Re: Copyright concerns regarding Seafile

[Andres Salomon]

So, just to make things even less clear (because I'm interested in
seafile-server getting into debian)..

While Libzdb is currently licensed under GPLv3, it used to have a 
exception

file allowing linking with GPLv2 code:


The db-wrapper code in seafile very clearly originated from libzdb, as 
you've
pointed out. It's really not okay that they did that while stripping 
out your

copyright and license.

However, the code that originated from libzdb seems to have come from 
the

older version with the EXCEPTIONS file. I'm wondering if the way forward
here would be to ask the seafile folks to add your copyright info (as 
well

as theirs), and the GPLv3 license to the db-wrapper code, and to also
include the GPLv2 exception file as well? Would that satisfy legal
constraints as far as shipping the GPLv3 code inside of a GPLv2
project in Debian?

Re: qlogic firmware license

[Andres Salomon]

On Sat, 09 Jul 2005 01:11:46 +0200, Francesco Poli wrote:

 On Fri, 08 Jul 2005 12:01:14 -0400 Andres Salomon wrote:
 
 On Fri, 08 Jul 2005 01:59:25 +0200, Francesco Poli wrote:
[...]
 
 The reason for the dual licensing is because they have OEMs that would
 need to re-qualify (that may be the incorrect wording, I forget what
 they said, and it was a phone conversation so it's not in an inbox
 anywhere) the driver if the license changes.  That's a pain for
 everyone involved, and would take several months.  So, by
 dual-licensing, the OEMs can continue using the driver and firmware
 under the GPL (invalid or not),
 
 and thus violating QLogic copyright?
 

Yep.  They have the legal team to defend themselves from lawsuits; we do
not.  Therefore, we will take the safe route.


 while we (Debian) can choose to use it
 under a BSD-alike license.
 
 Well, with a BSDish license, we have permission to distribute, yes, so
 we can put this package in non-free.
 We cannot go beyond that, though: main and contrib are off-limits for a
 sourceless package.
 
 But that is surely clear to you...


Yep, they have no intention of making the source available; that was my
first suggestion. :)





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: qlogic firmware license

[Andres Salomon]

On Fri, 08 Jul 2005 01:59:25 +0200, Francesco Poli wrote:

 On Thu, 07 Jul 2005 15:13:47 -0400 Andres Salomon wrote:
 
 Hi,
 
 QLogic just emailed me the wording of their new license for qla2xxx
 firmware.
 
 Good, thanks for dealing with this issue!  :)
 
 Please let me know if anyone sees problems with this.
 
 
 Copyright (C)  2003 –2005 QLogic Corporation [QLA2x00]
 
 This program includes a device driver for Linux 2.6.x that is
 distributed with QLogic hardware specific firmware binary file.  You
 may modify and redistribute the device driver code under the GNU
 Public License as published by the Free Software Foundation (version 2
 or a later version) and/or under the following terms, as applicable:
 [conditions picked from a 3-clause BSD license follow, but with a
 modified disclaimer]
 
 First of all, it's the GNU General Public License, otherwise they're
 referring to a non-existent license...  ;-)
 

Yea, someone else caught that as well; I emailed them about it.


 Then a question: this looks like dual licensing the work under
 GPLv2 / 3-clause-BSD.
 Why not just a 3-clause BSD license?
 It's simple, DFGS-free and GPL-compatible. Adding an optional GPL seems
 to be a no-op...
 

It still won't be DFSG-free, since the source code is not available.  I
suspect they went with a modified 3-clause BSD because their lawyers
wanted additional protection.

The reason for the dual licensing is because they have OEMs that would
need to re-qualify (that may be the incorrect wording, I forget what they
said, and it was a phone conversation so it's not in an inbox anywhere)
the driver if the license changes.  That's a pain for everyone involved,
and would take several months.  So, by dual-licensing, the OEMs can
continue using the driver and firmware under the GPL (invalid or not),
while we (Debian) can choose to use it under a BSD-alike license.


 Finally, what are we talking about?  ;-) Is this the license for the
 driver?
 Or rather for the firmware?
 Or for both?

I'm hoping for both.  I've asked them to change it to explicitly mention
that the license refers to the firmware as well.

 It's not clear to me, I apologize: first they say program = driver +
 firmware, then they seemingly give permissions for the driver only.
 Where are the permissions granted for the firmware?



