Re: no need to keep non-copylefted files that way in a copylefted project. (was Re: FRR package in Debian violates the GPL licence)

[Paul Jakma]

On Thu, 21 Mar 2019, Giacomo Tesio wrote:

What you say is: I could replace the "Harry Potter and the Sorcerer's 
Stone" with another novel under the same name "Harry Potter and the 
Sorcerer's Stone" and with the same characters (data structures, 
enums...) and places (functions, macros...) AND and a compatible plot 
that wouldn't completely change the meaning of the following Rowling's 
books WITHOUT complying with Rowling copyright.


The structure and the plot of a (non-trivial) novel is subject to 
copyright. Similarly, the architecture or structure of a computer 
programme may be subject to copyright (in England, and places that may 
pay some heed to reasoning in judgements there; e.g, Ibcos .. v Barclays 
1994). Copying these can infringe copyright - without /any/ literal 
copying, without any explicit referencing.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Boob's Law:
You always find something in the last place you look.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:


Paul Jakma  writes:

On Wed, 20 Mar 2019, Ole Streicher wrote:

#include 
int main(void) { zlog_rotate(); return 0; }



This work is completely based on my own, there is no intellectual 
property of someone else in my source code.


Except for the big "zlog_rotate" there that you're building on, provides 
all the functionality, and which must be understood to understand what 
this programme does.


Read Giacomo's email, with the fan fiction example.

Anyway, the advice I have is that the code at issue is a derived work of 
GPL code I hold copyright in, and it must be distributed under the terms 
of the GPL.


You have a view of copyright which seems at odds with the legal opinions 
I'm aware of and there's no point us going in circles on that.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
"The great question... which I have not been able to answer... is, `What does
woman want?'"
-- Sigmund Freud

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:


My example

#include 
int main(void) { zlog_rotate(); return 0; }

is not an adaption of any GPL code. It is fully written by my
own.


It is written by you, and you have copyright in it (in some way, I 
have the vague idea there can be complex legal details in that).


However, assuming this "zlog_rotate" function is non-trivial and a 
copyrightable work, then the holder of the copyright in "zlog_rotate" 
/also/ has copyright in your work. For your work is based upon the 
"zlog_rotate" work - it /is/ an adaptation of it.


I know there are many programmers who can't get their head around that, 
however I don't believe that's at all contraversial amongst lawyers.



Therefore, I don't need to respect the GPL to distribute it. The
same is true for the FRR code as far as I have seen it.


This is where you're at odds with the solicitors I have had advice from.

Otherwise you must point to a certain code file and prove that it 
contains code which is a modified copy of an GPLed file. Which you not 
did yet.


I have given examples of files where the legal advice is that they are 
derived works of the GPL code.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Armadillo:
To provide weapons to a Spanish pickle.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:


GPLv2, section 2 explicitly allows aggregation:

| In addition, mere aggregation of another work not based on the Progra


How can this apply to a derived work, which is based on the GPL work?

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The public is an old woman.  Let her maunder and mumble.
-- Thomas Carlyle

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, David Given wrote:


they're all standalone modules being used in a library context.


Derived works of GPL code must be licensed under the GPL too.

Whether that code has one kind of object file header or another 
prepended to it is a low-level technical implementation detail which no 
lawyer I've dealt with seems to think has much bearing on this.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
But what can you do with it?
-- ubiquitous cry from Linux-user partner

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, David Given wrote:


- I *can* take your GPL code and turn it into a GPL library. That's what
the GPL is for. I don't even need to ask you about it.


Agreed.


- I *can* use this library in BSD code, and distribute both together
  as an aggregate under the terms of the GPL --- because the BSD
  license conditions are met by the GPL, so by distributing the whole
  under the terms of the GPL I meet both sets of licensing terms, and
  so everything is fine.


If by "use this library in BSD code" you mean modify and/or extend the 
BSD code so it relied on the facilities of the GPL code, then you can 
distribute my code under the GPL correct.


Those modified and extended portions are subject to the GPL, and can 
only be distributed under the GPL - they can not be distributed under 
the BSD licence (if that were possible, it would also be possible to 
distribute it under proprietary licences).



- I *can't* use this library in closed source code, and distribute the
result as an aggregate --- because there is no license which can meet the
terms of the GPL *and* my closed source license.


Agreed.


- I *can* use this this library in closed source code, and distribute the
library and the closed source code *seperately* --- because they're not
being distributed together it's not an aggregation, and both sets of
licensing terms are being met independently.


Disagree.

Why would separate distribution affect derived work status? Nothing in 
what I've heard from solicitors suggests that derived work status hinges 
on whether the derived work has been distributed with the work it 
derives from or not. ???



- I *can't *modify your library, and distribute the modified version as
BSD, because the modifications are derived work, and therefore the result
is only distributable under the terms of the GPL.


Indeed. This is the same case as "use this library in BSD code", for me. 
I see no way you can "use" a library without having adapted the code in 
some way to introduce that "use", and those modifications are deriving 
of the library.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
E Pluribus Unix

Re: no need to keep non-copylefted files that way in a copylefted project. (was Re: FRR package in Debian violates the GPL licence)

[Paul Jakma]

On Wed, 20 Mar 2019, Andrej Shadura wrote:

You cannot terminate GPL granted to someone without a violation. There 
clearly is no violation in the case you’re describing. Your legal 
advice is invalid.


I have legal advice, two independent sets, from qualified solicitors 
that there is a violation.


You're a software engineer.

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Why are you so hard to ignore?

Re: no need to keep non-copylefted files that way in a copylefted project. (was Re: FRR package in Debian violates the GPL licence)

[Paul Jakma]

On Wed, 20 Mar 2019, Giacomo Tesio wrote:

Here I suggest you all to find a friendly solution anyway for the same 
reason.


