Re: Is the RAR archiver freely distributable?

[Ben Finney]

Francesco Poli  writes:

> On Fri, 11 Nov 2016 10:07:09 +1100 Ben Finney wrote:
>
> [...]
> > I believe there are actively-enforced patents on DVD-CSS that
> > prohibit distribution of, for example, free software that opens
> > files encrypted with that scheme.
> [...]
>
> Is this the actual reason?

I don't claim it's *the* reason for anything :-) It is certainly one
factor in decisions about what packages should be in Debian.

Relevant for this discussion, it appears to be a factor distinguishing
‘libdvdcss2’ from RAR compression tools.

> I was under the impression that the issue was due to DMCA (in the USA),
> EUCD (in the EU) and similar insane laws in other jurisdictions...

That's another factor, yes.

-- 
 \  “Every man would like to be God, if it were possible; some few |
  `\  find it difficult to admit the impossibility.” —Bertrand |
_o__)Russell, _Power: A New Social Analysis_, 1938 |
Ben Finney

Re: Is the RAR archiver freely distributable?

[Francesco Poli]

On Fri, 11 Nov 2016 10:07:09 +1100 Ben Finney wrote:

[...]
> I believe there are
> actively-enforced patents on DVD-CSS that prohibit distribution of, for
> example, free software that opens files encrypted with that scheme.
[...]

Is this the actual reason?
I was under the impression that the issue was due to DMCA (in the USA),
EUCD (in the EU) and similar insane laws in other jurisdictions...


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpXjTLJguHtK.pgp
Description: PGP signature

Re: Is the RAR archiver freely distributable?

[Ben Finney]

Dmitry Alexandrov <321...@gmail.com> writes:

> May I ask again, what law (what jurisdiction) are you talking about.

I am being deliberately non-specific about jurisdiction, and limiting
the above assertions to those that describe law regardless of jurisdiction.

> I am not familiar with North American laws, but there *is* a law
> prohibiting distribution of DRM-circumvention tools, for instance, in
> the Ukraine […]

Yes, exactly: it is a *specific action* (distribution) that is
restricted, not the object.

Thank you for providing a specific example of law that does not make
*objects* illegal, but *actions* by persons.

Which is why I'm pointing out that it can only make sense to talk about
what *actions* the law restricts. The tool is not legal or illegal, it
is what a person may do that is restricted.

So, the questions to ask for a proposed work in Debian are all about
those restrictions on actions.

What actions by Debian recipients are restricted by the specific
conditions on the work, and do those restrictions constitute violation
of DFSG?

What actions by the Debian Project are restricted by specific laws? Do
those restrictions exclude redistribution of the work by the Debian
Project at all? Do those restrictions allow redistribution, but exclude
the work from Debian?

-- 
 \   “[On the Internet,] power and control will shift to those who |
  `\   are actually contributing something useful rather than just |
_o__)having lunch.” —Douglas Adams |
Ben Finney

Re: Is the RAR archiver freely distributable?

[Dmitry Alexandrov]

>> > Are ‘key recovery tools’ illegal somewhere? Tools for circumventing
>> > digital restristions measures definitely are.
>>
>> If you use them on files you legally own, they are legal. They will be
>> illegal for cracking content for which you should not have access.
>
> Another way of saying that is: The tool isn't legal or illegal. It is
> specific *actions* by persons that is restricted by law.
>
>> The tool cannot differentiate, it can only do its job.
>
> Likewise, AFAIK the law doesn't make a tool illegal, only specific
> actions.

May I ask again, what law (what jurisdiction) are you talking about.  I am not 
familiar with North American laws, but there *is* a law prohibiting 
distribution of DRM-circumvention tools, for instance, in the Ukraine:

,[ Law on copyright and related rights ]
| Section V.  Protection of copyrigh and related right
|
| Article 50.  Violation of copyright and related rights
|
| Violations of copyright and (or) related rights, that give grounds for
| seeking remedy in court, are:
|
| ...
|
| e) any actions to deliberately circumvent technical measures of
| copyright (or related rights) protection, in particular: making,
| distributing, importing with the purpose of distributing, and using
| tools for such circumvention;
|
| ...
`(translation mine, cf. original at [0])

[0] http://zakon4.rada.gov.ua/laws/show/3792-12/page3

> I believe there are
> actively-enforced patents on DVD-CSS that prohibit distribution of, for
> example, free software that opens files encrypted with that scheme. If
> the Debian Project distributes such a tool, it *is* violating an
> actively-enforced law.