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

qlogic firmware license

[Andres Salomon]

Hi,

QLogic just emailed me the wording of their new license for qla2xxx
firmware.  Please let me know if anyone sees problems with this.


Copyright (C)  2003 –2005 QLogic Corporation [QLA2x00]

This program includes a device driver for Linux 2.6.x that is distributed
with QLogic hardware specific firmware binary file.  You may modify and
redistribute the device driver code under the GNU Public License as
published by the Free Software Foundation (version 2 or a later version)
and/or under the following terms, as applicable:

1. Redistribution of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistribution in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution. 3.
The name of QLogic Corporation may not be used to endorse or promote
products derived from this software without specific prior written
permission

REGARDLESS OF WHAT LICENSING MECHANISM IS USED OR APPLICABLE, THIS
PROGRAM IS PROVIDED BY QLOGIC CORPORATION “AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 
USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

USER ACKNOWLEDGES AND AGREES THAT USE OF THIS PROGRAM WILL NOT CREATE OR
GIVE GROUNDS FOR A LICENSE BY IMPLICATION, ESTOPPEL, OR OTHERWISE IN ANY
INTELLECTUAL PROPERTY RIGHTS (PATENT, COPYRIGHT, TRADE SECRET, MASK 
WORK,
OR OTHER PROPRIETARY RIGHT) EMBODIED IN ANY OTHER QLOGIC HARDWARE OR
SOFTWARE EITHER SOLELY OR IN COMBINATION WITH THIS PROGRAM



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: qlogic firmware license

[Andres Salomon]

On Thu, 07 Jul 2005 15:13:47 -0400, Andres Salomon wrote:

 Hi,
 
 QLogic just emailed me the wording of their new license for qla2xxx
 firmware.  Please let me know if anyone sees problems with this.
 
 
 Copyright (C)  2003 –2005 QLogic Corporation [QLA2x00]
 
 This program includes a device driver for Linux 2.6.x that is distributed
 with QLogic hardware specific firmware binary file.  You may modify and
 redistribute the device driver code under the GNU Public License as
 published by the Free Software Foundation (version 2 or a later version)
 and/or under the following terms, as applicable:
 

Actually, after re-reading it, I'm going to request that they explicitly
mention that the firmware is covered by the license, as it states the
device driver code is covered by the licenses.


   1. Redistribution of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
   2. Redistribution in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution. 3.

Does including the copyright in the accompanying source code disk count as
other materials provided w/ the distribution?  I would think so, but I'd
like to be reassured that that's the case.


   The name of QLogic Corporation may not be used to endorse or promote
   products derived from this software without specific prior written
   permission
 
   REGARDLESS OF WHAT LICENSING MECHANISM IS USED OR APPLICABLE, THIS
   PROGRAM IS PROVIDED BY QLOGIC CORPORATION “AS IS'' AND ANY EXPRESS OR
   IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
 WARRANTIES
   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 
 USE,
   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
   USER ACKNOWLEDGES AND AGREES THAT USE OF THIS PROGRAM WILL NOT CREATE OR
   GIVE GROUNDS FOR A LICENSE BY IMPLICATION, ESTOPPEL, OR OTHERWISE IN ANY
   INTELLECTUAL PROPERTY RIGHTS (PATENT, COPYRIGHT, TRADE SECRET, MASK 
 WORK,
   OR OTHER PROPRIETARY RIGHT) EMBODIED IN ANY OTHER QLOGIC HARDWARE OR
   SOFTWARE EITHER SOLELY OR IN COMBINATION WITH THIS PROGRAM

Anyone want to clarify the last bit for me?  They want to ensure that the
use of the firmware image does not give anyone permission to do something
like reverse engineer qlogic hardware or something?




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: CS00003271 - Please review your case update - (Assigned)

[Andres Salomon]

On Mon, 2005-06-06 at 13:03 +0900, Horms wrote:
 On Wed, Jun 01, 2005 at 02:14:02PM -0400, Andres Salomon wrote:
  On Wed, 25 May 2005 11:24:27 -0700, NIC Technology Support wrote:
  
   Below is a response to your case number CS3271 submitted to Broadcom 
   NIC Technology Support.
   
   Case Title: GPLed driver and binary-only firmware blobs.
   
