Re: unknown license for package/debian/* in d/copyright in adopted package

[Ben Finney]

Ian Jackson  writes:

> Ben Finney writes ("Re: unknown license for package/debian/* in d/copyright 
> in adopted package"):
> > Are there messages in that file that could be removed? I typically
> > try to get a single message from the copyright holder, that contains
> > an explicit and unambiguous grant of a specific license.
>
> I think it is better not to bother upstream with pointless
> administrivia.

Given an appropriate definition of “pointless administrivia”, of course
I agree with that.

I'm responding (belatedly) to your request for feedback on the
*existing* record of correspondence :-)

-- 
 \“… no testimony can be admitted which is contrary to reason; |
  `\   reason is founded on the evidence of our senses.” —Percy Bysshe |
_o__)Shelley, _The Necessity of Atheism_, 1811 |
Ben Finney

Re: unknown license for package/debian/* in d/copyright in adopted package

[Ian Jackson]

Ben Finney writes ("Re: unknown license for package/debian/* in d/copyright in 
adopted package"):
> Are there messages in that file that could be removed? I typically try
> to get a single message from the copyright holder, that contains an
> explicit and unambiguous grant of a specific license.

I think it is better not to bother upstream with pointless
administrivia.

Ian.

Re: [licence] specific licenses for backdoor-factory software

[Ian Jackson]

p...@reseau-libre.net writes ("[licence] specific licenses for backdoor-factory 
software"):
> I'm currently packaging "backdoor-factory" for the pkg-security team. 
> The tool is already in kali.
> The upstream sources are hosted here:
> https://github.com/secretsquirrel/the-backdoor-factory
> 
> The main tool is based on the  following license file (LICENSE.txt) :
> ---8<---
> Copyright (c) 2013-2016, Joshua Pitts
> All rights reserved.
> 
> Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions
> are met:

This is a perfectly fine licence very like the 3-clause BSD.

However:

> The upstream sources also contain a subdir (not required for the tool 
> but existing in the upstream git repository), containing the tool aPlib 
> (a compression library).
> This tool is using the following license (looks like common license), 
> file aPLib/readme.txt:

This is evidently a homegrown licence text written by someone without
the necessary legal knowledge.

Unfortunately:

> You may not edit or reverse engineer any of the files (except the
> header files and the decompression code, which you may edit as long
> as you do not remove the copyright notice).

This is clearly non-free.  It forbids modification.

> - Is the main software legaly acceptable for Debian ?


The upstream part is fine.  But:

> - Do i need to clean the upstream (deleting aPlib dir) making a dfsg 
> package

Yes.

> or the upstream can be kept in the source package untouched if 
> the aPlib is not installed in the bin packages ?

No.  Debian's practice is to require the removal of non-free
components from source packages, even if they are supposedly not
touched by the build.  This ensures that there is no accidental
dependency of the non-free parts.


Will the program build and work without aPlib ?  Why would it ship
with its own compression library ?

In the medium to long term it might be worth asking upstream to either
drop their special compression library, or fix the licence (best done
by choosing an existing widely-used Free Software licence).

Regards,
Ian.

Re: zstd: PATENTS application to copyright

[Ian Jackson]

Jeff Epler writes ("Re: zstd: PATENTS application to copyright"):
> Apparently,
> https://github.com/facebook/zstd
> https://github.com/facebook/zstd/blob/dev/LICENSE
> https://github.com/facebook/zstd/blob/dev/PATENTS
> 
> Contents of .../LICENSE of this date:
> BSD License

This is all fine.

The copyright licence is a standard 3-clause BSD, and totally
DFSG-free.


The patent licence is a very usual kind of permissive patent licence.
Some people on debian-legal object to the software patent retaliation
termination clause, but I think it is fine and many similar licences
can be found in main.

And anyway, in the absence of known problems, we do not normally
investigate patents in software we are considering accepting.  Doing
such investigations is ill-advised:
  https://www.debian.org/legal/patent.en.html
  https://www.debian.org/reports/patent-faq.en.html


Ian.