Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Riley Baird]

On 31/07/14 10:54, Walter Landry wrote:
 Stas Malyshev smalys...@sugarcrm.com wrote:
 Would you change the licence to something more usual, like MIT/X style?

 No, this is completely infeasible
 
 That is not correct.  It is very easy to change the license because
 the license has an upgrade clause (condition #5).

Of course, if the license is changed, then it shouldn't be MIT/X
exactly, but it should be MIT/X plus an upgrade clause.




-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53d9e16a.4020...@bitmessage.ch

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Thorsten Glaser]

Ángel González dixit:

 On 30/07/14 22:00, Stas Malyshev wrote:
 You could not distribute other derived products bearing the name of PHP
 - but distributing PHP itself is fine, since it's not a product derived
 from PHP but the actual PHP. If Debian OTOH decides to make their own

The actual PHP is still normally patched in a distribution.

 +  4B= On the other hand, minor patches to products already containing

Absolutely no! That would make the situation much worse.
This is very vague language, which will not help but
add insecurities.

 There is some ambiguity on what is a B+minor patchB;, but I feel it's better
 to leave that to the courts should a lawsuit really arise (which would be a

The very idea of a distribution doing licence review is to
avoid things that could possibly, ever, go to court.

 or later. Use Common Sense for determining if it's a minor patch.

That does not work in a legal environment, unfortunately.

This is why the OSI (and many others) say to please leave
writing licences (code for the scripting language called
legalese) to experts (lawyers), just as we’d not want the
lawyers to write C code.

 Would this change have the blessing of Debian and the approval of PHP?

I highly doubt it. The current php5 source package in Debian
has 49 patches… on top of a 5.6 release candidate. Things like
porting to new platforms, etc. are not minor. One is named
“hack-phpdbg-to-explicitly-link-with-libedit.patch”. You could
say that every distribution makes a fork.

Looking at a BSD… there are 34 patches in MirPorts for PHP
as well, though the licence information there is set to say
that binaries may not be redistributed. Another option would
be to simply rename PHP to… Icescriptinglanguage? ;-)

bye,
//mirabilos (Debian Developer, but also MirBSD founder)
who’d personally prefer to just shut up and hack
instead of dealing with legal issues…
-- 
“ah that reminds me, thanks for the stellar entertainment that you and certain
other people provide on the Debian mailing lists │ sole reason I subscribed to
them (I'm not using Debian anywhere) is the entertainment factor │ Debian does
not strike me as a place for good humour, much less German admin-style humour”


--
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/pine.bsm.4.64l.1407310720520.23...@herc.mirbsd.org

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Ángel González]

Thorsten Glaser wrote:

Ángel González dixit:


On 30/07/14 22:00, Stas Malyshev wrote:

You could not distribute other derived products bearing the name of PHP
- but distributing PHP itself is fine, since it's not a product derived
from PHP but the actual PHP. If Debian OTOH decides to make their own

The actual PHP is still normally patched in a distribution.


+  4B= On the other hand, minor patches to products already containing

Absolutely no! That would make the situation much worse.
This is very vague language, which will not help but
add insecurities.
I understand that's what the PHP developers are trying to express with 
the PHP License
(although it's not explictely named as such). You may prefer a term like 
substantially

modified but it's the same thing.



There is some ambiguity on what is a B+minor patchB;, but I feel it's better
to leave that to the courts should a lawsuit really arise (which would be a

The very idea of a distribution doing licence review is to
avoid things that could possibly, ever, go to court.
There are clear cases of minor changes (eg. it applies some three-line 
patches), clear
cases of major changes (suppose that the php engine was changed to run 
javascript
instead!) and cases where it's not that clear (and should thus be 
avoided without a

package rename).

You can see Scratch_Trademark_Policy for an example of lawyer-written 
text using similar terms.

http://wiki.scratch.mit.edu/wiki/Scratch_1.4_Source_Code#Scratch_Trademark_Policy

Please remember that we are just talking about changes that Debian 
itself may want to
perform (so it doesn't require a renaming which would be bad both for 
PHP and Debian

users).



or later. Use Common Sense for determining if it's a minor patch.

That does not work in a legal environment, unfortunately.
That tried to explain the . Yet some dumb could that their 
javascript-running engine
can be named php-foo because he has a series of three-line patches 
converting one

into the other.



This is why the OSI (and many others) say to please leave
writing licences (code for the scripting language called
legalese) to experts (lawyers), just as we’d not want the
lawyers to write C code.
This was just a proposal that could serve as starting point. I wouldn't 
expect that PHP

blindly accepted it without consulting a lawyer!



Would this change have the blessing of Debian and the approval of PHP?

I highly doubt it. The current php5 source package in Debian
has 49 patches… on top of a 5.6 release candidate. Things like
porting to new platforms, etc. are not minor. One is named
“hack-phpdbg-to-explicitly-link-with-libedit.patch”. You could
say that every distribution makes a fork.
Even with that funny name, it only changes 
PHPDBG_EXTRA_LIBS=$PHP_READLINE_LIBS to PHPDBG_EXTRA_LIBS=-ledit 
-ltermcap.
I have reviewed them. Most are trivial-minor at first sight, often 
chanes to m4s.

Some fpm patches do define new functions and may deserve a second look (but
are still simple, specially when compared to the full codebase).
use_embedded_timezonedb.patch does , although .

You raise a good point about porting, although it doesn't seem so bad. 
Those

should be small changes (perhaps problems would appear if you needed to
include a lot of patches copying libc functions not available natively…
but instead of copyng them on each program, they should be a library).