   Response from Broadcom: Can you please check with your Legal team and let 
   me know if the following license is acceptable by them:
   
  
  
  The license below looks good.  Do you plan to release a new version of the
  firmware with this license included, or are you going to give us
  permission to redistribute the existing firmware under this license?  If
  the latter is the case, we can submit a patch to add the license to the
  kernel for you.
 
 I think that it is important that this is submitted upstream,
 though it would probably be better if it came directly
 from Broadcom, as I think you suggest, rather than via Debian.
 

Given the emails we have, I don't think we'd have problems convincing
upstream (in this case, jgarzik would be merging into his net-2.6
branch) to include the license update patches.  Either way works for me,
though.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: more kernel firmware stuff

[Andres Salomon]

On Wed, 25 May 2005 11:36:43 -0400, Andres Salomon wrote:
[...]
 
 
 And so on.  QLogic wants to have a conference call w/ me and their legal
 dept, as they have questions on BSD vs GPL licensing.  I think it would be
 good to have someone from d-l on the call as well.  Any volunteers?  I'd
 like to get someone knowledgeable about GPL and BSD licensing issues,
 binary firmware images, and w/ some form of legal background.

No one stepped up, so I ended up discussing things w/ one of QLogic's
patent attorneys.  Their main concern with relicensing firmware images was
that they'd have to get the images requalified with OEMs or something
along those lines; a rather long process, apparently.  So, I suggested
they dual-license under the GPL and BSD licenses.  This would allow us to
select and redistribute the images under the BSD license.  I'm still not
convinced distributing the images under the GPL is valid, but.. *shrug*.

They're discussing dual licensing internally, and will get back to me.  I
offered a few examples of dual licensed programs/code; mozilla, various
drivers in the kernel that set MODULE_LICENSE(Dual BSD/GPL) and Dual
MPL/GPL, and the pam project.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

more kernel firmware stuff

[Andres Salomon]

Hi,

Regarding http://wiki.debian.net/?KernelFirmwareLicensing, I've been
discussing firmware licensing w/ various hardware vendors.  Here a
quote from my discussions with QLogic:

 On Wed, 2005-05-11 at 10:22 -0700, David Wagner wrote:
  Andres,
  
  The firmware files mentioned, run entirely in our HBA RISC processor
  and do not execute in the Linux kernel domain. We do not intend to
  distribute the source code for the firmware, only the executable
  files. We put the GPL wording in these file headers at the request of
  our corporate customers, some of which have large legal departments
  which I assume understand the fine points of GPL licensing. 
  
 
 That's fine; I'm not overly concerned whether or not the source code for
 the firmware is made available.  It would be *nice*, but it's not what
 I'm trying to accomplish.  What I'm looking for is a clarification of
 the license.  The GPL is not a valid license for a binary firmware
 image.  I will expand upon that below.
 
  So far all the other Linux distributions are fine with the existing
  files.  
 
 
 Debian and Ubuntu are the main distributions (that I'm aware of) right
 now that are stripping out the QLogic drivers due to this firmware
 licensing issue.  I expect others to follow suit, at some point.  Right
 now, however, my concern is with getting the licensing cleared up so
 that Debian can distribute the drivers (I have a Sun machine that
 requires the qla2200 driver).
 
  Can you tell me what the issue is as far as Debian is concerned? Do
 
 The GPL specifies that when binaries are distributed, source must be
 made available by some means.  Currently, if someone were to ask us
 (Debian) for the source to the firmware image, we would be unable to
 provide it.  That would mean we (Debian) are in violation of the
 license.  It is irrelevant what device the firmware code actually
 executes on.  Quoting the GPLv2, The source code for a work means the
 preferred form of the work for making modifications to it.  Unless
 QLogic is creating the binary image with a hex editor, I don't think it
 could be argued that the firmware image itself is the source code.
 
 
   you have suggestions as to the exact license agreement wording that
  you would recommend?
  
 
 Any Free license that's compatible with the GPL would be just fine.  I
 have been recommending the BSD license to hardware vendors.  For
 example:
 
...


And so on.  QLogic wants to have a conference call w/ me and their legal
dept, as they have questions on BSD vs GPL licensing.  I think it would be
good to have someone from d-l on the call as well.  Any volunteers?  I'd
like to get someone knowledgeable about GPL and BSD licensing issues,
binary firmware images, and w/ some form of legal background.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: kernel firmware status

[Andres Salomon]

On Wed, 06 Apr 2005 08:56:56 -0300, Humberto Massa wrote:

 
 Andrew Suffield wrote:
 
[...]
 
