Bug#665334: [Pkg-fonts-devel] Bug#665334: non-DFSG & Type 1 Postscript embedded fonts
On 2017-01-29 10:08, Andy Simpkins wrote: On 29/01/17 13:18, Paul Wise wrote: On Sun, Jan 29, 2017 at 7:35 PM, Andy Simpkins wrote: It is our belief that this is sufficient; that the package FontForge, and type 1 fonts generated by this package are now DFSG compliant because Apache 2.0 is GPL2+ compatible. The FSF believes that Apache 2.0 is only compatible with GPLv3+ not GPLv2. Perhaps unsurprisingly, I agree with the FSF. But it is also technically correct to say that it's compatible with GPLv2+, because you can take GPLv2+ works under GPLv3. https://www.gnu.org/licenses/license-list.html#apache2 https://www.apache.org/licenses/GPL-compatibility.html There have been fascinating discussions about this somewhat recently, as LLVM had an exception drafted to Apache 2.0 by Heather Meeker to deal with the incompatibility. Well Paul you are entirely correct. Would you believe that pretty much everyone here missed that one - despite the fact that nearly every person did proof this :-) OK so what does that mean? GPL2 stuff could be problematic but ultimately the suggested action(s) would still appear valid... Karen your thoughts on this would be greatly appreciated I'd be happy to discuss more in a nonpublic venue and get more information about the situation. Unfortunately, I'm headed out to Campus Party Brasil today, and headed straight to Brussels for FOSDEM from there, and won't free up until after February 7. karen
Bug#665334: [Pkg-fonts-devel] Bug#665334: non-DFSG & Type 1 Postscript embedded fonts
On 29/01/17 13:18, Paul Wise wrote: > On Sun, Jan 29, 2017 at 7:35 PM, Andy Simpkins wrote: > >> It is our belief that this is sufficient; that the package FontForge, >> and type 1 fonts generated by this package are now DFSG compliant >> because Apache 2.0 is GPL2+ compatible. > The FSF believes that Apache 2.0 is only compatible with GPLv3+ not GPLv2. > > https://www.gnu.org/licenses/license-list.html#apache2 > https://www.apache.org/licenses/GPL-compatibility.html > Well Paul you are entirely correct. Would you believe that pretty much everyone here missed that one - despite the fact that nearly every person did proof this :-) OK so what does that mean? GPL2 stuff could be problematic but ultimately the suggested action(s) would still appear valid... Karen your thoughts on this would be greatly appreciated /Andy signature.asc Description: OpenPGP digital signature
Bug#694320: [Pkg-fonts-devel] Bug#665334: non-DFSG & Type 1 Postscript embedded fonts
On Sun, Jan 29, 2017 at 7:35 PM, Andy Simpkins wrote: > It is our belief that this is sufficient; that the package FontForge, > and type 1 fonts generated by this package are now DFSG compliant > because Apache 2.0 is GPL2+ compatible. The FSF believes that Apache 2.0 is only compatible with GPLv3+ not GPLv2. https://www.gnu.org/licenses/license-list.html#apache2 https://www.apache.org/licenses/GPL-compatibility.html -- bye, pabs https://wiki.debian.org/PaulWise
Bug#665334: non-DFSG & Type 1 Postscript embedded fonts
Hi Karen, At the Cambridge BSP (Jan 27/28 2017) we have been looking at the following bugs pertaining to non-DFSG compliance with fonts embedded with non-free code: * http://bugs.debian.org/665334 opened 23 Mar 2012, last update 01 Aug 2016 modulo spam * http://bugs.debian.org/694320 opened 25 Nov 2012, last update 30 Aug 2014 blocked by #665334 * http://bugs.debian.org/694323 opened 25 Nov 2012, last update 30 Aug 2014 blocked by #665334 Synopsis: Type 1 fonts that are made using the package FontForge include font hinting code which is marked "copyright Adobe all rights reserved". This issue logically extends to every package that contains fonts that have been made using FontForge. Current State Reading #665334 it appears that FontForge historically contained fragments of code with Adobe asserted rights. We believe that this is now resolved with "autohint code is now all open source". The github repo is top licensed Apache 2.0 [1] It is our belief that this is sufficient; that the package FontForge, and type 1 fonts generated by this package are now DFSG compliant because Apache 2.0 is GPL2+ compatible. * Is our understanding of the above correct? i.e. Does the github repository top-licensing (to Apache) of the Adobe 'hinting' properly apply? * Are the font hinting fragments, that are Adobe copyright, embedded into fonts produced in FontForge, the same code as in the above repository (we *think* that this is the case)? * Thus, are these fonts (generated by the above) now covered by Apache 2.0? * And, consequently: are the fonts in the Debian archive, produced by FontForge, now to be considered under Apache 2.0; and is this sufficient to cover the embedded fragments under Apache 2.0? Assuming the above is all correct then, in order to resolve this issue, we believe that all packages that contain fonts that are generated using FontForge should contain an appropriate licence text for the font. A Mass bug filing could then be made against these packages requesting the appropriate update to the licence file. However we see this a potential minefield, and therefore seek clarification and advice before we continue. /Andy PP Debian BSP Cambridge Jan 2017 [2] [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665334#168 [2] https://wiki.debian.org/BSP/2017/01/gb/Cambridge signature.asc Description: OpenPGP digital signature