I tried for years to find friendly solutions. Many of the things others 
have suggested in this thread I already suggested/explored years and 
years ago with the people who are now FRR.


If you or anyone else wants to help find a solution, you have my email.


Also, if 3rd parties were to do this, outside of a wider agreement with
copyright holders that would resolve all this, it would likely just
aggravate the situation further.


Sorry, but I don't think so.


You can seek your advice on that, and I'll take my own.

I would not consider that a solution, and not helpful or friendly.

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The truth about a man lies first and foremost in what he hides.
-- Andre Malraux

Re: no need to keep non-copylefted files that way in a copylefted project. (was Re: FRR package in Debian violates the GPL licence)

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:

They don't need to do that themself, but they may want to keep that 
path open for downstream. And so their license allows that.


Their licence on their portion of the work, perhaps.

However, the work *also* requires a licence from the copyright holders 
of the GPL licence they have based their work on, to be distributed or 
used, as required by copyright law (whether you like that aspect of 
copyright or not). They have deliberately rejected the GPL licence that 
was on offer to them, ignored the conditions required by the GPL, and 
distributed the code anyway.


As a result, any GPL licence available to them terminated, and no 
further offer of a GPL licence is available to them, at this time, 
unless this matter is resolved to my satisfaction.


You simply can not obtain their code (the code at issue) from them (or 
anyone) under the GPL, therefore /you/ can not distribute or use it 
under the GPL either.


And this is not about some concern for some (MIT/X11, BSD) free software 
authors - they've fought this tooth and nail for their own commercial 
reasons: to try strip copyleft from GPL software they do not have rights 
to, for their own financial benefit.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The only thing necessary for the triumph of evil is for good men to do
nothing.
- Edmund Burke

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, Paul Jakma wrote:

No, you can't just take GPL of code mine, libify it and say it's OK 
for it be used in proprietary code, without my agreement.


Oh, and even if I myself have already put that GPL code in a library, 
it's still not OK for you to say "You can use this with whatever code 
you want, and ignore the GPL".


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
serendipity, n.:
The process by which human knowledge is advanced.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, David Given wrote:

OTOH the bits of Zebra he pointed out to me are all standalone 
modules,


There are further inter-dependencies between those modules. E.g,, things 
like the API that provides the route-filtering relies upon the 
event-handling system (lib/thread), etc.


You're welcome to try separating out the babeld/ and ldpd/ code that 
depends on the GPL code, from the code that does not.


As I wrote before, I actually tried many years ago to do that with the 
Quagga babeld port (now babeld/ in FRR), and I could only separate 3 
sets of files (3 .c and their 3 corresponding .h).


But, have a go, and see how easy it is and how far you get.

(Also, at this stage, you may not even be able to fix the issue with 
this approach anymore - consult a lawyer; but I did try to help them 
avoid this mess, years ago).


and FRR would be entirely within their rights to have pulled 
these out from the original app and turned them into a GPL library, 
*with* public entry points, and then ship that along with their code.


No, you can't just take GPL of code mine, libify it and say it's OK for 
it be used in proprietary code, without my agreement.



So... yeah, I dunno. The evidence he supplied wasn't particularly
convincing, but I can see where he's coming from.


Thanks.

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Excusing bad programming is a shooting offence, no matter _what_ the
circumstances.
-- Linus Torvalds, to the linux-kernel list

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:


Those files do not use GPL code; they just refer to it. No line of that
code was originated in GPL licensed code.


Ah, you're in the "copyright only protects literal copying" camp, and 
you don't acknowledge the concept of derived works.


There's little point discussing further with you, if so.

Copyright gives authors of works not just the right not to just control 
literal copying, but also a controlling right in any adaptations of 
their work (amongst other things). Whether you agree with this or not, 
various variants of this concept are law in many countries around the 
world.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Interference between the keyboard and the chair.

Re: no need to keep non-copylefted files that way in a copylefted project. (was Re: FRR package in Debian violates the GPL licence)

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:

A downstream could remove the GPL dependencies (for example by 
replacing it with a [dummy] re-implementation, or by removing any 
references) and legally redistribute the result under a non-GPL 
license.


I advised the people, who are now FRR, that this would be one way 
forward, *many years* ago - before this mess was in full bloom. It would 
have taken time, but it would have been possible (I'd not have spent my 
time doing this for free or on a low-wage though).


They rejected taking this approach.

Whether it is possible for FRR to /now/ try to re-implement the GPL 
portions and get out of their legal mess, I would want to take advice 
on. Even if they did so, it would not excuse them from the years of 
infringement they have already carried out, which remains ongoing.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Exercise caution in your daily affairs.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Wed, 20 Mar 2019, Ole Streicher wrote:

This does not match section 1, which allows the distribution of 
unmodified files along with the proper license information.


What unmodified files are you referring to?

I have explained several times now that this concerns files which were 
created outside of Quagga, adapting portions of BSD or MIT/X11 licensed 
code in some cases and writing new files in others, and those files were 
written to explicitly refer to, make use of and rely upon the GPL code 
from Quagga (and GNU Zebra) for function and comprehension.


Those files are derived works of the GPL code and must be distributed 
according to the conditions of the GPL licence, if they are to be 
distributed lawfully.


The GPL licence requires appropriate copyright notices in Section 1. 
Section 1 applies to unmodified files, and it also applies to modified 
files and derived works (see Section 2).


I'm not sure why you keep asking about unmodified files. The GPL applies 
to more than just any unmodified files. Please clarify.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Al didn't smile for forty years.  You've got to admire a man like that.
-- from "Mary Hartman, Mary Hartman"

Re: no need to keep non-copylefted files that way in a copylefted project. (was Re: FRR package in Debian violates the GPL licence)

[Paul Jakma]

On Wed, 20 Mar 2019, Giacomo Tesio wrote:

It goes without saying that adding a GPL header to those files that 
need it would be totally equivalent and more fool-proof.