The firmware contained herein as keyspan_*.h is
...
Permission is hereby granted for the distribution of
this firmware image as part of a Linux or other Open
Source operating system kernel in text or binary form
as required.
...
This firmware may not be modified and may only be
used with Keyspan hardware.  Distribution and/or
Modification of the keyspan.c driver which includes
this firmware, in whole or in part, requires the
inclusion of this statement.
  
  
  Finally, one with a real license. It's obviously non-free,
  but I see no reason why it can't be distributed in non-free,
  with the usual provisos about proprietary drivers being
  entirely unsupportable.
 
 As I said before, it seems to me that is not distributable
 /unless/ within a whole copy of the kernel; ie neither in a
 kernel-modules-nonfree nor in a keyspan-module-nonfree
 packages.
 

Hm, I'm not sure I agree with that.  It doesn't say it requires a
*complete* kernel; nor does it say it requires Linux specifically.  We're
distributing the kernel in parts; kernel-source-nonfree is definitely part
of an open source kernel (albeit just drivers for hardware).  I could see
this argued both ways.

Of course, I can contact them and ask them to modify the license as well. 
This falls in line w/ Sven's request[0] for an example license to propose
to firmware copyright holders that will satisfy the requirements of the
kernel, and our non-free distribution.  Obviously, something like the BSD
license is doable, but the firmware authors seem to want to ensure that
the firmware remain unmodified, and/or only be used with their specific
hardware.


[0] http://lists.debian.org/debian-legal/2005/04/msg00152.html


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: non-free firmware in kernel modules, aggregation and unclear copyright notice.

[Andres Salomon]

On Tue, 05 Apr 2005 11:39:02 +0200, Christoph Hellwig wrote:

 On Tue, Apr 05, 2005 at 11:36:58AM +0200, Arjan van de Ven wrote:
 One of the options is to even ship the firmware in the kernel tarbal but
 from a separate directory with a clear license clarification text in it.
 
 I think that's what we should do.  I currently don't have any firmware
 requiring devices, but I'd volunteer to keep such a tarball for now if
 no one else wants to do tiny amount of work.


FYI, I just created this, it might be useful for all this:
http://wiki.debian.net/?KernelFirmwareLicensing

I'm still adding driver information..


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: turck-mmcache license violation?

[Andres Salomon]

On Thu, 11 Nov 2004 20:12:42 -0200, cascardo wrote:

 One could claim that php4 is part of the operating system, just like
 they do with OpenSSL. That is nuts!

One could claim anything.  However, most people don't consider php4 part
of the OS.

 
 Sorry for introducing a reason for a flame.
 I'd just like to say that I think the if one line is to be crossed, that
 should mean that we should ask for the author permission, which would
 make the license non-free. Since turck-mmcache (I've just checked) is a
 PHP optimizer, seems reasonable that the author had the intention to
 allow it to be linked to php4, since I guess the program would not work
 without it.


I'm not sure I understand what you're saying; how would asking
permission make the license non-free?  And, while the author may have
intended the program to be linked to php4, he has not given explicit
permission for us to do so.  Quite the opposite, in fact; he chose a
license that dictates a set of strict rules for redistribution in binary
form.  So, while we can certain redistribute in source form, and require
the user to compile/link against php4, we cannot (currently)
compile/link against php4 and distribute those binaries until we get
some sort of (legally binding) permission from the author.

 Unfortunately, that is not implied when some one writes a patch to a GPL
 application and another person writes a SSL interface to it. That
 happened to me once and I replied to the message in the development
 mailing list saying that they should not include my patches if they
 wanted to distribute it.
 

That's correct.  All copyright holders must agree when changing the
license on a piece of software.  That includes significant patch
submissions.  For the turck people to either change the license to LGPL,
or add some sort of exception clause for php (and everything php links
to), it would require the author to get the permission of everyone who
submitted a significant amount of code.  If it's just one person hacking
it, that shouldn't be too difficult.  If it's a team, w/ a lot of people
committing changes, it becomes more difficult.

turck-mmcache license violation?

