Hello again, >In short, considering debian-legal's input, should I mention the NCSA >copyright notice in debian/copyright for Files: htpasswd.c, adding a >separate License: NCSA field to clarify the provenance of said source >?
After a bit more research into how other projects treat NCSA bits I'd propose something along the lines of: debian/copyright: Files: htpasswd.c Copyright: 1993-1994 Rob McCool <r...@stanford.edu> Copyright: 1997 Jef Poskanzer <j...@mail.acme.com> ? License: NCSA License: NCSA This code is in the public domain. Specifically, we give to the public domain all rights for future licensing of the source code, all resale rights, and all publishing rights. We ask, but do not require, that the following message be included in all derived works: Portions developed at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED, FOR THE SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT LIMITATION, WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. Also, looking into your concerns about public domain in other countries (specifically referring to NCSA's :"This code is in the public domain"): Excerpt from https://wiki.debian.org/DFSGLicenses#Public_Domain : Q: Since Debian is usually quite careful when it comes to legal issues, I'm wondering what the official view point is here? A: The official viewpoint is that the software must meet the requirements of the DFSG. Generally, a CC0-style PD dedication is viewed as sufficient for all jurisdictions, and can satisfy the DFSG if source is available. Q: Jurisdictions for Public Domain? A: We are unaware of a case where a jurisdiction has upheld a copyright claim to a work which has been dedicated to the public domain everywhere. This is a potential theoretical source of problems, but there's enough actual problems with copyright and licensing for us to concentrate our limited time on them instead. Q: Should there be a lintian error if the "license" is Public Domain and a copyright holder is specified? A: No. Q: Should Public Domain perhaps be prohibited in general? A: Definitely not. Best, Alexandru Mihail On Thu, 2023-07-06 at 23:54 +0300, Alexandru Mihail wrote: > Hello Nicholas, > > That's ok, you don't need to find the original version. Remember > > that > > it's a fork and child relationship, > > Yes, I'm terribly sorry, I'm familiar with the fork-child > relationship > but I still found your analogy very helpful and concise, I might > present it to my interns (if that's O.K), thanks a lot for the > reminder. I was extremely tired when I wrote the last e-mail. > > In short, considering debian-legal's input, should I mention the NCSA > copyright notice in debian/copyright for Files: htpasswd.c, adding a > separate License: NCSA field to clarify the provenance of said source > ? > > > I will fix the /patches issues we discussed in a later commit and > would also like to propose a mechanism for integrating PAM (Pluggable > Authentication Modules) into mini-httpd. I am currently in the > negotiation phase with my employer to grant an exception for this > particular patch in order for it to be upstreamed into debian/patches > (since, remember, we're the de-facto upstream here) and for my code > to > become GPL licensed). PAM support (which would be toggled via a > Makefile parameter) could provide tangible improvements for the > users > of mini-httpd and might even increase the server's popularity. The > AUTH > mechanism in mini-httpd is arguably heavily antiquated and prone to > DDos attacks, MitM, scalability issues, etc. PAM would also enable > AAA > solutions to interoperate with mini-httpd almost seamlessly (such as > Radius, TACACS+) which is becoming increasingly relevant in today's > SSO/IoT central trust-based use cases. > > > P.S. Please acknowledge: Have you read the DFSG yet, and do you > > understand why it's important? > Yes I have and yes I do, it is one of the main reasons I decided to > start contributing to DebianWiki (and now mini-httpd) to begin with. > :) > > > I confirm receipt of your mail, and I see an attached signature. > > Where > > can I download your public key? > > I'd like to ask you the same question, since I'd like to add your > address to my keyring. I've read a bit of documentation which > suggests > using Ubuntu's HKP which seems a bit off-axis. I understand that the > Debian Public Key Server is for DDs and DMs only (I am not yet a DM). > I could perhaps use my DebianWiki personal page to link to my public > key, but I do not know if that solution would be accepted or would > sound absurd. I should find a better solution after some research. > > Stay safe and thanks for your time, > Alexandru Mihail > > > On Wed, 2023-07-05 at 21:01 -0400, Nicholas D Steeves wrote: > > Hi Alexandru, > > > > Alexandru Mihail <alexandru.mihail2...@gmail.com> writes: > > > > > After yet some more software archaeology, I've uncovered some > > > more > > > rusty HTML 1.0 documents which are of interest to our dilemma. > > > Apparently, NCSA HTTPd Acknowledgements as of 7-14-95 state: > > > "Thanks to: > > > Robert McCool > > > For developing NCSA HTTPd till version 1.3 and this > > > documentation." > > > > > > https://web.archive.org/web/20090416132804/http://hoohoo.ncsa.uiuc.edu/docs/acknowledgement.html > > > > > > This is the time Robert left the project and the date (and > > > license > > > release - 1.3) probably aligns best with the code we have in > > > mini- > > > httpd. After extensive googling, it seems to me that the original > > > mini- > > > httpd-1.0.0.tar.gz source is lost to time, or at least is buried > > > beyond > > > my reach. > > > > That's ok, you don't need to find the original version. Remember > > that > > it's a fork and child relationship, so anyone, today, can fork > > httpd > > (1.1-1.3, 1.4-1.14, 1.15, etc.) under the license terms specific to > > a > > particular release. So, for a hypothetical case where the file[s] > > in > > question are identical for the following versions ..: > > > > 1.1-1.3: "Do what you want but only on continental landmasses" > > license > > || \\ > > || \=Possible fork point. If discriminating against > > islanders > > || is important, then fork from this point. > > \/ > > 1.4-1.14: "Non-commercial use only, except for fishermen" license > > || \\ > > || \=Possible fork point. If privileging fishermen and > > || discriminate against everyone else is important, then > > fork > > || from this point. > > \/ > > 1.15: GPL3+ > > \\ > > \=Possible fork point. Only discriminates against those who > > wish to keep their source private while also distributing > > their > > fork. Fork from this point if that's important. > > > > ...then if httpd 1.15 is older then mini-httpd 1.30, you must > > choose > > 1.15. Meanwhile, Robert McCool's copyright still exists in 1.15 > > even > > if > > he hasn't made a contribution since 1.3. > > > > P.S. Please acknowledge: Have you read the DFSG yet, and do you > > understand why it's important? > > https://wiki.debian.org/DebianFreeSoftwareGuidelines > > > > > I transitioned all debian mail-related services to Google, and am > > > using > > > a good MUA now (PGP signing properly). (BTW, does everything look > > > all > > > right on your end?) > > > > I confirm receipt of your mail, and I see an attached signature. > > Where > > can I download your public key? > > > > > I've committed to salsa and uploaded to mentors a new .changes > > > which > > > reflects the change in Maintainer's E-Mail. Naturally, I changed > > > the > > > key and updated the changelog. > > > > Thanks! > > > > > Thanks and have a great day/night ! > > > > You too! :) > > > > > > Regards, > > Nicholas >
signature.asc
Description: This is a digitally signed message part
