Re: Is the RAR archiver freely distributable?
Francesco Poliwrites: > On Fri, 11 Nov 2016 10:07:09 +1100 Ben Finney wrote: > > [...] > > I believe there are actively-enforced patents on DVD-CSS that > > prohibit distribution of, for example, free software that opens > > files encrypted with that scheme. > [...] > > Is this the actual reason? I don't claim it's *the* reason for anything :-) It is certainly one factor in decisions about what packages should be in Debian. Relevant for this discussion, it appears to be a factor distinguishing ‘libdvdcss2’ from RAR compression tools. > I was under the impression that the issue was due to DMCA (in the USA), > EUCD (in the EU) and similar insane laws in other jurisdictions... That's another factor, yes. -- \ “Every man would like to be God, if it were possible; some few | `\ find it difficult to admit the impossibility.” —Bertrand | _o__)Russell, _Power: A New Social Analysis_, 1938 | Ben Finney
Re: Is the RAR archiver freely distributable?
On Fri, 11 Nov 2016 10:07:09 +1100 Ben Finney wrote: [...] > I believe there are > actively-enforced patents on DVD-CSS that prohibit distribution of, for > example, free software that opens files encrypted with that scheme. [...] Is this the actual reason? I was under the impression that the issue was due to DMCA (in the USA), EUCD (in the EU) and similar insane laws in other jurisdictions... -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpXjTLJguHtK.pgp Description: PGP signature
Re: Is the RAR archiver freely distributable?
Dmitry Alexandrov <321...@gmail.com> writes: > May I ask again, what law (what jurisdiction) are you talking about. I am being deliberately non-specific about jurisdiction, and limiting the above assertions to those that describe law regardless of jurisdiction. > I am not familiar with North American laws, but there *is* a law > prohibiting distribution of DRM-circumvention tools, for instance, in > the Ukraine […] Yes, exactly: it is a *specific action* (distribution) that is restricted, not the object. Thank you for providing a specific example of law that does not make *objects* illegal, but *actions* by persons. Which is why I'm pointing out that it can only make sense to talk about what *actions* the law restricts. The tool is not legal or illegal, it is what a person may do that is restricted. So, the questions to ask for a proposed work in Debian are all about those restrictions on actions. What actions by Debian recipients are restricted by the specific conditions on the work, and do those restrictions constitute violation of DFSG? What actions by the Debian Project are restricted by specific laws? Do those restrictions exclude redistribution of the work by the Debian Project at all? Do those restrictions allow redistribution, but exclude the work from Debian? -- \ “[On the Internet,] power and control will shift to those who | `\ are actually contributing something useful rather than just | _o__)having lunch.” —Douglas Adams | Ben Finney
Re: Is the RAR archiver freely distributable?
>> > Are ‘key recovery tools’ illegal somewhere? Tools for circumventing >> > digital restristions measures definitely are. >> >> If you use them on files you legally own, they are legal. They will be >> illegal for cracking content for which you should not have access. > > Another way of saying that is: The tool isn't legal or illegal. It is > specific *actions* by persons that is restricted by law. > >> The tool cannot differentiate, it can only do its job. > > Likewise, AFAIK the law doesn't make a tool illegal, only specific > actions. May I ask again, what law (what jurisdiction) are you talking about. I am not familiar with North American laws, but there *is* a law prohibiting distribution of DRM-circumvention tools, for instance, in the Ukraine: ,[ Law on copyright and related rights ] | Section V. Protection of copyrigh and related right | | Article 50. Violation of copyright and related rights | | Violations of copyright and (or) related rights, that give grounds for | seeking remedy in court, are: | | ... | | e) any actions to deliberately circumvent technical measures of | copyright (or related rights) protection, in particular: making, | distributing, importing with the purpose of distributing, and using | tools for such circumvention; | | ... `(translation mine, cf. original at [0]) [0] http://zakon4.rada.gov.ua/laws/show/3792-12/page3 > I believe there are > actively-enforced patents on DVD-CSS that prohibit distribution of, for > example, free software that opens files encrypted with that scheme. If > the Debian Project distributes such a tool, it *is* violating an > actively-enforced law. As far as I know, libdvdcss2 is a bruteforcing tool. There could be no patents on brute-force.
Re: Is the RAR archiver freely distributable?