As far as I know, libdvdcss2 is a bruteforcing tool.  There could be no patents 
on brute-force.

Re: Is the RAR archiver freely distributable?

[Ben Finney]

Gunnar Wolf  writes:

> Dmitry Alexandrov dijo [Wed, Nov 09, 2016 at 12:19:19AM +0300]:
> > Are ‘key recovery tools’ illegal somewhere? Tools for circumventing
> > digital restristions measures definitely are.
>
> If you use them on files you legally own, they are legal. They will be
> illegal for cracking content for which you should not have access.

Another way of saying that is: The tool isn't legal or illegal. It is
specific *actions* by persons that is restricted by law.

> The tool cannot differentiate, it can only do its job.

Likewise, AFAIK the law doesn't make a tool illegal, only specific
actions.

This is why it's of primary interest how the freedoms *of the recipient*
are affected, by the restrictions on a work proposed for Debian.

Also of interest are whether the Debian Project is legally permitted to
redistribute the work at all.


The question of “what is the recipient restricted from doing, and does
that restriction violate the DFSG?” involves whether executing the tool
is legal. The answer for the case under discussion is probably “if you
break the law, that action was illegal; if you use it otherwise,
probably not”.

That's what Gunnar's answer above is getting to. There isn't a question
about whether the tool “is legal”, only what actions are restricted. A
Debian recipient can get a tool that was distributed quite legally by
the Debian Project, and then choose to use it in a way that violates a
law. By itself, that doesn't mean the Debian Project has violated any
law; and it doesn't mean the restriction violates the DFSG.


There is a quite separate question of “what is the Debian Project
legally restricted from distributing?” I believe there are
actively-enforced patents on DVD-CSS that prohibit distribution of, for
example, free software that opens files encrypted with that scheme. If
the Debian Project distributes such a tool, it *is* violating an
actively-enforced law.

That is, clearly, a very different restriction that doesn't even involve
DFSG, and makes the tool not redistributable at all by the Debian
Project.

-- 
 \  “Be careless in your dress if you must, but keep a tidy soul.” |
  `\  —Mark Twain, _Following the Equator_ |
_o__)  |
Ben Finney

Re: Is the RAR archiver freely distributable?

[Tobias Frost]

Am Dienstag, den 08.11.2016, 21:18 +0300 schrieb Dmitry Alexandrov:
> > | 3d. Hacks/cracks, keys or key generators may not be included,
> > | pointed to or referred to by the distributor of the trial version
> >
> > We (Debian) cannot possibly agree to such a condition.  It may well
> be
> > violated in Debian (even in main) already.
> 
> I believe, that clause only implies ‘cracks’ or key generators for
> RAR.

Well, it might be the intention, but it is not the way it is written.
Literally read it is not limiting to rar and because it also does not
define the terms it uses:
We have ssh-keygen ... a key generator.
We have hacks or at least hacked-together stuff (dont look at my
packages :)) And jack-the-ripper might count as cracking tool



--
tobi

Re: Is the RAR archiver freely distributable?

[Dmitry Alexandrov]

>> >> > If so I will consider whether to write a cracker or key generator for
>> >> > RAR and upload it to unstable!
>> >>
>> >> Do you really belive that *this* is acceptable?  This kind of
>> >> software (‘cracks’ at least) is illegal in many jurisdictions.
>> >
>> > Key recovery tools for weakly encrypted archive formats have been
>> > common for decades.  There are probably some in Debian already.
>>
>> Are ‘key recovery tools’ illegal somewhere?  Tools for circumventing
>> digital restristions measures definitely are.
>
> If you use them on files you legally own, they are legal. They will be
> illegal for cracking content for which you should not have access.