[Andres Salomon]

It would appear that turck-mmcache is covered under the GPL.  However, it
links against php4, whose license is incompatible w/ the GPL.  Is there
some sort of exception clause that was left out of the copyright file, or
are we violating the turck-mmcache license?

[Fwd: Upgrade of MySQL FLOSS License Exception]

[Andres Salomon]

FYI..

-- 
Andres Salomon [EMAIL PROTECTED]
---BeginMessage---

Greetings All,

Version 0.2 of the MySQL FLOSS License Exception has been released.

The MySQL FLOSS License Exception is an extension to the terms and
conditions of the GNU General Public License (GPL) that increases the
compatibility between the GPL and other Free Software and Open Source
licenses (such as the Apache License, the BSD license and the PHP
license).

If you distribute software based on the GPL-licensed version of MySQL,
you may be interested in reading and discussing this exception.

The text of the exception is attached to this document and is published
online at:
 * http://dev.mysql.com/doc/mysql/en/MySQL_FLOSS_License_Exception.html
 * (and at http://www.mysql.com/products/licensing/foss-exception.html)

Major changes include:
 * Removal of restrictions that made distribution of MySQL challenging
for BSD and Linux Distributions
 * Clarifications to the wording of the exception

For more detailed information on the changes made and issues addressed,
visit:
 * http://zak.greant.com:/licensing/timeline
 *
http://zak.greant.com:/licensing/rlog?f=licensing/FLOSS-
exception.txt

The exception will apply to future MySQL versions 4.0.21, 4.1.4 and
5.0.2.

You can download development versions of the 4.0.x and 4.1.x series
that include the exception from
http://downloads.mysql.com/snapshots.php

The 5.0.x series will have the exception applied as soon as we do a
code merge between the 4.1.x series and the 5.0.x series.

If you have any questions or comments, please drop me a line! If the
matter is not private or sensitive, I encourage you to do so on this
list so that others can benefit from the discussion.

Cheers!
--
Zak Greant
MySQL AB Community Advocate

MySQL FLOSS License Exception v0.2

The MySQL AB Exception for Free/Libre and Open Source Software-only
Applications Using MySQL Client Libraries (the FLOSS Exception).


Exception Intent
We want specified Free/Libre and Open Source Software (FLOSS) applications
to be able to use specified GPL-licensed MySQL client libraries (the
Program) despite the fact that not all FLOSS licenses are compatible with
version 2 of the GNU General Public License (the GPL).


Legal Terms and Conditions
As a special exception to the terms and conditions of version 2.0 of the
GPL:

1. You are free to distribute a Derivative Work that is formed entirely from
   the Program and one or more works (each, a FLOSS Work) licensed under
   one or more of the licenses listed below in section 2, as long as:

a. You obey the GPL in all respects for the Program and the Derivative
   Work, except for identifiable sections of the Derivative Work which
   are not derived from the Program, and which can reasonably be
   considered independent and separate works in themselves,

b. all identifiable sections of the Derivative Work which are not
   derived from the Program, and which can reasonably be considered
   independent and separate works in themselves,

(i) are distributed subject to one of the FLOSS licenses listed
below, and

   (ii) the object code or executable form of those sections are
accompanied by the complete corresponding machine-readable
source code for those sections on the same medium and under the
same FLOSS license as the corresponding object code or
executable forms of those sections, and

c. any works which are aggregated with the Program or with a Derivative
   Work on a volume of a storage or distribution medium in accordance
   with the GPL, can reasonably be considered independent and separate
   works in themselves which are not derivatives of either the Program,
   a Derivative Work or a FLOSS Work.

If the above conditions are not met, then the Program may only be copied,
modified, distributed or used under the terms and conditions of the GPL or
another valid licensing option from MySQL AB.

2. FLOSS License List

License name   Version(s)/Copyright Date
Academic Free License2.0
Apache Software License  1.0/1.1/2.0
Apple Public Source License  2.0
Artistic license From Perl 5.8.0
BSD license   July 22 1999
Common Public License1.0
GNU Library or Lesser General Public License (LGPL)2.0/2.1
Jabber Open Source License   1.0
MIT License (As listed in file MIT-License.txt)-
Mozilla Public License (MPL) 1.0/1.1
Open Software License2.0
PHP License

Re: SRP

[Andres Salomon]

On Mon, 26 Jul 2004 19:11:26 -0700, Russ Allbery wrote:

 MiguelGea [EMAIL PROTECTED] writes:
 
 Hello debian-legal,
 I'm thinking about packaging SRP for debian. 
 