Gunnar Wolfwrites: > Dmitry Alexandrov dijo [Wed, Nov 09, 2016 at 12:19:19AM +0300]: > > Are ‘key recovery tools’ illegal somewhere? Tools for circumventing > > digital restristions measures definitely are. > > If you use them on files you legally own, they are legal. They will be > illegal for cracking content for which you should not have access. Another way of saying that is: The tool isn't legal or illegal. It is specific *actions* by persons that is restricted by law. > The tool cannot differentiate, it can only do its job. Likewise, AFAIK the law doesn't make a tool illegal, only specific actions. This is why it's of primary interest how the freedoms *of the recipient* are affected, by the restrictions on a work proposed for Debian. Also of interest are whether the Debian Project is legally permitted to redistribute the work at all. The question of “what is the recipient restricted from doing, and does that restriction violate the DFSG?” involves whether executing the tool is legal. The answer for the case under discussion is probably “if you break the law, that action was illegal; if you use it otherwise, probably not”. That's what Gunnar's answer above is getting to. There isn't a question about whether the tool “is legal”, only what actions are restricted. A Debian recipient can get a tool that was distributed quite legally by the Debian Project, and then choose to use it in a way that violates a law. By itself, that doesn't mean the Debian Project has violated any law; and it doesn't mean the restriction violates the DFSG. There is a quite separate question of “what is the Debian Project legally restricted from distributing?” I believe there are actively-enforced patents on DVD-CSS that prohibit distribution of, for example, free software that opens files encrypted with that scheme. If the Debian Project distributes such a tool, it *is* violating an actively-enforced law. That is, clearly, a very different restriction that doesn't even involve DFSG, and makes the tool not redistributable at all by the Debian Project. -- \ “Be careless in your dress if you must, but keep a tidy soul.” | `\ —Mark Twain, _Following the Equator_ | _o__) | Ben Finney
Re: Is the RAR archiver freely distributable?
Am Dienstag, den 08.11.2016, 21:18 +0300 schrieb Dmitry Alexandrov: > > | 3d. Hacks/cracks, keys or key generators may not be included, > > | pointed to or referred to by the distributor of the trial version > > > > We (Debian) cannot possibly agree to such a condition. It may well > be > > violated in Debian (even in main) already. > > I believe, that clause only implies ‘cracks’ or key generators for > RAR. Well, it might be the intention, but it is not the way it is written. Literally read it is not limiting to rar and because it also does not define the terms it uses: We have ssh-keygen ... a key generator. We have hacks or at least hacked-together stuff (dont look at my packages :)) And jack-the-ripper might count as cracking tool -- tobi
Re: Is the RAR archiver freely distributable?
>> >> > If so I will consider whether to write a cracker or key generator for >> >> > RAR and upload it to unstable! >> >> >> >> Do you really belive that *this* is acceptable? This kind of >> >> software (‘cracks’ at least) is illegal in many jurisdictions. >> > >> > Key recovery tools for weakly encrypted archive formats have been >> > common for decades. There are probably some in Debian already. >> >> Are ‘key recovery tools’ illegal somewhere? Tools for circumventing >> digital restristions measures definitely are. > > If you use them on files you legally own, they are legal. They will be > illegal for cracking content for which you should not have access. State of affairs in what jurisdiction are you describing? If you try to convince that Debian may safely ignore laws of the states where the situation is opposite, why does not it distribute, for instance, libdvdcss2 then?
Re: Is the RAR archiver freely distributable?
Dmitry Alexandrov dijo [Wed, Nov 09, 2016 at 12:19:19AM +0300]: > >> > If so I will consider whether to write a cracker or key generator for > >> > RAR and upload it to unstable! > >> > >> Do you really belive that *this* is acceptable? This kind of > >> software (‘cracks’ at least) is illegal in many jurisdictions. > > > > Key recovery tools for weakly encrypted archive formats have been > > common for decades. There are probably some in Debian already. > > Are ‘key recovery tools’ illegal somewhere? Tools for circumventing > digital restristions measures definitely are. If you use them on files you legally own, they are legal. They will be illegal for cracking content for which you should not have access. The tool cannot differentiate, it can only do its job.
Re: Is the RAR archiver freely distributable?
> On Tue, 08 Nov 2016, Dmitry Alexandrov wrote: > I suppose, providing the full text would be even better. Here is > the licence of RAR 5.3.b2-1 from Debian’s non-free repository: > Copyright (c) 1993-2006 Alexander Roshal > [...] Where did you take this from? It doesn't agree with the license.txt (which is the new version already) found in rar_5.3.b2.orig.tar.gz. Ulrich
Re: Is the RAR archiver freely distributable?