State of affairs in what jurisdiction are you describing?  If you try to 
convince that Debian may safely ignore laws of the states where the situation 
is opposite, why does not it distribute, for instance, libdvdcss2 then?

Re: Is the RAR archiver freely distributable?

[Gunnar Wolf]

Dmitry Alexandrov dijo [Wed, Nov 09, 2016 at 12:19:19AM +0300]:
> >> > If so I will consider whether to write a cracker or key generator for
> >> > RAR and upload it to unstable!
> >>
> >> Do you really belive that *this* is acceptable?  This kind of
> >> software (‘cracks’ at least) is illegal in many jurisdictions.
> >
> > Key recovery tools for weakly encrypted archive formats have been
> > common for decades.  There are probably some in Debian already.
> 
> Are ‘key recovery tools’ illegal somewhere?  Tools for circumventing
> digital restristions measures definitely are.

If you use them on files you legally own, they are legal. They will be
illegal for cracking content for which you should not have access.

The tool cannot differentiate, it can only do its job.

Re: Is the RAR archiver freely distributable?

[Ulrich Mueller]

> On Tue, 08 Nov 2016, Dmitry Alexandrov wrote:

> I suppose, providing the full text would be even better.  Here is
> the licence of RAR 5.3.b2-1 from Debian’s non-free repository:

> Copyright (c) 1993-2006 Alexander Roshal 
> [...]

Where did you take this from? It doesn't agree with the license.txt
(which is the new version already) found in rar_5.3.b2.orig.tar.gz.

Ulrich

Re: Is the RAR archiver freely distributable?

[Ulrich Mueller]

> On Tue, 8 Nov 2016, Ian Jackson wrote:

> RAR is not part of Debian.  It is in non-free.  This means we do not
> like its licence.

Sure, there cannot be any doubt that this is non-free software.
The question is if the license that comes with it grants free
distribution.

>http://www.win-rar.com/winrarlicense.html?=0

> That licence is IMO clearly unsuitable even for Debian non-free.

> | 3a. The software's trial version may be freely distributed, with
> | exceptions noted below, provided the distribution package is not
> | modified in any way

> But we have of course modified it.

> | 3c. The unmodified installation file of WinRAR must be provided pure
> | and unpaired. Any bundling is interdicted. In particular the use of
> | any install or download software which is providing any kind of
> | download bundles is prohibited unless granted by win.rar GmbH in
> | written form

> It is not clear to me whether our distribution approaches contravene
> this.

> | 3d. Hacks/cracks, keys or key generators may not be included,
> | pointed to or referred to by the distributor of the trial version

> We (Debian) cannot possibly agree to such a condition.  It may well be
> violated in Debian (even in main) already.

I believe that clause 3b is problematic, too:

| 3b. The software's unlicensed trial version may not be distributed
| inside of any other software package without written permission.
| The software must remain in the original unmodified installation
| file

Presumably, this condition wouldn't be fulfilled for a .deb file?

|  for download without any barrier and conditions to the user
| such as collecting fees for the download or making the download
| conditional on the user giving his contact data.

No fees must be collected for the download. It is not clear if this
would also apply when distributing the software on a physical medium.

>> So what is your stance on the above license? Can the software still
>> be freely distributed?

> I think for Debian non-free we will probably want to stick with
> 5.3.b2.

The license.txt file in rar_5.3.b2.orig.tar.gz already is the new
version of the license, though.

Ulrich

Re: Is the RAR archiver freely distributable?

[Ian Jackson]

Dmitry Alexandrov writes ("Re: Is the RAR archiver freely distributable?"):
> [Ian:]
> > We (Debian) cannot possibly agree to such a condition.  It may well be
> > violated in Debian (even in main) already.
> 
> I believe, that clause only implies ‘cracks’ or key generators for RAR.

Is it really your position that this is acceptable ?

If so I will consider whether to write a cracker or key generator for
RAR and upload it to unstable !

Ian.