If that had been done at the outset...

After X years of not doing so, denying the applicability of the GPL to 
files which are explicitly dependent on GPL code for function and 
comprehension, refusing to implement conditions required by the GPL, and 
organising a corner-of-industry attack on the career and employment of 
one of the GPL copyright holders who objected (and objected in helpful 
ways, providing constructive ways forward repeatedly): Just adding a 
header will no longer solve this.


Also, if 3rd parties were to do this, outside of a wider agreement with 
copyright holders that would resolve all this, it would likely just 
aggravate the situation further.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Mencken and Nathan's Second Law of The Average American:
All the postmasters in small towns read all the postcards.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Tue, 19 Mar 2019, Ole Streicher wrote:


In GPLv2, section 1 allows the distribution of unmodified source code,
if the license information is distributed unmodified as well.



Which unmodified GPL source code do they distribute without the
licensing information?


They are distributing files which were created outwith of Quagga, which 
explicitly refer to, make use of and rely upon facilities provided by 
GPL code obtained from Quagga (which obtained code from GNU Zebra 
before it).


I've given some examples of such files, and some of the GPL facilities 
they use, see previous mail.


Those files are derived works of the GPL code obtained from Quagga, 
according to legal advice. Those files may only be distributed under the 
terms of the GPL.


The Quagga project, and the FRR project as well, contain files with a 
number of different licences, and one must look at the specific file to 
determine the applicable licence(s). It is a file-scoped project with 
respect to copyright notices.


To be compliant with the GPL, these files are required by the GPL to 
have the appropriate copyright notices, according to legal advice.


They do not.

This is no bug or oversight - it is very deliberate, as the FRR people 
have repeatedly made clear (and are adamant) that they are not 
distributing these files under the GPL.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
If Nvidia would like to pay me as much as Microsoft is paid for driver
certification then I might be able to find the time

- Alan Cox on linux-kernel

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Tue, 19 Mar 2019, Ole Streicher wrote:


Paul Jakma  writes:

The people involved in (3) - Linux Foundation, Cumulus Networks,
6WIND, Big Switch Networks, etc. - refuse to acknowledge the legal
reality that the code of (3) is covered by the GPL licence of the code
of (2), and refuse to honour the conditions required by the GPL - see
David Lamparter's mail.


And which statement of the GPL do they violate in your opinion?


a) They are very clear they are /not/ distributing the source code under
   the GPL licence.

b) They are not complying with Section 1.

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
People will buy anything that's one to a customer.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

Correction:

On Tue, 19 Mar 2019, Paul Jakma wrote:


On Tue, 19 Mar 2019, Roberto wrote:


 On the other side, if I understood correctly, there are authors who want
 to contribute their code under GPL exclusively, and they feel that some of
 their changes got included into the bundled libraries (and are significant
 enough to be covered by copyright), so those libraries should be wrapped
 by the GPL as well.


It's not like that. It's more like (as a high-level summary):

1. There are GPL libraries (and associated support daemons), providing a
   number of facilities.

2. There is BSD and MIT/X11 licensed code

3. People took the code of (2), and adapted that code - extensively and
   explicitly - to make use of and rely upon the facilities of the code
   of (1); facilities which were missing in the code of (2).

The people involved in (3) - Linux Foundation, Cumulus Networks, 6WIND, Big 
Switch Networks, etc. - refuse to acknowledge the legal reality that the code 
of (3) is covered by the GPL licence of the code of (2), and refuse to honour 
the conditions required by the GPL - see David Lamparter's mail.


They've gone to great lengths on that, including using corporate connections 
to adversely affect the employment of copyright holders of (2), where those


s/of (2)/of (1)/


copyright holders objected to what the people of (3) were doing.

regards,


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
There isn't any problem

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Tue, 19 Mar 2019, Roberto wrote:

On the other side, if I understood correctly, there are authors who 
want to contribute their code under GPL exclusively, and they feel 
that some of their changes got included into the bundled libraries 
(and are significant enough to be covered by copyright), so those 
libraries should be wrapped by the GPL as well.


It's not like that. It's more like (as a high-level summary):

1. There are GPL libraries (and associated support daemons), providing a
   number of facilities.

2. There is BSD and MIT/X11 licensed code

3. People took the code of (2), and adapted that code - extensively and
   explicitly - to make use of and rely upon the facilities of the code
   of (1); facilities which were missing in the code of (2).

The people involved in (3) - Linux Foundation, Cumulus Networks, 6WIND, 
Big Switch Networks, etc. - refuse to acknowledge the legal reality that 
the code of (3) is covered by the GPL licence of the code of (2), and 
refuse to honour the conditions required by the GPL - see David 
Lamparter's mail.


They've gone to great lengths on that, including using corporate 
connections to adversely affect the employment of copyright holders of 
(2), where those copyright holders objected to what the people of (3) 
were doing.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The typical page layout program is nothing more than an electronic
light table for cutting and pasting documents.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Mon, 18 Mar 2019, Vincent Bernat wrote:


IMO because the definition of derived work comes from binary linking
(static or dynamic).


The advice I've had did not reason in these terms.

As I know the FRR people think computer technical implementation details 
like dynamic linkage, and address spaces, etc., are very important here, 
I specifically double-checked with the solicitor, and my understanding 
is they are not really relevant here.


Which I guess isn't surprising, as things like "derived work" (or 
"adapted work", etc.) are legal terms that do not really depend on the 
low-level technicalities of computer programming.


There are libreadline alternatives licensed under a BSD-like license 
(like libedit or libeditline). There are API-compatible, not 
ABI-compatible. If you link the program with libreadline, you have to 
distribute the result under the GPL. If you link it with libedit, you 
don't have to. The source code of the program is exactly the same. Is 
it GPL or is it not?



The API exposed by Quagga could be provided by another project using
another license.


