Hi Jurgen,
Thank you for pointing out this interesting tool. There's a lot of "noise"
though in the results, a match between rdesktop and FreeRDP does not mean
copyright infringement, since we had the agreement of the original authors,
except for Cendio AB. Do you know of any way to filter out stuff that can be
marked as "ok", such that we can clearly identify what would be a real
copyright infringement?
Also, you said that you did a comparison using yesterday's public rdesktop
and FreeRDP source repositories. However, I see a lot of older FreeRDP files
appear in the results, even if they've been removed a while ago from the
public source repository. For instance, it is still using the older
directory structure, such as "libfreerdp" instead of the current
"libfreerdp-core". freerdp/channels/rdpdr/smartcard/scard.c came up as a
result, while this file was removed months ago.
Are you sure you used *yesterday's* version of the files? If you did, how
could older files such as the ones I could find came up in the results?
Maybe the tool finds stuff from the git history, that could be a possibility
as well. Also, you can find a version of rdesktop which is considered to be
the forking point here, bundled with the Black Duck IP assessment:
http://www.freerdp.com/downloads/freerdp_blackduck.zip
Again, thank you for your efforts, this tool might prove to be useful.
Best regards,
- Marc-Andre
On Mon, Jun 27, 2011 at 3:03 PM, Jürgen Lüters <
jluet...@intranet-engineering.de> wrote:
> Hi,
> i have done a source tree investigation, based on yesterdays public
> rdesktop and freerdp source repositories.
>
> The detailed result is provided in the attached log.
>
> Summary:
>
> The freerdp source tree contains source code which has been part of the
> redesktop project.
> That is not a problem as long as the copyright holder has agreed to the
> proposed license change towards apache2.0.
>
> Freerdp has incorporated source code copyright by various cendio
> employees (xwin.c, scard.c,rdesktop.c), which as i understand have
> refused to relicense their source code.
>
> That leeds to the conclusion that, as of yesterday, freerdp is a derived
> work, based on rdestop and limited by the terms oand conditions of lglp
> version 3.
>
> Some remarks to understand the log.
> The source tree comparison has been done with Eric Raymonds
> "comparator".
> In order to present a complete view headers and source files have been
> compared.
> The headers do not constitue a problem, as header information like type
> defs and structure definitions are not protected by copyright law.
>
> The log is documenting all souce parts with at least 5 rows identy. Not
> all of the log entries are documenting license violations. All files
> where the authors have agreed to the license change are ok.
>
> All files under cendio copyright can not be distributed under Apache2
> license and shall be rewritten with a different implementation.
>
> I can assist the license transition under pro bono conditions, as i am a
> rdesktop and freerdp user myself and can give back in this way.
>
>
>
>
>
> --
> Jürgen Lüters
> Von der Handelskammer Bremen öffentlich bestellter und vereidigter
> Sachverständiger fuer Systeme und Anwendungen der Informationsverarbeitung
> web:http://sv.lueters.de
> Buero Hamburg Habichtstr. 41, 22305 Hamburg
> fon: +49-40-6113-5190 fax:+49-40-6113-5191
> Buero Bremen Fahrenheitstr. 1, 28359 Bremen
> fon: +49-421-2208-171 fax:+49-421-2208-150
>
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Freerdp-devel mailing list
> Freerdp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freerdp-devel
>
>
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