-- 
Ian Jackson <ijack...@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Re: Is the RAR archiver freely distributable?

[Martin Meredith]

Hi all,

Maintainer here,

Will reply in full when at home - doing this by mobile at the moment.

If you look at the debian source, there is a copy of the original email
granting the redistribution rights in non-free, which solves one of the
issues being discussed here, I believe.

Will read through more fully and respond fully later.

We do have explicit permission to distribute this in debian, and the
Authors have been very amenable to this in the past, and have worked to
resolve bugs specifically related to the packaging of the non free unrar
sources. I'm sure they'll be open to discussion around this matter.

On 8 Nov 2016 6:17 p.m., "Dmitry Alexandrov" <321...@gmail.com> wrote:

> >> In a nutshell, the preamble of the new license seems to transform it
> >> into a license agreement:
>
> Sorry, I have not got the point.  What it was before if not a licence
> agreement?
>
> > To save others finding the licence, here it is:
> >
> >http://www.win-rar.com/winrarlicense.html?=0
>
> I suppose, providing the full text would be even better.  Here is the
> licence of RAR 5.3.b2-1 from Debian’s non-free repository:
>
>
> Copyright (c) 1993-2006 Alexander Roshal
>
> This software is shareware.
>
>   The RAR Archiver
>   EULA (End User License Agreement) for use and distribution
>
>
>   The RAR archiver is distributed as try before you buy. This means:
>
>1. All copyrights to RAR are exclusively owned by the author
>   - Alexander Roshal.
>
>2. Anyone may use this software during a test period of 40 days.
>   Following this test period of 40 days or less, if you wish to
>   continue to use RAR, you must purchase a license.
>
>3. There are 2 basic types of licenses issued for RAR, these are:
>
>   a.  A single computer usage license. The user purchases one license
>   to use RAR archiver on one computer.
>
>   Home users may use their single computer usage license on
>   all computers which are in property of the license owner.
>
>   Business users require one license per computer RAR is
>   installed on.
>
>   b.  A multiple usage license. The user purchases a number of usage
>   licenses for use, by the purchaser or the purchaser's employees
>   on the same number of computers.
>
>   In a network (server/client) environment you must purchase
>   a license copy for each separate client (workstation)
>   on which RAR is installed, used, or accessed. A separate
>   license copy for each client (workstation) is needed regardless
>   of whether the clients (workstations) will use RAR simultaneously
>   or at different times. If for example you wish to have
>   9 different clients (workstations) in your network with access
>   to RAR, you must purchase 9 license copies.
>
>   A user who purchased a RAR license, is granted a non-exclusive
>   right to use RAR on as many computers as defined by the licensing
>   terms above according to the number of licenses purchased,
>   for any legal purpose. The licensed RAR software may not be rented
>   or leased, but may be permanently transferred, in it's entirety,
>   if the person receiving it agrees to the terms of this license.
>   If the software is an update, the transfer must include the update
>   and all previous versions.
>
>4. Licensing for RAR on mobile devices (U3 stick, USB stick,
>   external harddrive):
>
>   In addition to the terms stated above following licensing terms
>   apply to the licensing of RAR on mobile devices.
>
>   a.  A single computer usage license. Home users may use their
>   single computer usage license on all mobile devices which are
>   in property of the license owner.
>
>   Business users may use their single computer usage license
>   on one computer and one mobile device.
>
>   b.  A multiple usage license. Users who own a multiple usage
>   license may use that license on the same number of mobile
>   devices as number of computers (clients) the license was
>   purchased for.
>
>   The number of computers/devices running RAR at any time is
>   limited to the number of licenses purchased according to the
>   licensing terms above.
>
>   A licensed version of RAR on a mobile device may be used by
>   the purchaser or the purchaser's employees, on several computers
>   consecutively.
>
>   There are no additional license fees, apart from the cost of
>   purchasing a license, associated with the use of RAR from
>   a mobile device on computers that are not owned by the owner
>   of the RAR license.
>
>5. The RAR/WinRAR unlicensed trial version may be freely distributed,
>   with exceptions noted below, provided the distribution package is not
>   modified in any way.
>
>   a.  No person or company 

Re: Is the RAR archiver freely distributable?

