Re: Copyright verification needed
On Friday 29 June 2007 00:36:43 Josselin Mouette wrote: Le jeudi 28 juin 2007 à 10:24 +0200, Bruno Costacurta a écrit : AFAICS you can use it legally if you port it to GNUTLS. - the actual code implemented a strong separation layer between OpenSSL and Qt (review of code can be made by independent party) thus licenses should not be mixed in their interpretations. Regardless of the implementation, a resulting binary that requires both OpenSSL and Qt to work is considered a derived work from both, and is therefore not distributable. Thanks to all for attention and follow up. Unfortunately I come to the conclusion that this planned packaging will be complicated regarding its licenses duties (porting to GnuTLS...etc..) and so decide to abandon the creation of the ITP (Intend To Package). Regards, Bruno Costacurta -- PGP key ID: 0x2e604d51 Key server: hkp://subkeys.pgp.net Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- pgpQOiXhRjrZP.pgp Description: PGP signature
Re: Copyright verification needed
On Wednesday 27 June 2007 09:51:19 [EMAIL PROTECTED] wrote: On 6/27/07, Bruno Costacurta [EMAIL PROTECTED] wrote: Gentlemen, thanks a lot for your attention and discussion. Can we come to a conclusion ? Shall I simply abandon at this stage any plan to package this application ? Should I continue to prepare and create an ITP (Intend To Package) to enter in an official package consideration ? AFAICS you can use it legally if you port it to GNUTLS. Hello, porting to GnuTLS is something we'll avoid. About the issues mentioned before, I can answer and propose : - the actual code implemented a strong separation layer between OpenSSL and Qt (review of code can be made by independent party) thus licenses should not be mixed in their interpretations. - current license / copyright might be adapted (meaning 'enforced and clarified', not 'relaxed') to answer concerns. Best Regards, Bruno Costacurta -- PGP key ID: 0x2e604d51 Key server: hkp://subkeys.pgp.net Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- pgpFclVmBYkzZ.pgp Description: PGP signature
Re: Copyright verification needed
On Thursday 28 June 2007 10:28:27 [EMAIL PROTECTED] wrote: On 6/28/07, Bruno Costacurta [EMAIL PROTECTED] wrote: Hello, porting to GnuTLS is something we'll avoid. About the issues mentioned before, I can answer and propose : - the actual code implemented a strong separation layer between OpenSSL and Qt (review of code can be made by independent party) thus licenses should not be mixed in their interpretations. Well, if the FSF is right in their interpretation, this isn't enough. As long as a GPL library is linked to anything else, the GPL requires that the whole lot be GPL. OpenSSL is not GPL compatible. - current license / copyright might be adapted (meaning 'enforced and clarified', not 'relaxed') to answer concerns. What do you mean? Well, the project team was thinking about something like an 'advertising-special-exception-whatever-clause'. Something acceptable is a such direction by sirs FSF, GPL and others ? ;-( Bye, Bruno -- Andrew Donnellan ajdlinuxATgmailDOTcom (primary)ajdlinuxATexemailDOTcomDOTau (secure) http://andrewdonnellan.comhttp://ajdlinux.wordpress.com [EMAIL PROTECTED]hkp://subkeys.pgp.net 0x5D4C0C58 http://linux.org.auhttp://debian.org Spammers only === [EMAIL PROTECTED] === -- PGP key ID: 0x2e604d51 Key server: hkp://subkeys.pgp.net Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- pgpruv9xYalAS.pgp Description: PGP signature
Re: Copyright verification needed
On Tuesday 26 June 2007 00:48:16 Francesco Poli wrote: On Tue, 26 Jun 2007 00:06:58 +0200 Josselin Mouette wrote: Le dimanche 24 juin 2007 à 09:30 +1000, [EMAIL PROTECTED] a écrit : The stuff from Trolltech is another matter though - they use the GPL and the QPL I believe. If you use it under the GPL, then it can't link to OpenSSL, and I believe the QPL is widely considered non-free. This is a bit more complicated. The QPL is DFSG-free, but only if you don't apply section #6 This is equivalent to saying that software solely released under the QPL does *not* comply with the DFSG. When discussing whether a license meets the DFSG, patched versions of the license cannot help the unpatched original license to meet the DFSG... And anyway, you there's not only clause 6c: another issue that makes the QPL fail to meet the DFSG is the choice of venue. The thread where these details are discussed starts here: http://lists.debian.org/debian-legal/2004/07/msg00157.html Gentlemen, thanks a lot for your attention and discussion. Can we come to a conclusion ? Shall I simply abandon at this stage any plan to package this application ? Should I continue to prepare and create an ITP (Intend To Package) to enter in an official package consideration ? Many thanks. Regards, Bruno -- PGP key ID: 0x2e604d51 Key server: hkp://subkeys.pgp.net Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- pgpDtz4Ux7MpL.pgp Description: PGP signature