If there had been other completely independent implementations of the 
facilities and functions provided at present by the GPL code they 
obtained from Quagga (and GNU Zebra before it), then perhaps the legal 
advice would be different. I don't know, but I concede it could be - 
you'd have to ask a lawyer.


Anyway, that's not the reality we're in.


I will stick with the views of those qualified solicitors, over the
view of a software engineer, at least on legal matters.


Maybe these views could be published somewhere.


Sure.

Will do, once Cumulus Networks, 6WIND, Linux Foundation, 
NetDEF/OpenSourcerouting.org/whatever other corporates Martin Winter or 
Alistair Woodman or David Lamparter are involved in, etc., publish their 
legal advice on this matter.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Someone is broadcasting pigmy packets and the router dosn't know how to 
deal with them.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Mon, 18 Mar 2019, Thorsten Alteholz wrote:

[2] 
https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.en.html#CombinePublicDomainWithGPL


"You can do that, if you can figure out which part is the public domain 
part and separate it from the rest."


Indeed...

See also my earlier email on trying to separate the code (and if you 
google you might find more on that).


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
I have a better idea: force CONFIG_DEBUG_* if CONFIG_DEVFS_FS had
been set _and_ taint the kernel with new flag - Known_Crap

- Al Viro on irc

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Mon, 18 Mar 2019, Giovanni Mascellani wrote:

I think I have seen MIT/BSD pieces of code in most of the GPL projects 
I have looked into.


Nothing in the advice I have received precludes the happy co-existence 
of MIT/BSD code with GPL code in the same project.


The cases you have in mind, presumably, are those where BSD/MIT code has 
been imported but /not/ modified and extended such that that code 
derives from GPL licensed code.


Which is a different case to this case.

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Everyone talks about apathy, but no one does anything about it.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Mon, 18 Mar 2019, David Given wrote:

Being merely dependent on third-party code is not, to my 
understanding, sufficient to be considered derived code.


If code which is written to depend explicitly and heavily on the APIs 
and frameworks provided by GPL is /not/ considered subject to the GPL, 
but 'mere' 'aggregration', one would wonder why the LGPL would ever have 
been drafted. One would wonder why readline was ever an issue for the 
BSDs. etc., etc.


Your legal analysis is not inline with formal legal advice given by 
qualified solicitors, who have examined this issue. That advice is that 
the code concerned is deriving of the GPL code.


I will stick with the views of those qualified solicitors, over the view 
of a software engineer, at least on legal matters.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Cohen's Law:
There is no bottom to worse.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Mon, 18 Mar 2019, David Given wrote:


On Mon, 18 Mar 2019 at 11:10 Paul Jakma  wrote:
[...]


One would need to obtain a licence from all the copyright holders
concerned. According to advice, I am one of those copyright holders. And
that includes having a copyright interest in the code in the ldpd/ and
babeld/ directories of FRR, being code which depends explicitly and
heavily on the GPL code in the other directories and which can not be
compiled, comprehended or function without reference to the GPL source
code.



I'll admit to having trouble following.

Can you point at a specific example of a derived file which they're
distributing under the BSD license, and the GPL-licensed file it was
derived from?


It'd probably be easier to list the files which are /not/. I tried a 
number of years ago - when I still thought (naively) others were 
ultimately acting in good faith and wished to respect licences - to 
untangle quagga-babeld into files with the GPL-dependent sections, and 
the files with just the original non-GPL-dependent code.


I was able to get about 3 .c files (and their .h) be clearly independent 
of the GPL library, and even then it needed a small compatibility 
library.


The other side rejected this approach to resolving the matter.



Anyway, a small, non-exhaustive sampling with rough, incomplete notes - 
for the sake of speed:


https://github.com/FRRouting/frr/blob/master/babeld/babel_filter.c

Depends heavily on lib/vty.{c,h} for the "VTY" CLI sub-system provided 
by the GPL source code, lib/prefix.{c,h} for address prefix, on 
lib/log.{c,h}, etc., and contains code which is exported as callbacks to 
have its execution orchestrated by GPL code, and see below.


https://github.com/FRRouting/frr/blob/master/babeld/babel_interface.c

Depends heavily on lib/command.{c,h}, etc.. Further, its functionality 
is orchestrated via the GPL library code by defining callbacks for 
babel_zebra below to register, whose execution is ultimately 
orchestrated by the GPL library code as well as being dependent on the 
GPL zebra daemon.


https://github.com/FRRouting/frr/blob/master/babeld/babel_zebra.c

Depends heavily on lib/command.{c,h}, lib/stream.*, lib/zclient.*, and 
on the GPL zebra daemon.


Many/most of these subsystems further depend on other pieces of GPL 
library or daemon code.


It's a similar story with ldpd/, there are a good number of files for 
which the FRR project have not put GPL headers on deliberately (see 
David's email), which make use of and depend upon (as per at top) GPL 
library and daemon code. E.g.:


https://github.com/FRRouting/frr/blob/master/ldpd/ldpd.c

Depends on lib/sigevent, lib/zclient (see comments above), lib/thread, 
etc. etc.


I don't think it's disputed that this code is wholly dependent on the 
GPL code for execution - it's implicit in David's email that this is the 
case, where he acknowledges (at least) that FRR accept that the 
/binaries/ are covered by the GPL.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
This fortune is encrypted -- get your decoder rings ready!

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Sun, 17 Mar 2019, Giacomo wrote:


Hi Paul, a question:


what if Debian added such the missing header to those files that miss 
it before packaging, so that the source packages comply with the 
License?


My understanding is the work would still be unlicensed. There is no GPL 
licence available from anyone for the infringing work.


One would need to obtain a licence from all the copyright holders 
concerned. According to advice, I am one of those copyright holders. And 
that includes having a copyright interest in the code in the ldpd/ and 
babeld/ directories of FRR, being code which depends explicitly and 
heavily on the GPL code in the other directories and which can not be 
compiled, comprehended or function without reference to the GPL source 
code.