> On Tue, 8 Nov 2016, Ian Jackson wrote: > RAR is not part of Debian. It is in non-free. This means we do not > like its licence. Sure, there cannot be any doubt that this is non-free software. The question is if the license that comes with it grants free distribution. >http://www.win-rar.com/winrarlicense.html?=0 > That licence is IMO clearly unsuitable even for Debian non-free. > | 3a. The software's trial version may be freely distributed, with > | exceptions noted below, provided the distribution package is not > | modified in any way > But we have of course modified it. > | 3c. The unmodified installation file of WinRAR must be provided pure > | and unpaired. Any bundling is interdicted. In particular the use of > | any install or download software which is providing any kind of > | download bundles is prohibited unless granted by win.rar GmbH in > | written form > It is not clear to me whether our distribution approaches contravene > this. > | 3d. Hacks/cracks, keys or key generators may not be included, > | pointed to or referred to by the distributor of the trial version > We (Debian) cannot possibly agree to such a condition. It may well be > violated in Debian (even in main) already. I believe that clause 3b is problematic, too: | 3b. The software's unlicensed trial version may not be distributed | inside of any other software package without written permission. | The software must remain in the original unmodified installation | file Presumably, this condition wouldn't be fulfilled for a .deb file? | for download without any barrier and conditions to the user | such as collecting fees for the download or making the download | conditional on the user giving his contact data. No fees must be collected for the download. It is not clear if this would also apply when distributing the software on a physical medium. >> So what is your stance on the above license? Can the software still >> be freely distributed? > I think for Debian non-free we will probably want to stick with > 5.3.b2. The license.txt file in rar_5.3.b2.orig.tar.gz already is the new version of the license, though. Ulrich
Re: Is the RAR archiver freely distributable?
Dmitry Alexandrov writes ("Re: Is the RAR archiver freely distributable?"): > [Ian:] > > We (Debian) cannot possibly agree to such a condition. It may well be > > violated in Debian (even in main) already. > > I believe, that clause only implies ‘cracks’ or key generators for RAR. Is it really your position that this is acceptable ? If so I will consider whether to write a cracker or key generator for RAR and upload it to unstable ! Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Re: Is the RAR archiver freely distributable?
Hi all, Maintainer here, Will reply in full when at home - doing this by mobile at the moment. If you look at the debian source, there is a copy of the original email granting the redistribution rights in non-free, which solves one of the issues being discussed here, I believe. Will read through more fully and respond fully later. We do have explicit permission to distribute this in debian, and the Authors have been very amenable to this in the past, and have worked to resolve bugs specifically related to the packaging of the non free unrar sources. I'm sure they'll be open to discussion around this matter. On 8 Nov 2016 6:17 p.m., "Dmitry Alexandrov" <321...@gmail.com> wrote: > >> In a nutshell, the preamble of the new license seems to transform it > >> into a license agreement: > > Sorry, I have not got the point. What it was before if not a licence > agreement? > > > To save others finding the licence, here it is: > > > >http://www.win-rar.com/winrarlicense.html?=0 > > I suppose, providing the full text would be even better. Here is the > licence of RAR 5.3.b2-1 from Debian’s non-free repository: > > > Copyright (c) 1993-2006 Alexander Roshal > > This software is shareware. > > The RAR Archiver > EULA (End User License Agreement) for use and distribution > > > The RAR archiver is distributed as try before you buy. This means: > >1. All copyrights to RAR are exclusively owned by the author > - Alexander Roshal. > >2. Anyone may use this software during a test period of 40 days. > Following this test period of 40 days or less, if you wish to > continue to use RAR, you must purchase a license. > >3. There are 2 basic types of licenses issued for RAR, these are: > > a. A single computer usage license. The user purchases one license > to use RAR archiver on one computer. > > Home users may use their single computer usage license on > all computers which are in property of the license owner. > > Business users require one license per computer RAR is > installed on. > > b. A multiple usage license. The user purchases a number of usage > licenses for use, by the purchaser or the purchaser's employees > on the same number of computers. > > In a network (server/client) environment you must purchase > a license copy for each separate client (workstation) > on which RAR is installed, used, or accessed. A separate > license copy for each client (workstation) is needed regardless > of whether the clients (workstations) will use RAR simultaneously > or at different times. If for example you wish to have > 9 different clients (workstations) in your network with access > to RAR, you must purchase 9 license copies. > > A user who purchased a RAR license, is granted a non-exclusive > right to use RAR on as many computers as defined by the licensing > terms above according to the number of licenses purchased, > for any legal purpose. The licensed RAR software may not be rented > or leased, but may be permanently transferred, in it's entirety, > if the person receiving it agrees to the terms of this license. > If the software is an update, the transfer must include the update > and all previous versions. > >4. Licensing for RAR on mobile devices (U3 stick, USB stick, > external harddrive): > > In addition to the terms stated above following licensing terms > apply to the licensing of RAR on mobile devices. > > a. A single computer usage license. Home users may use their > single computer usage license on all mobile devices which are > in property of the license owner. > > Business users may use their single computer usage license > on one computer and one mobile device. > > b. A multiple usage license. Users who own a multiple usage > license may use that license on the same number of mobile > devices as number of computers (clients) the license was > purchased for. > > The number of computers/devices running RAR at any time is > limited to the number of licenses purchased according to the > licensing terms above. > > A licensed version of RAR on a mobile device may be used by > the purchaser or the purchaser's employees, on several computers > consecutively. > > There are no additional license fees, apart from the cost of > purchasing a license, associated with the use of RAR from > a mobile device on computers that are not owned by the owner > of the RAR license. > >5. The RAR/WinRAR unlicensed trial version may be freely distributed, > with exceptions noted below, provided the distribution package is not > modified in any way. > > a. No person or company
Re: Is the RAR archiver freely distributable?