 Question 1: I'm not sure if there are any problem on packaging it. What
 do you think about?
 
 Please note that SRP is patented; that's part of SRP's licensing that
 tends to make people nervous.  The most current information that I have on
 the SRP patent is at:
 
 http://availtech.stanford.edu/Scripts/otl.cgi/docket?docket=97-006


Actually, I remember looking at SRP a while back; I noticed they had two
different algorithms/releases/versions.  I assume both are patented;
however, one required royalties, the other was free for use.  Grabbing
srp-2.1.0-beta1.tar.gz and peeking at docs/LICENSE, I see the following
that was left out of MiguelGea's initial post:



SRP is royalty-free worldwide for commercial and non-commercial use.
The SRP library has been carefully written not to depend on any
encumbered algorithms, and it is distributed under a standard
BSD-style Open Source license which is shown below.  This license
covers implementations based on the SRP library as well as
independent implementations based on RFC 2945.

The SRP distribution itself contains algorithms and code from
various freeware packages; these parts fall under both the SRP
Open Source license and the packages' own licenses.  Care has
been taken to ensure that these licenses are compatible with
Open Source distribution, but it is the responsibility of the
licensee to comply with the terms of these licenses.  This
disclaimer also applies to third-party libraries that may be
linked into the distribution, since they may contain patented
intellectual property.  The file Copyrights contains a list
of the copyrights incorporated by portions of the software.

Broader use of the SRP authentication technology, such as variants
incorporating the use of an explicit server secret (SRP-Z), may
require a license; please contact the Stanford Office of Technology
Licensing (http://otl.stanford.edu/) for more information about
terms and conditions.



Also, following your link, I see:

Licensing:

* Non-commercial or commercial use of SRP/SRP-3 in its
implicit-server-authenticating form (e.g. RFC2945) is royalty-free,
and you can download the license at
http://otl.stanford.edu/pdf/97006.pdf. Use of SRP for explicit
bidirectional authentication (e.g. SRP-Z for explicit server
authentication) is specifically not included under the royalty-free
license. Please contact Mary Watanabe for license terms. 



I'm not sure how to interpret this; I'm not familiar enough w/ SRP-Z.  Is
this a different algorithm, such that the source would need to be
significantly modified (such that SRP-Z is essentially a separate thing,
convered by its own license; converting SRP-3 to SRP-Z is just as
difficult as converting openssh to SRP-Z)?  Is this merely a layer on top
of SRP-3 (thereby restricting a derived work, and making it
DFSG-incompatible)?  

Re: MySQL FOSS Exception

[Andres Salomon]

On Mon, 26 Jul 2004 13:30:24 +0200, Francesco P. Lovergine wrote:

 On Sun, Jul 25, 2004 at 12:20:22PM +, Andreas Metzler wrote:
 Francesco Paolo Lovergine frankie at debian.org writes:
[...]
 
 http://zak.greant.com:/licensing/rlog?f=licensing/FLOSS-exception.txt
  cu andreas
 
 
 Uhm, if they would add OpenSSL license explicitly it would be nice.
 In its current draft I see almost the same problems, but for
 a better definition of 'Opensource Initiative Compatible'.
 Anyway, I think that using external references to validate
 a license is quite weird. They should simply list principia
 and possibly add a few additional well-known licenses.

Please do bring up your points on the Mysql-community list; preferably
*before* they do the next release, so that we're not waiting for yet
another iteration of
license-update/management-approval/lawyer-approval/debian-approval/mysql-release.

You can subscribe here:
http://lists.mysql.com/community

Re: SRP

[Andres Salomon]

On Mon, 02 Aug 2004 09:23:07 +0100, Edmund GRIMLEY EVANS wrote:

 Andres Salomon [EMAIL PROTECTED]:
 
 I'm not sure how to interpret this; I'm not familiar enough w/ SRP-Z.  Is
 this a different algorithm, such that the source would need to be
 significantly modified (such that SRP-Z is essentially a separate thing,
 convered by its own license; converting SRP-3 to SRP-Z is just as
 difficult as converting openssh to SRP-Z)?  Is this merely a layer on top
 of SRP-3 (thereby restricting a derived work, and making it
 DFSG-incompatible)?  
 
