---------- Forwarded message ----------
Date: Mon, 20 Jun 2011 14:20:45 +0200 (CEST)
From: Peter Åstrand <astr...@cendio.se>
To: Marc-André Moreau <marcandre.mor...@gmail.com>
Cc: rdesktop-de...@lists.sourceforge.net,
Subject: Re: Black Duck IP Assessment of FreeRDP
Hi, I'm back from my vacation now. Thanks for funding this analysis and
reporting about it. We recognize that Black Duck is a trusted company, and the
report itself is impressive, although limited in scope.
When it comes to the core problem of the license migration, we do not believe
that it changes anything. The report states that there are 139 files from the
rdesktop project in "conflict" (page 7):
"These components consist of files and/or snippets of code. The components use
the GPL 2.0 license, which conflicts with typical proprietary commercial
licenses."
But we already knew that many files were from rdesktop. You mention on the Wiki
that:
"Please note that source snapshots included with the report do not correspond
to the latest development version of FreeRDP in which certain issues have been
addressed already."
Without a new report from Black Duck, there's nothing but your own word that
says that you have addressed all of the problems.
There's an even bigger problem, however: As we have mentioned earlier, we
believe that rewriting code based on the old code means that the new code is a
derived work, thus it's still covered by the copyright of the old code. This is
a common opinion. Two quotes from:
http://programmers.stackexchange.com/questions/81705/rewriting-gpl-code-to-change-license,
for example:
* "I'm not a lawyer, but AFAIK if you have seen the GPLed library code any
emulation library you write would be tainted and may be declared a derived work
by a judge if it is too similar in his appreciation. ... So the process would
be to write a functional spec and have someone which hasn't seen the GPLed code
write the library."
* "My understanding is that if you start with a work and modify it, no matter
how extensive the modifications, the final result is a derived work of the
original. You will need to write the library from scratch."
Since we can assume that all of the existing FreeRDP developers have looked at
the code, you would need to find new programmers which have not looked at
neither the rdesktop nor the FreeRDP code, and then let them implement the
"conflicting" code parts from scratch, based on some kind of specification. See
http://en.wikipedia.org/wiki/Clean_room_design . In practice, this is a very
tedious process.
Regards,
Peter Åstrand
On Mon, 30 May 2011, Marc-André Moreau wrote:
Hello rdesktop developers,
This is to inform you that we have paid for a Black Duck IP assessment of the
FreeRDP code base, from which we have
received the reports. I have updated our wiki page the provides information
on the license change
accordingly: http://www.freerdp.com/wiki/doku.php?id=license_change
The Black Duck report, along with the source snapshots used in the
assessment, can be obtained
here: http://www.freerdp.com/downloads/freerdp_blackduck.zip
For those who do not know about Black Duck, they are a company specialized in
intellectual property
issues: http://www.blackducksoftware.com/
Their expertise in the domain is trusted by a number of large
companies: http://www.blackducksoftware.com/about/customers
The report did brought the attention towards certain problems, such as code
snippets in ssl.c that we simply got
rid of (SHA-1 and MD5 code snippets were GPLv2).
We are therefore now in our "final sprint" of review for ensuring that our
code base is clean enough for
considering a FreeRDP 0.9 release under the Apache license.
I invite the rdesktop developers to report issues that would not have caught
our attention yet, so that we address
them. One this final review sprint is done, we will have reached a sufficient
level of confidence that the code
base is clean to proceed with the release of FreeRDP 0.9 under the Apache
license.
In sign of good faith, please note that we recently added RemoteFX support in
FreeRDP this week. Since it's a
separate library (librfx) released under the Apache license, it could be
integrated in rdesktop, if someone wants
to do it.
Best regards,
- Marc-Andre
---
Peter Åstrand ThinLinc Chief Developer
Cendio AB http://www.cendio.com
Wallenbergs gata 4
583 30 Linköping Phone: +46-13-21 46 00
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