I'm open to resolving this, as part of a wider resolution of the issues 
in this matter. Otherwise, I would be unlikely to.


The likelyhood of someone being able to drive this to resolution... But 
people are welcome to try.


If the only possible license for that code is GPL (as it depends on 
GPL code) one might argue that the lack of GPL header is a bug that 
might fool a user to use that file as permissively licensed, 
terminating his own license forever!


This isn't a "bug". This is a very deliberate attempt by a set of 
corporates, led by Cumulus Networks, under a Linux Foundation project 
aegis, to try erase the copyleft nature of the GPL licence on code, 
which they havn't the right to do.


They are trying to forge a new reality for GPL code, where other 
people's GPL code can be treated as if it had a much weaker licence, so 
it can be appropriated by said corporates and their customers.


In any case if Debian distribute the code as GPL and that code can 
only EXIST as a GPL derivative (thus GPL itself) they are not 
violating anything, and they could easily add the missing headers just 
to protect the user from an accidental but definotive termination.


We're talking about code that can only be distributed under the terms 
required by the GPL, and where the original distributors of that code 
have forfeited their right to distribute that code under the GPL through 
licence infringement - from T=0.


Also, read David's email, where he is speaking for FRR: He is explicit 
that FRR are _not_ distributing the source code concerned under the GPL 
(and hence refuse to comply with the GPL notification requirements, even 
where they have placed prominent notices of other applicable licences 
which they find favourable). If there is any doubt as to whether FRR are 
distributing the source code concerned under the GPL, I hope David's 
email has dispelled it. Take him at his word.


I'd have to take advice to be 100% sure, but I do not believe it is 
possible to obtain the code concerned with a GPL licence. Also, I do not 
believe it is possible to take unlicensed code, slap a GPL notice on it, 
and just unilaterally grant oneself a GPL licence to other people's 
code.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Don't hit the keys so hard, it hurts.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Sat, 16 Mar 2019, Don Armstrong wrote:

I am going to stick with the legal advice I have received, including 
from a solicitor specialising in copyright, over the belief of 
someone with no qualifications in this area and no experience other 
than having read some stuff on the Internet.


This *is* debian-legal; if anything anyone said here was actually 
qualified legal advice, it wouldn't be given in this forum. It 
certainly wouldn't be given by me.


Note, the "someone with no qualifications in this area" was referring a 
member of the FRR project - not you (I don't know you).


Since there's not much more debian-legal can do for you, please seek 
out a resource


I'm not looking for legal advice here. I have taken advice (indeed, I 
have two independent sets of legal advice on this; i.e., another set of 
advice obtained after the email of mine you linked to).


I am informing debian-legal of that advice, given that Debian appears to 
be distributing the infringing work.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Executive ability is deciding quickly and getting somebody else to do
the work.
-- John G. Pollard

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Sat, 16 Mar 2019, Don Armstrong wrote:


Debian does, in /usr/share/doc/frr/copyright.


That is not one of the files at issue.


My understanding is that those files in themselves are not derivative
works of GPLed source code, but the entire FRR project is. At least,
that's the judgment of the project in



https://github.com/FRRouting/frr/issues/1923


I am going to stick with the legal advice I have received, including 
from a solicitor specialising in copyright, over the belief of someone 
with no qualifications in this area and no experience other than having 
read some stuff on the Internet.


As long as Debian is complying with the GPL, whether the FRR project 
is or is not complying is irrelevant according to GPL-2 §4:


The FRR project had no licence under which to lawfully distribute these 
files to the Debian project. These files remain unlicensed, even in the 
hands of the Debian project, regardless of the good intent (or 
otherwise) of the Debian project. The Debian project has no licence to 
distribute them under either.



   parties who have received copies, or rights, from you under this
   License will not have their licenses terminated so long as such
   parties remain in full compliance.


"have" - do note the past tense there.

As the FRR project have _never_ complied with the GPL with regard to 
these files, there was never and never will be a GPL licence to 
distribute them under. Nor to downstreams.


At least, so long as no one resolves this issue to the satisfaction of 
the copyright holders whose work has been infringed (and no one has ever 
tried with me - though I have approached some large organisations on 
this in the past, to no avail).


Quagga project and the FRR fork of the Quagga project;[1] Debian isn't 
a party to this dispute,


The Debian project is a party to this dispute, given you are choosing to 
distribute the infringing work.



and it's not Debian's job to choose a winner.


That's not my concern.

My concern is that the Debian project abides by what is legally required 
by copyright law, certainly with respect to work I hold copyright in.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Tuesday After Lunch is the cosmic time of the week.

Re: FRR package in Debian violates the GPL licence

[Paul Jakma]

On Sat, 16 Mar 2019, Don Armstrong wrote:


On Sat, 16 Mar 2019, Paul Jakma wrote:

The code concerned however is explicitly /not/ being distributed under
the terms required by the GPL licence, but rather much weaker licences
(BSD or MIT/X11, e.g.). Licenses which fail to implement the
reciprocal source code publication conditions of the GPL, amongst
other things.


Because Debian distributes[1] FRR in compliance with the terms of the 
GPL, and the terms of the license of the subparts of FRR are 
compatible with the GPL, Debian is not in violation of the terms of 
the GPL.


The GPL stipulates that the distributor must "appropriately publish on 
each copy an appropriate copyright notice".


FRR deliberately do not so on a number of files, in the ldpd and babeld 
directories most notably, even where those files do prominently feature 
notice of another licence (a weaker one lacking the requirements of the 
GPL).


This is very deliberate, as FRR denies the applicablility of the GPL to 
those files, even though these files are dependent on the GPL source 
code for function and comprehension and these files are derived works of 
the GPL source code, according to legal advice. The FRR project - by 
their own words - are not distributing this code under the GPL, 
manifested no least by their refusal to comply with the notification 
requirement of the GPL.