 If you take that argument to its logical conclusion then no software
 is DFSG-free, because patents restrict all derived works. (Given any
 free software, it is possible to modify it so that it infringes some
 patent that is being actively enforced; therefore no free software can
 be freely modified.)

Exactly, which is why I'm wondering how different SRP-Z is..

Re: MySQL FOSS Exception

[Andres Salomon]

On Fri, 23 Jul 2004 16:49:32 +0200, Francesco P. Lovergine wrote:

 http://www.mysql.com/products/licensing/foss-exception.html
 
 A few programs link currently the old non-GPL libmysqlclient10 in order
 to retain compatibility with other free licenses which have known
 problems and require exceptions (e.g. openssl). AFAIK the new
 statement should allow all those program to link the current 
 libmysqlclient instead. See proftpd-mysql for an example of such kind
 of programs.
 
 Comments?

Argh.  No, no, no.  This is the *old* statement, which is completely
useless for our purposes; it is not even DFSG compatible.  Note #3:

The Derivative Work does not include or aggregate any part of the MySQL
Server (SQL Engine) or any modifications, translations or other
derivatives thereof,

followed later on by:

As used in this document, the term include or aggregate means to embed,
integrate, bundle, aggregate, link, distribute on the same media or in the
same packaging, provide with instructions to download or automate any of
the preceding processes.

The MySQL folks have a *new* statement, that should satisfy the DFSG, and
should be released w/ the next version of mysql.  In the meantime, you can
basically ignore their FOSS exception, because it's absolutely useless for
us.

updated mysql exception clause draft

[Andres Salomon]

The mysql folks are preparing 0.2 of their FLOSS exception.  The
current draft can be seen here:

http://zak.greant.com:/licensing/getfile/licensing/FLOSS-exception.txt?v=1.4

The most notable differences are the addition of some licenses, and the
removal of the derived-work-may-not-bundle-mysqld clause.  For reference,
the current version can be seen here:

http://www.mysql.com/products/licensing/foss-exception.html

Can anyone spot anything else in the draft that might
keep us from being able to link things against libclientmysql12?

ASL2 and artistic compatibility

[Andres Salomon]

It would appear that the new upstream release of libapache2-mod-perl2 has
been relicensed; from the ASL 1.1 to the ASL 2.0.  As has already been
discussed, the ASL (both 1.1 and 2.0) and GPL are
incompatible (at least, the FSF claims they are).  What has previously
been used w/ modperl (1 and 2, under the ASL 1.1) has been perl's Artistic
license.  The question is, does the change to ASL 2.0 introduce any
incompatibilities with the Artistic license?  Is it safe to upgrade
libapache2-mod-perl2 to the latest version?

As a side note, there was a d-l thread in Feb. about the Apache group and
the FSF talking about resolving their disagreement regarding the patent
termination clause in the ASL 2.0 rendering both licenses incompatible.
Does anyone know if an agreement has been reached?

Re: The MySQL FOSS Exception v0.1

[Andres Salomon]

(CC'ing debian-legal for any suggestions they may have, as well)

On Fri, 2004-03-12 at 06:40, Zak Greant wrote:
 On Thursday, March 11th at 22:58 CET, the MySQL team become the proud 
 parent of a brand new baby license exception. Birth occurred much 
 sooner than the estimated deliver date of sometime after Perl 7. The 
 parent and child are now resting after a very long and arduous labor 
 (and an even longer and more arduous pregnancy).
 
 The new exception is called the MySQL FOSS Exception and currently is 
 66 lines, 458 words and 3828 bytes.
 

Congrats.  Hopefully we'll see v0.2 very soon.  :)


 When viewing the baby, please keep in mind that it is only a baby and 
 needs lots of input to become healthier, stronger and more 
 comprehensible.
 
 When I get back to my home base in a few days, I will drop the 
 exception into something like CVS (perhaps with CVStrac support ;) so 
 that we can track every little change and the suggestions that led to 
 it.
 
 Also, please note that we have already delivered this document to the 
 FSF, Larry Rosen, a good number of core PHP people, the Fedora team, 
 etc.  So far, we do have early feedback from some of the reviewers that 
 we will consider incorporating as we do new revisions of the licenses.
 
