Re: Source package contains non-free IETF RFC/I-D's
Simon Josefsson wrote: Some raised a concern with false positives in my reports -- and also tagged all the bugs with etch-ignore. I went through all bug reports manually yesterday (see earlier mail), but I also realized that it would be possible to do this automatically, to provide further assurance that the bugs indicate real and confirmed problems. Note that it was not the only reason to tag them etch-ignore... I've updated my script to do this, view it last on the page: http://wiki.debian.org/NonFreeIETFDocuments The script will run md5sum on the RFC/I-D in source packages, and compare them against a known-real repository (rsync'ed against ftp.rfc-editor.org). The output of the script is very long, so I won't include it here. An URL to it is: http://josefsson.org/bcp78broken/debian-ietf-documents-diff.txt To parse the output yourself, look for lines beginning with 'pkg'. Those denote the start of a new package with potential problems. After that there will be lines such as 'tar xfz...' and two MD5 sums. If the MD5 sums match, it will print MATCH. If the MD5 sums mismatch, it will print MISMATCH. If it can't find a known-good file to compare with, it prints FETCH-FAIL. Some statistics: 74 packages 401 MATCH, i.e., the RFC in the source package is an authentic RFC 79 MISMATCH, i.e., the RFC differ from the authentic RFC 6 FETCH-FAIL Note that not all authentic RFC documents have the same license, some of them are probably even DFSG compliant... So there can be more than 79 false positives... Cheers Luk -- Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D Fingerprint: D5AF 25FB 316B 53BB 08E7 F999 E544 DE07 9B7C 328D signature.asc Description: OpenPGP digital signature
Re: Source package contains non-free IETF RFC/I-D's
On 17 okt 2006, at 18.47, Luk Claes wrote: Some statistics: 74 packages 401 MATCH, i.e., the RFC in the source package is an authentic RFC 79 MISMATCH, i.e., the RFC differ from the authentic RFC 6 FETCH-FAIL Note that not all authentic RFC documents have the same license, some of them are probably even DFSG compliant... Can you name one such license that is DFSG-free? RFC's published before 1989 may be in the public domain, since they don't contain a copyright notice, but the RFC editor claim that the new copying conditions apply retroactively. RFC's published after 1989 are protected by copyrights, but as far as I know, none of the RFC licenses are free. The RFC 2026 and the RFC 3978 licenses has been discussed before. That leaves, I believe, only the license specified by RFC 1602, which reads: Copyright (c) ISOC (year date). Permission is granted to reproduce, distribute, transmit and otherwise communicate to the public any material subject to copyright by ISOC, provided that credit is given to the source. For information concerning required That appears to be non-free. I note that RFC 1602 do seem to give the ISOC the right to release those RFCs under a liberal license: l. Contributor agrees to grant, and does grant to ISOC, a perpetual, non-exclusive, royalty-free, world-wide right and license under any copyrights in the contribution to reproduce, distribute, perform or display publicly and prepare derivative works that are based on or incorporate all or part of the contribution, and to reproduce, distribute and perform or display publicly any such derivative works, in any form and in all languages, and to authorize others to do so. Perhaps talking to ISOC about this would help. So there can be more than 79 false positives... I don't yet see any way for that to hold. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Source package contains non-free IETF RFC/I-D's
On Tue, Oct 17, 2006 at 11:46:11PM +0200, Simon Josefsson wrote: Some statistics: 74 packages 401 MATCH, i.e., the RFC in the source package is an authentic RFC 79 MISMATCH, i.e., the RFC differ from the authentic RFC 6 FETCH-FAIL Note that not all authentic RFC documents have the same license, some of them are probably even DFSG compliant... Can you name one such license that is DFSG-free? RFC's published before 1989 may be in the public domain, since they don't contain a copyright notice, but the RFC editor claim that the new copying conditions apply retroactively. I don't see any reason we should honor retroactive claims of copyright. If the RFCs were genuinely placed in the public domain, then this can't be revoked; true public domain means that there is no longer a copyright which applies to the work, and therefore no license is needed. If the RFCs were /not/ placed in the public domain, the question then is, who holds the copyright on them? Only if the IETF is the copyright holder should we need to honor their attempts to relicense. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]