Non-compliance with conditions stipulated by the GPL licence, on code 
that may only be distributed in accordance with the GPL licence, is an 
infringement of copyright.


The termination clause of the GPL applies to entities who are 
redistributing FRR not to the code base in general; as Debian 
redistributes in compliance with the GPL (and presumably the FRR 
project on github does as well), Debian hasn't activated GPL-2 §4.


The FRR project, and associated entities (such as Cumulus Networks, Big 
Switch Networks, 6WIND, LAbN Consulting, Orange Telecom, the Linux 
Foundation) have no GPL licence for this code-base.


The Debian project can not magically grant itself a GPL licence for this 
infringing code, when the FRR project have none to give.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Death before dishonor.  But neither before breakfast.

FRR package in Debian violates the GPL licence

[Paul Jakma]

Hi,

The FRR package contains code, e.g. in the ldpd and babeld directories 
notably, which can not function without the assistance of and 
orchestration of GPL code; code whose function can not be understood 
without reference to the GPL source code - this FRR code is deriving of 
the GPL code (as per multiple sets of legal advice available to me), 
which I hold copyright in.


The code concerned however is explicitly /not/ being distributed under 
the terms required by the GPL licence, but rather much weaker licences 
(BSD or MIT/X11, e.g.). Licenses which fail to implement the reciprocal 
source code publication conditions of the GPL, amongst other things.


This is no accident. It is a deliberate campaign to undermine the GPL on 
this code-base, to normalise the stripping of copyleft requirement from 
it, and permit the ability to build proprietary works on top of it. 
E.g., see:


 https://github.com/FRRouting/frr/issues/1923

It is - I am advised - not permitted by the GPL and infringing of my 
copyright in thise code-base, and also incitement to commit copyright 
infringement. As such, the termination clause of the GPL became 
applicable to FRR.


Use and distribution is unlicensed.

I reserve the right to recover damages and compensation, to the greatest 
extent allowed by relevant laws, from anyone any unlicensed use or 
distribution of code I hold copyright in.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
"What I've done, of course, is total garbage."
-- R. Willard, Pure Math 430a

Re: Hacking License

[Paul Jakma]

On Tue, 11 Dec 2018, Paul Jakma wrote:

Much easier would be a licence where all you had to show was that the 
software was passed on, and that that act on its own was sufficient to 
trigger the general source distribution requirement (modulo "desert island", 
etc., which pretty obviously do not apply to the general corporate abusers).


To clarify:

The abusive cases are far from the grey lines, so there is little need to 
worry about /exactly/ where they lie - and ultimately that comes down to a 
judge.


The abusive cases are exploiting grey lines in the /current/ copyleft 
licences. We can move the grey lines so those cases are much further 
from the grey lines, by making public source distribution a requirement, 
upon distribution - modulo "desert island" and "dissident" escape 
clauses.


I want to have a copyleft licence available that does that, for next 
time I want to distribute code under copyleft terms.


The Hacking licence proposed is intriguing, but doesn't quite do that 
for me (along with some other issues), as it stands, AFAICT.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The goal of science is to build better mousetraps.  The goal of nature
is to build better mice.

Re: Hacking License

[Paul Jakma]

On Tue, 11 Dec 2018, Eloi Notario wrote:

Furthermore, these patches will be protected by the GPLv3 and even if 
publicly available Sencha will be unable to sell them,


Probably you know this, and you meant "sell them exclusively or 
somesuch", but just to note:


Nothing in the GPL prevents one from selling GPL source code.

;)

regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Life is divided into the horrible and the miserable.
-- Woody Allen, "Annie Hall"

Re: Hacking License

[Paul Jakma]

On Tue, 11 Dec 2018, Giacomo Tesio wrote:


On Tue, 11 Dec 2018 at 13:06, Paul Jakma  wrote:

On Tue, 11 Dec 2018, Giacomo Tesio wrote:



Unless there is some really compelling reason the modifier can not make
their changes available (desert island, dissident), why not just require
they make the changes available - given how easy it is to distribute
software these days?


This is not a binary state, either easy to distribute or impossible 
to. The world is large and the bandwidth you assume is not cheap or 
easily available to everyone.


That may be true, but there may come a point where a line must be drawn. 
Either the distributor does have sufficient Internet access to not meet 
some "desert island" clause, or they do not. Either there is sufficient 
risk to meet some "dissident" clause, or there is not.


The world may not be binary, but in the event of a dispute sufficient to 
take the matter to court, a judge will draw that line, according to the 
context, in terms of the parties involved (not the world). (This is also 
why it is important to use terms that the legal world prefers and has 
already reasoned about, rather than inventing your own).


If someone can download copies of software I have made available, and if 
they are able to distribute their modifications to others using the 
Internet, then they are going to have a hard-time arguing that they 
could not also upload the software to, say, either GitHub, or else my 
instance of gogs with free hosting for modified versions of said 
software (specifically there to facilitate that licence requirement).


The corporate abusers I have in mind are very clearly not on a desert 
island, very clearly are active on the Internet, very clearly are fully 
capable of making their modifications available to all.



That's why the Hacking License give right upstream.
In the moment an abuser abuse the license, all his rights are terminated.


The GPL also terminates. The GPLv2 has very strong termination 
conditions even.


That's not what happens though, the abuser finds a loophole, to carry 
out their abuse (not giving back) in a way that can be argued to not 
violate the licence.



Making available != getting integrated upstream.


This is an oversimplification: by making available a severe zero-day 
fix that would likely to get lost among the thousands of "newly 
available" patches of the week, you might set up a blame campaign on 
the upstream hackers that are "unable to live up to their success".


Free Software is a gift. I want it to remain a gift.
As such it cannot become a burden on those who donate.