>> In a nutshell, the preamble of the new license seems to transform it >> into a license agreement: Sorry, I have not got the point. What it was before if not a licence agreement? > To save others finding the licence, here it is: > >http://www.win-rar.com/winrarlicense.html?=0 I suppose, providing the full text would be even better. Here is the licence of RAR 5.3.b2-1 from Debian’s non-free repository: Copyright (c) 1993-2006 Alexander Roshal This software is shareware. The RAR Archiver EULA (End User License Agreement) for use and distribution The RAR archiver is distributed as try before you buy. This means: 1. All copyrights to RAR are exclusively owned by the author - Alexander Roshal. 2. Anyone may use this software during a test period of 40 days. Following this test period of 40 days or less, if you wish to continue to use RAR, you must purchase a license. 3. There are 2 basic types of licenses issued for RAR, these are: a. A single computer usage license. The user purchases one license to use RAR archiver on one computer. Home users may use their single computer usage license on all computers which are in property of the license owner. Business users require one license per computer RAR is installed on. b. A multiple usage license. The user purchases a number of usage licenses for use, by the purchaser or the purchaser's employees on the same number of computers. In a network (server/client) environment you must purchase a license copy for each separate client (workstation) on which RAR is installed, used, or accessed. A separate license copy for each client (workstation) is needed regardless of whether the clients (workstations) will use RAR simultaneously or at different times. If for example you wish to have 9 different clients (workstations) in your network with access to RAR, you must purchase 9 license copies. A user who purchased a RAR license, is granted a non-exclusive right to use RAR on as many computers as defined by the licensing terms above according to the number of licenses purchased, for any legal purpose. The licensed RAR software may not be rented or leased, but may be permanently transferred, in it's entirety, if the person receiving it agrees to the terms of this license. If the software is an update, the transfer must include the update and all previous versions. 4. Licensing for RAR on mobile devices (U3 stick, USB stick, external harddrive): In addition to the terms stated above following licensing terms apply to the licensing of RAR on mobile devices. a. A single computer usage license. Home users may use their single computer usage license on all mobile devices which are in property of the license owner. Business users may use their single computer usage license on one computer and one mobile device. b. A multiple usage license. Users who own a multiple usage license may use that license on the same number of mobile devices as number of computers (clients) the license was purchased for. The number of computers/devices running RAR at any time is limited to the number of licenses purchased according to the licensing terms above. A licensed version of RAR on a mobile device may be used by the purchaser or the purchaser's employees, on several computers consecutively. There are no additional license fees, apart from the cost of purchasing a license, associated with the use of RAR from a mobile device on computers that are not owned by the owner of the RAR license. 5. The RAR/WinRAR unlicensed trial version may be freely distributed, with exceptions noted below, provided the distribution package is not modified in any way. a. No person or company may distribute separate parts of the package with the exception of the UnRAR components, without written permission of the copyright owner. b. The RAR/WinRAR unlicensed trial version may not be distributed inside of any other software package without written permission of the copyright owner. c. Hacks/cracks, keys or key generators may not be included on the same distribution. 6. To buy a license please see order.htm for details. 7. THE RAR ARCHIVER IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE AT YOUR OWN RISK. NEITHER THE AUTHOR NOR THE AGENTS OF THE AUTHOR WILL BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING OR MISUSING THIS SOFTWARE. 8. There are no