 Supporting details to come as I (and we) have time to write them.
 
 The MySQL AB Exception for non-GPL Free and Open Source Software-only 
 Applications
 Using MySQL Client Libraries (the FOSS Exception) (Version 0.1)
 
 EXCEPTION INTENT
 We want FOSS-only (Free and Open Source Software) applications to be 
 able to use
 GPL-licensed MySQL Client libraries despite the fact that not all FOSS 
 licences are
 compatible with the GPL. Therefore we have issued the following 
 exception:
 
 LEGAL TERMS AND CONDITIONS
 As a special exception to the terms and conditions of version 2.0 of 
 the GPL
 
 You are free to distribute Derivative Works that are formed entirely 
 from works
 licensed under under one or more of the licenses listed below without

Small typo; s/under under one/under one/.


  
 affecting
 the license terms of the works, as long as:
 
 1. You obey the GNU General Public License in all respects for the 
 Program and
 the Derivative Work, except for identifiable sections of that work 
 which are
 not derived from the Program, and which can reasonably be considered
 independent and separate works in themselves,

Ok, so when merely using libmysqlclient via its standard API (the common
case being dynamically linking against it), GPL terms must be followed
for only libmysqlclient; the complete derived work is exempt (contingent
upon further text, below).  When including actual libmysqlclient code in
a module (or program) that isn't just calling libmysqlclient API calls,
GPL terms must be followed for the entire module (or program).  Using
terms like reasonable in licenses makes me nervous, but it seems
pretty clear in this case what is meant.

 
 2. You distribute all identifiable sections of the Derivative Work 
 which are
 not derived from the Program, and which can reasonably be considered 
 independent
 and separate works in themselves, subject to one of the licenses listed 
 below,

Here, permission is granted to distribute with the licenses listed
below.  We'd need to make sure that everything PHP and Apache link with
use only the licenses below.


 
 3. The Derivative Work does not include or aggregate any part of the 
 MySQL Server
 (SQL Engine) or any modifications, translations or other derivatives 
 thereof,
 

This clause seems very problematic.  The intention seems to be to allow
the license exception to apply only to client libs.  Unfortunately, this
could easily be violated.  For example, some other random piece of GPL'd
software that includes a few files from mysqld (since both pieces of
software are GPL'd, that's fine to do), and then links against apache or
php would violate the exception.  Yikes.  It's not merely the licenses
we must be checking, now; it's also individual source files within all
projects linking against libmysqlclient (or apache, or php, or any
number of other things that may be using php or libmysqlclient). 

Furthermore, the definition given for include or aggregate below
includes distribution on the same media.  This violates the DFSG
http://www.debian.org/social_contract#guidelines, making it
undistributable by Debian (if the clause is in place).  See point #9 of
the guidelines; this clause forces other software that is merely
distributed alongside a libmysqlclient that's linked with PHP (for
example) to not include mysqld.  Not only that, but it goes so far as to
say that we cannot allow automated downloading of mysqld with a GPL'd
libmysqlclient and PHP.  That makes this entire exception useless to
most distributors, I'd imagine.


 4. If the above conditions are not met, then the Program may only be
 copied, modified, distributed or used under the terms and conditions of
 the GPL or another valid licensing 

Re: MySQL Licensing Issues

[Andres Salomon]

On Fri, 20 Feb 2004 10:09:38 +0100, Zak Greant wrote:

 Greetings All,
 
 We have set up a list for discussing MySQL community issues. If anyone is
 interested in joining, please send a blank message to
 [EMAIL PROTECTED]
 
 The main topic of discussion for the short term will be licensing.
 
 Cheers!
 --zak

Is there an archive of this list online somewhere?  I checked
http://lists.mysql.com/, but didn't see it anywhere.

mysql license update

[Andres Salomon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Interestingly enough, I just stumbled upon the following:
http://www.mysql.com/products/opensource-license.html

It appears that the mysql folks now provide an exception for derivative
works linked against php.  Hopefully (assuming debian-legal is ok w/
it), this means we can start linking php4 against mysql4.  CC'ing
debian-legal for clarification.





-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAGTBT78o9R9NraMQRAn7FAJ9w1z2OGVDL+VCAL3yJTtWDyG53NgCguoeI
BdVmXptO38GOH9UNBrViL0g=
=jcvB
-END PGP SIGNATURE-