I don't see how it could be a burden, if one is openly distributing 
modified versions of some copylefted work on an ongoing basis, to also 
be required to upload a copy to any of a number of free open-source 
source code hosting sites.


AGPLv3 also poses a condition to the execution: beyond the wording, if 
you make a covered work available across a network (a use) you have to 
make the sources available to the users. The Hacking License is 
simpler: as a condition to the all the grants provided, you should 
make the source available to any User (as defined in the License 
itself).


The corporate abusers I have in mind would be able to fulfill that 
condition.


And I'm back to square one, with the same problem I have with the GPL. 
The Users have a disincentive to pass the source on, through 
side-contracts.


And I'm in the same position as before with the GPLv2: The question of 
whether those side-contracts are at odds with the licence, or whether 
they are orthogonal and wholly separate things, does not have an obvious 
answer.


Much easier would be a licence where all you had to show was that the 
software was passed on, and that that act on its own was sufficient to 
trigger the general source distribution requirement (modulo "desert 
island", etc., which pretty obviously do not apply to the general 
corporate abusers).



Same for your grampa. When it stop being a personal hack and you have
to publish the patch somehow?


I don't know. There is some line though, and - if it comes down to it - 
a judge can draw that line.


Just as the corporate abusers are obviously not on a desert island, 
these abusive cases generally do not involve people distributing a hack 
to their granda via SSH access.


The abusive cases are far from the grey lines, so there is little need 
to worry about /exactly/ where they lie - and ultimately that comes down 
to a judge.


Despite its evidence, may people cannot see the parallel between 
writing in Ancient Egypt and information technology today. So they 
tend to discard issues that will arise when programming will be easy 
and diffused as it's writing today.


The legal system will find a way of deciding these matters though, where 
people care enough to bring them to a court.



No, the modifier must make the modifications available only to their Users.

Re: Hacking License

[Paul Jakma]

On Tue, 11 Dec 2018, Giacomo Tesio wrote:


On Tue, 11 Dec 2018 at 12:22, Paul Jakma  wrote:


Personally, I want a copyleft for the 'gitlab/github/gogs' era: Source
must be made available, unless you're on a desert island or there is a
credibly physical risk of imprisonment or harm to individuals by
disclosing their identity.



The point is, made available to whom?


To anyone.

Unless there is some really compelling reason the modifier can not make 
their changes available (desert island, dissident), why not just require 
they make the changes available - given how easy it is to distribute 
software these days?


The more options are given for not distributing modifications widely, 
the more opportunity there is for abusers to find loop-holes.



To the users? Sure.

Upstream?
In a world where people happily hack their own software, this might
open a can of worms upstream and downstream:
- it would impose a review process (and infrastructure) for patches
that would slow down development


Making available != getting integrated upstream.


- it would disincentive hack for personal purpose for the burden to
prepare a 3rd party readable patch


No.

Copyleft usually only regulates and imposes conditions upon distribution 
(so long as the licence is adhered to generally). The conditions on 
making the sources available are imposed only if one wishes to 
distribute the work.


If "personal hack" means "no distribution to others", then there's no 
obligation to make the modifications public.



In both case, strictly applied, such rule would create weird practical
issues to free software.


I think you're objections were not with what I had imagined. ;)


That's why the Hacking License assigns copyright and patent license
upstream but without turning upstream copyright holders into Users.


That does not require the modifier to make the modifications available 
to the upstream, or anyone though.



They can also become users, obviously, but they can also just benefit
from the copyright assignment and patent license to reimplement
similar behavior without legal issues.


How would I benefit from copyright assignment in modifications to my 
code, if I can never get (perhaps never even know about) those 
modifications?


Note that one _already_ gets a copyright interest in any modifications 
to one's work (GPLed or whatever), if those modifications constitute a 
derived work. (In at least some jurisdictions).


Just being a copyright holder in some derived work of one's own work is 
not per se sufficient to ensure one can get access to that derived work 
though.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Another hour, another error report...

- Eric S. Raymond on linux-kernel

Re: Hacking License

[Paul Jakma]

On Tue, 11 Dec 2018, Paul Wise wrote:


If you are talking about grsecurity,


Had more personally significant cases in mind, not GrSec per se, but 
GrSecurity is an example, on the contract side.


That said, wrt "abusive corporates", I'd put GrSec more on the /victim/ 
side, and I have some sympathy for them, but that's another discussion.

;)

the contract from 2017 was on their website, is now on archive.org but 
the current version is not public:


https://web.archive.org/web/20170805231029/https://grsecurity.net/agree/agreement.php


That looks like the kind of side-agreement that would be good to clearly 
make impermissible or impossible to hold people to, while also wanting 
to avail of a copyleft licence - to me.


Personally, I want a copyleft for the 'gitlab/github/gogs' era: Source 
must be made available, unless you're on a desert island or there is a 
credibly physical risk of imprisonment or harm to individuals by 
disclosing their identity.


I think that would depend on the protocol used and that many of them 
would have room for extensions that could include instructions for 
obtaining source code.


If you add an extension, how do you know the other supports that 
extension and showing it to the user? How do you show the user 
"interacted" with your software? Seems unreliable / risky / unlikely to 
achieve the goal, if tested.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Conceit causes more conversation than wit.
-- LaRouchefoucauld

Re: Hacking License

[Paul Jakma]

On Mon, 10 Dec 2018, Ian Jackson wrote:

Or are you really convinced that these other issues are showstoppers 
and that without handling them in your licence, downstreams will abuse 
their position ?  Frankly that doesn't seem particularly likely.


Without denigrating what you're saying on compatibility and 
understanding (as below)...


There is an issue with the GPL style copyleft of abuse by corporates. In 
particular, abusing the ability to discharge source distribution 
privately, and then using various forms of side-contracts to 
(indirectly) "discourage" recipients from exercising their GPL rights.