Re: Copyright verification needed
On Sunday 24 June 2007 01:30, [EMAIL PROTECTED] wrote: On 6/24/07, Bruno Costacurta [EMAIL PROTECTED] wrote: Hello, I'm preparing an ITP (Intend To Package) as a newbie regarding Debian packaging. About the source (for the ITP) I'm not the developer and simply reproduced the copyright I found with source code. Could you please check the attached copyright file and its respect to Debian rules about license / copyright ? The template of the file was created by dh_make tools and I manually completed needed fields. It appears to be a standard 3-clause BSD license, which is fine, however it also claims to link with OpenSSL and some stuff from Trolltech. OpenSSL is fine, however it is GPL incompatible, so if this software is a library, you have to be careful. The stuff from Trolltech is another matter though - they use the GPL and the QPL I believe. If you use it under the GPL, then it can't link to OpenSSL, and I believe the QPL is widely considered non-free. -- Andrew Donnellan ajdlinuxATgmailDOTcom (primary)ajdlinuxATexemailDOTcomDOTau (secure) http://andrewdonnellan.comhttp://ajdlinux.wordpress.com [EMAIL PROTECTED]hkp://subkeys.pgp.net 0x5D4C0C58 http://linux.org.auhttp://debian.org Spammers only === [EMAIL PROTECTED] === Many thanks for your attention. I checked more closely the licenses related to OpenSSl and Trolltech which I found within related Debian packages I install to build my own package (please find both licenses attached). My personal feeling is that they looks fine. Maybe I should simply complete my first copyright file by adding licenses from OpenSSL and Trolltech (I repeat: both present in their respective Debian packages) ? I suppose I can rely on the fact that because such licenses are already present in other debian packages I can build my own with same licenses. Correct ? Many thanks for confirmation / correction. Bye, Bruno -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- This package was debianized by Christoph Martin [EMAIL PROTECTED] on Fri, 22 Nov 1996 21:29:51 +0100. Copyright (c) 1998-2004 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson The upstream sources were obtained from http://www.openssl.org/ LICENSE ISSUES == The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [EMAIL PROTECTED] OpenSSL License --- /* * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. All advertising materials mentioning features or use of this *software must display the following acknowledgment: *This product includes software developed by the OpenSSL Project *for use in the OpenSSL Toolkit. (http://www.openssl.org/) * * 4. The names OpenSSL Toolkit and OpenSSL Project must not be used to *endorse or promote products derived from this software without *prior written permission. For written permission, please contact *[EMAIL PROTECTED] * * 5. Products derived from this software may not be called OpenSSL *nor may OpenSSL appear in their names without prior written *permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following *acknowledgment: *This product includes software developed by the OpenSSL Project *for use in the OpenSSL Toolkit (http://www.openssl.org/) * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
Copyright verification needed
Hello, I'm preparing an ITP (Intend To Package) as a newbie regarding Debian packaging. About the source (for the ITP) I'm not the developer and simply reproduced the copyright I found with source code. Could you please check the attached copyright file and its respect to Debian rules about license / copyright ? The template of the file was created by dh_make tools and I manually completed needed fields. Note : the mentionned URL for download is not currently updated as I wait to open the ITP to proceed with it. Many thanks. Regards, Bruno -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- This package was debianized by Bruno Costacurta [EMAIL PROTECTED] on Fri, 22 Jun 2007 23:51:54 +0200. It was downloaded from www.costacurta.org/xca Upstream Author: Christian Hohnst�dt [EMAIL PROTECTED] Copyright (C) 2001 - 2007 Christian Hohnstaedt. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This program links to software with different licenses from: - http://www.openssl.org which includes cryptographic software written by Eric Young ([EMAIL PROTECTED]) - http://www.trolltech.com pgpfhAPlyIPuJ.pgp Description: PGP signature
