Re: anti-tarball clause and GPL

[Russ Allbery]

Ian Jackson  writes:

> There are existing packages for which I consider the PFM to include
> the git history.  I'm not pressing this point from a legal point of
> view because, well, that just generates lots of heat and no light.

> I think that we should address this potential problem by arranging to
> give to the history to our users and downstreams.  There are lots of
> other really good reasons to do this.

Since I was arguing in another branch of the thread that I didn't think
trying to use the GPL clause to force this made sense, I want to say here
that I completely agree with this: we should make the VCS history readily
available.  There are tons of good reasons to do so, one of which is that
it empowers our users to understand and change the software that we
distribute.

I don't think it's productive to try to force the matter legally, but I
think it's a good place to exert effort technically.

I'm dubious that the Debian archive is the best place from which to
distribute full VCS histories for boring technical reasons, but I'm
already convinced that we should be building on the dgit machinery as the
future of how packages will be maintained and uploaded, which also
provides an obvious place from which to make that history available.

> This boat already sailed a long time ago.  Via alioth and now salsa, and
> via the dgit git server, we are in many cases distributing that complete
> history already.

I think it does make a (minor) difference that we're not encouraging third
parties to trust us that it is legally fine to put that material on CDs,
sell them, etc.  The practical risk bar is lower when the material is only
on services that we fully control and therefore for which we can easily
respond to cease-and-desist letters with merit, etc., and other people
aren't trusting our license statements about that material.

-- 
Russ Allbery (r...@debian.org)   

Re: anti-tarball clause and GPL

[Ian Jackson]

Simon McVittie writes ("Re: anti-tarball clause and GPL"):
> Are you asking this hypothetically, or is there a piece of software that
> someone intends to apply this to?

There are existing packages for which I consider the PFM to include
the git history.  I'm not pressing this point from a legal point of
view because, well, that just generates lots of heat and no light.

I think that we should address this potential problem by arranging to
give to the history to our users and downstreams.  There are lots of
other really good reasons to do this.

(ISTM that whether the PFM needs the upstream vcs history or not is a
question of fact which depends strongly on the context, how the thing
is developed, etc.  I don't think a GPL rider like the one quoted
earlier is definitive either way - it's a statement of the author's
opinion and perhaps implies something about their practices.)

> Redistributing the entire history of a third-party project is practically
> problematic because it is no longer enough to check that there is nothing
> you don't want to distribute (e.g. non-free software) in the HEAD commit:

This boat already sailed a long time ago.  Via alioth and now salsa,
and via the dgit git server, we are in many cases distributing that
complete history already.

> For established projects, the complete history is also inconveniently
> large: my git clone of glib2.0 has a 57M .git, which compares poorly
> with a 4.5M source tarball (and glib2.0 isn't even particularly big or
> old by the standards of projects like glibc and the Linux kernel).

Right.  Bundling up git histories in tarballs is not a really sensible
way to carry on (unless trying to make a source CD for offline use or
something).  Better to just have a git server, since then you only
need to keep one copy of the history, and in many cases clients can
only transfer updates.

> We have to draw a line somewhere. You could equally well say the software's
> bug tracking system and mailing lists, which also store human-readable
> comments, are part of the preferred form for modification - but those
> don't normally have any copyright license granted (I certainly didn't
> put this email under a copyright license!) so they are non-free.

So that interpretation of the PFM is not compatible with upstream's
practices.

Ian.

-- 
Ian JacksonThese opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.