As this all happens in private, it makes it hard for copyright holders 
to take action. It can be hard to gather basic facts (e.g. the side 
contracts). The recipients - who are potentially having their GPL 
rights impinged - are not necessarily willing to even tell the 
copyright holders about this, never mind co-operate. Etc.


Then there's the more general issue that the AGPL doesn't really work 
for non-interactive distributed-system software, should you want your 
distributed-system software to have its source be made available to 
anyone operating other bits (or implementations of) the distributed 
system.



I think maybe you are seriously undervaluing the benefits of using a
licence that everyone already knows and that is compatible with many
other Free Software licences.


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Look out!  Behind you!

Re: Cisco EIGRP patent licence and the GPLv2 licence

[Paul Jakma]

On Tue, 4 Jul 2017, Walter Landry wrote:


 "For any claims of any Cisco patents that are necessary for
 practicing
  the Enhanced Interior Gateway Routing Protocol specification
  , any party will have the right to use any such
  patent claims under reasonable, non-discriminatory terms, with
  reciprocity, to implement and fully comply with the specification.


This means that Cisco's patent grant only applies if you are
implementing EIGRP.  So that feels incompatibile.


With that said, the usual approach that Debian follows is that if the 
patent is not being actively enforced, Debian does not worry about 
them.  Otherwise, Debian would not be able to ship anything.  Since 
you claim later


It's hard to know. Cisco do have a history of initiating patent 
enforcement actions though. E.g.:


  
https://blogs.cisco.com/news/protecting-innovation-itc-945-initial-determination

How much that would concern one would depend on one's situation.

Personally, I don't have an issue with that style of licence cause it 
only limits those who want to sue over patents. Which seems fine to me.



What I've gotten from those exchanges suggests there is little reason
to be concerned about the Cisco patent or the licence.


then it would be fine for Debian.


That's on the concern about the patent and its licence. Which is where 
most people I've talked to stop the analysis. However, the concern 
that's been raised is on the other side.


The concern raised is about the /copyright/ holders in the other GPLv2+ 
licensed code, on which the EIGRP GPLv2 code depends. The concern is 
those other copyright holders could object that the EIGRP code that 
depends on their code is patent encumbered, with potential royalties, 
and hence incompatible with the licence they gave on the use of their 
code.


At a practical level, are those concerns founded, and what degree of 
caution on such concerns is warranted? Both in terms of reasonable 
protection against hostile copyright holders (e.g. SCO situations where 
copyrights fall into wrong hands) and deference to the wishes of 
friendly copyright holders who object to patent encumberances; but 
without unreasonably restricting others' ability to distribute code they 
have written?


(On whether concerns are founded: The brief informal legal advice I've 
had seemed to suggest maybe - your reply above seems to too; what I 
can't get clarity on is that issue of the reasonable degree of caution, 
and the appropriate balance between different interests).


regards,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
If you don't have time to do it right, where are you going to find the time
to do it over?

Cisco EIGRP patent licence and the GPLv2 licence

[Paul Jakma]

Hi,

I have a question I have not been able to get a conclusion to, regarding 
the compatibility of the licence Cisco have given to their EIGRP 
patents, by way of their declaration under the IETF "IPR" process. That 
declaration being:


  https://datatracker.ietf.org/ipr/2236/

The relevant grant/licence text being:

 "For any claims of any Cisco patents that are necessary for practicing
  the Enhanced Interior Gateway Routing Protocol specification
  , any party will have the right to use any such
  patent claims under reasonable, non-discriminatory terms, with
  reciprocity, to implement and fully comply with the specification.

  The reasonable non-discriminatory terms are: Cisco will not assert any
  patents owned or controlled by Cisco against any party for making,
  using, selling, importing or offering for sale a product that
  implements the Enhanced Interior Gateway Routing Protocol
  specification , provided, however that Cisco
  retains the right to assert its patents (including the right to claim
  past royalties) against any party that asserts a patent it owns or
  controls (either directly or indirectly) against Cisco or any of
  Cisco's affiliates or successors in title or against any products or
  services of Cisco or any products or services of any of Cisco's
  affiliates either alone or in combination with other products or
  services.

  Royalty-bearing licenses will be available to anyone who prefers that
 option."

A GPLv2+ implementation of EIGRP exists, which itself depends on other 
pieces of GPLv2+ code in Quagga. The question that's been raised with me 
is whether or not a free software project such as Quagga could 
distribute such an implementation? Are there any compatibility issues 
between the patent licence and the GPLv2 licence to worry about? In 
particular, to any degree that would cause a problem for a mainstream 
Linux distributions such as Debian?


I've had some exchanges with a number of people about this. Including 
luminaries in the free software world, legal experts around free 
software, as well as quick and informal advice from a solicitor I know.


What I've gotten from those exchanges suggests there is little reason to 
be concerned about the Cisco patent or the licence.


It's less clear to me though whether there is an issue on the copyright 
and GPLv2+ licence side. The concern that has been raised with me is 
that the Cisco grant is conditional and revocable with potential 
royalties applying, while the GPLv2+ seems to require unconditional, 
non-revocable patent grant.


 "7. ... For example, if a patent
  license would not permit royalty-free redistribution of the Program by
  all those who receive copies directly or indirectly through you, then
  the only way you could satisfy both it and this License would be to
  refrain entirely from distribution of the Program."

(Personally, I don't have a moral problem with a patent holder retaining 
the right to sue anyone who sues them over patents; but my opinion on 
that doesn't have a bearing on the GPLv2).


So, would distributing a GPLv2+ EIGRP implementation which, in turn, 
depends on other GPLv2+ licensed code belonging to a diverse set of 
copyright holders, cause any issues for Debian?


Does the answer to that question change in any way if it is the GPLv3+ 
instead?


Thanks,
--
Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The faster we go, the rounder we get.
-- The Grateful Dead