[Dmitry Alexandrov]

>> In a nutshell, the preamble of the new license seems to transform it
>> into a license agreement:

Sorry, I have not got the point.  What it was before if not a licence agreement?

> To save others finding the licence, here it is:
>
>http://www.win-rar.com/winrarlicense.html?=0

I suppose, providing the full text would be even better.  Here is the licence 
of RAR 5.3.b2-1 from Debian’s non-free repository:

Copyright (c) 1993-2006 Alexander Roshal 

This software is shareware.

  The RAR Archiver
  EULA (End User License Agreement) for use and distribution


  The RAR archiver is distributed as try before you buy. This means:

   1. All copyrights to RAR are exclusively owned by the author
  - Alexander Roshal.

   2. Anyone may use this software during a test period of 40 days.
  Following this test period of 40 days or less, if you wish to
  continue to use RAR, you must purchase a license.

   3. There are 2 basic types of licenses issued for RAR, these are:
 
  a.  A single computer usage license. The user purchases one license
  to use RAR archiver on one computer.

  Home users may use their single computer usage license on
  all computers which are in property of the license owner.

  Business users require one license per computer RAR is
  installed on.

  b.  A multiple usage license. The user purchases a number of usage
  licenses for use, by the purchaser or the purchaser's employees
  on the same number of computers.

  In a network (server/client) environment you must purchase
  a license copy for each separate client (workstation)
  on which RAR is installed, used, or accessed. A separate
  license copy for each client (workstation) is needed regardless
  of whether the clients (workstations) will use RAR simultaneously
  or at different times. If for example you wish to have
  9 different clients (workstations) in your network with access
  to RAR, you must purchase 9 license copies.

  A user who purchased a RAR license, is granted a non-exclusive
  right to use RAR on as many computers as defined by the licensing
  terms above according to the number of licenses purchased,
  for any legal purpose. The licensed RAR software may not be rented
  or leased, but may be permanently transferred, in it's entirety,
  if the person receiving it agrees to the terms of this license.
  If the software is an update, the transfer must include the update
  and all previous versions.  

   4. Licensing for RAR on mobile devices (U3 stick, USB stick,
  external harddrive):

  In addition to the terms stated above following licensing terms
  apply to the licensing of RAR on mobile devices.

  a.  A single computer usage license. Home users may use their
  single computer usage license on all mobile devices which are
  in property of the license owner.

  Business users may use their single computer usage license
  on one computer and one mobile device.

  b.  A multiple usage license. Users who own a multiple usage
  license may use that license on the same number of mobile
  devices as number of computers (clients) the license was
  purchased for.

  The number of computers/devices running RAR at any time is
  limited to the number of licenses purchased according to the
  licensing terms above.

  A licensed version of RAR on a mobile device may be used by
  the purchaser or the purchaser's employees, on several computers
  consecutively.

  There are no additional license fees, apart from the cost of
  purchasing a license, associated with the use of RAR from
  a mobile device on computers that are not owned by the owner
  of the RAR license.

   5. The RAR/WinRAR unlicensed trial version may be freely distributed,
  with exceptions noted below, provided the distribution package is not
  modified in any way.
  
  a.  No person or company may distribute separate parts of the package
  with the exception of the UnRAR components, without written
  permission of the copyright owner.
  
  b.  The RAR/WinRAR unlicensed trial version may not be distributed
  inside of any other software package without written permission
  of the copyright owner.

  c.  Hacks/cracks, keys or key generators may not be included on the
  same distribution.

   6. To buy a license please see order.htm for details.

   7. THE RAR ARCHIVER IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY
  KIND IS EXPRESSED OR IMPLIED. YOU USE AT YOUR OWN RISK.
  NEITHER THE AUTHOR NOR THE AGENTS OF THE AUTHOR WILL BE LIABLE 
  FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS
  WHILE USING OR MISUSING THIS SOFTWARE.

   8. There are no