your subsidiaries, corporate affiliates or agents) initiate
directly or indirectly, or take a direct financial interest in, any Patent
Assertion: (i) against Facebook or any of its subsidiaries or corporate
affiliates, (ii) against any party if such Patent Assertion arises in whole or
in part from any software, technology, product or service of Facebook or any of
its subsidiaries or corporate affiliates, or (iii) against any party relating
to the Software. Notwithstanding the foregoing, if Facebook or any of its
subsidiaries or corporate affiliates files a lawsuit alleging patent
infringement against you in the first instance, and you respond by filing a
patent infringement counterclaim in that lawsuit against that party that is
unrelated to the Software, the license granted hereunder will not terminate
under section (i) of this paragraph due to such counterclaim.

A "Necessary Claim" is a claim of a patent owned by Facebook that is
necessarily infringed by the Software standing alone.

A "Patent Assertion" is any lawsuit or other action alleging direct, indirect,
or contributory infringement or inducement to infringe any patent, including a
cross-claim or counterclaim.

Re: zstd: PATENTS application to copyright

[Ben Finney]

Mathieu Malaterre  writes:

> I cannot find any older thread discussing zstd being in the main
> section of Debian, so I am raising the subject just for later
> reference.

Can you post the URL to the code base being discussed? Also, the full
text of the license conditions recipients receive.

-- 
 \   “My mind is incapable of conceiving such a thing as a soul. I |
  `\ may be in error, and man may have a soul; but I simply do not |
_o__)  believe it.” —Thomas Edison |
Ben Finney

zstd: PATENTS application to copyright

[Mathieu Malaterre]

Hi there,

I cannot find any older thread discussing zstd being in the main
section of Debian, so I am raising the subject just for later
reference.

Could someone please confirm this is acceptable for main, in
particular the section: "The license granted hereunder will terminate,
", see below for full reference.

Thanks much !

```
Additional Grant of Patent Rights Version 2

"Software" means the Zstandard software distributed by Facebook, Inc.

Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software
("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable
(subject to the termination provision below) license under any Necessary
Claims, to make, have made, use, sell, offer to sell, import, and otherwise
transfer the Software. For avoidance of doubt, no license is granted under
Facebook’s rights in any patent claims that are infringed by (i) modifications
to the Software made by you or any third party or (ii) the Software in
combination with any software or other technology.

The license granted hereunder will terminate, automatically and without notice,
if you (or any of your subsidiaries, corporate affiliates or agents) initiate
directly or indirectly, or take a direct financial interest in, any Patent
Assertion: (i) against Facebook or any of its subsidiaries or corporate
affiliates, (ii) against any party if such Patent Assertion arises in whole or
in part from any software, technology, product or service of Facebook or any of
its subsidiaries or corporate affiliates, or (iii) against any party relating
to the Software. Notwithstanding the foregoing, if Facebook or any of its
subsidiaries or corporate affiliates files a lawsuit alleging patent
infringement against you in the first instance, and you respond by filing a
patent infringement counterclaim in that lawsuit against that party that is
unrelated to the Software, the license granted hereunder will not terminate
under section (i) of this paragraph due to such counterclaim.

A "Necessary Claim" is a claim of a patent owned by Facebook that is
necessarily infringed by the Software standing alone.

A "Patent Assertion" is any lawsuit or other action alleging direct, indirect,
or contributory infringement or inducement to infringe any patent, including a
cross-claim or counterclaim.
```

Ref: 
http://metadata.ftp-master.debian.org/changelogs/main/libz/libzstd/unstable_copyright