At the end of the day, php is substantially the same software on Linux 
or Hurd
(where ptrace(2) doesn't work so Debian patched it), using date.timezone 
or getting

it from /etc/localtime
Changes to the build system seem specially clear as “not changing too 
much” the program itself.




Looking at a BSD… there are 34 patches in MirPorts for PHP
as well,
I count only 20 :S (all minor things, some that should have been done at 
PHP)


(As an aside, it's sad in general to check package patches, since most 
of them

should really be at upstream…)



though the licence information there is set to say
that binaries may not be redistributed.
You are creating the patches with a license not allowing binary 
redistribution?? You leave me

speechless.



Another option would be to simply rename PHP to… Icescriptinglanguage? ;-)
Well, that would be bad for Debian users just due to not fixing the 
license to say what they
mean. Quite similar to the problem a few years back of djb programs 
(considered
uncopyrightable by himself) which could not be considered PD due to lack 
of an explicit

license.


Thanks for your insights, Thorsten



PS: The cvs daemon at anoncvs.mirbsd.org doesn't seem to be listening on 
its IPv4 interface (81.169.181.30).

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Thorsten Glaser]

Ángel González dixit:

 Please remember that we are just talking about changes that Debian
 itself may want to perform (so it doesn't require a renaming which
 would be bad both for PHP and Debian users).

Right, but Debian probably (though it’s up to Ondřej Surý, the
maintainer; there is no central instance) would not want to accept
a licence that says “you may keep the name if your patches are
only this small, and if they get bigger or disagree with what
we say, you may not keep the name”.

There is innovation, writing of new code, and patching code when
the packager disagrees with upstream (or – worse – when tech-ctte
says so because some *other* maintainer within Debian is important
enough for them to judge to not force him to fix the bugs in *his*
package instead, and so the packager is in the minority and forced
to deviate from upstream, so that the package still fits into the
distro).

Also, Debian is a bit of promise to downstreams. I am not sure (I
did not specifically look at this part), but I think downstreams
should be able to not need to look at how _much_ patching the
licence allows…

 Looking at a BSDb as well,
 I count only 20 :S (all minor things, some that should have been done at PHP)

There are some hidden in ../{core,extensions}/patches/

 (As an aside, it's sad in general to check package patches, since most of them
 should really be at upstreamb

Right. It’s been problematic (and doesn’t scale well when
you’re a small project) to get patches for a non-mainstream
OS into upstream (though the situation did get better over
the years). In fact, most of our patches are carried over
from OpenBSD, who also either did not submit them or did
not have luck with that. (Though their relationship to both
their upstreams and downstreams is a bit special anyway.)

 though the licence information there is set to say
 that binaries may not be redistributed.

 You are creating the patches with a license not allowing binary
 redistribution?? You leave me speechless.

No, what I meant is: the port metadata says that we may not
distribute the binary packages.

It’s your licence which forbids that ;-)

 PS: The cvs daemon at anoncvs.mirbsd.org doesn't seem to be listening on its
 IPv4 interface (81.169.181.30).

There is no cvs dæmon, it’s anonymous CVS over ssh. (Nobody
sane uses pserver – it’s susceptible to MITM and all.)

(And yes, I’m gonna update that thing some day… but for what
I’m currently using it, that old beast serves well enough…)

bye,
//mirabilos
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL


--
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/pine.bsm.4.64l.1407312028310.12...@herc.mirbsd.org

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Pierre Joye]

On Wed, Jul 30, 2014 at 1:07 PM, Thorsten Glaser t...@debian.org wrote:
 Pierre Joye wrote:

As Rasmus, and I, said numerous times, the PHP License is a perfectly
valid choice as long as the software are distributed under *.php.net.

 This reading clearly fails DFSG#3 and OSD#3 at the very least, and makes
 *all* software using the PHP Licence non-free, because redistribution of
 derived works is only permitted from *.php.net which is clearly inaccep-
 table. This makes not just forking the software impossible but also dis-
 tribution of binaries made from modified sources, for example.

This is a wrong interpretation. The releases are/must be distributed
under *.php.net to be able to use the PHP License. It means that one
reading the license after having installed php using apt-get php5 will
find all software installed with php5. There is nothing wrong here and
nothing about the location of the software release is against Free
Software.

The incompatibility between Free Software's GPL and the PHP license is
only due to the naming restriction and nothing else.

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAEZPtU5aXtMHv6o4V5Fw=o-yh77Pd0pDd=o5bbnccrqn62o...@mail.gmail.com

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Stas Malyshev]

Hi!

 This reading clearly fails DFSG#3 and OSD#3 at the very least, and makes
 *all* software using the PHP Licence non-free, because redistribution of
 derived works is only permitted from *.php.net which is clearly inaccep-
 table. This makes not just forking the software impossible but also dis-
 tribution of binaries made from modified sources, for example.

I've by now read the PHP license here:
http://php.net/license/3_01.txt
about a dozen times and I still can't figure out where the claim
redistribution of derived works is only permitted from *.php.net could
come from. This of course is false both theoretically and practically.

 On the other hand, my own reading of the PHP Licence is that we may not,
 in fact, distribute (binaries of) modified versions of PHP software (the
 interpreter as well as everything else under that licence), period - but

You could not distribute other derived products bearing the name of PHP
- but distributing PHP itself is fine, since it's not a product derived
from PHP but the actual PHP. If Debian OTOH decides to make their own
fork of PHP, they can distribute it still, but not under the name of
PHP. I don't think Debian even claimed that the thing they distribute
under the name of PHP is anything but the original product, so I don't
see a problem here. I'm not sure why there's an effort to seek maximally
contorted interpretation of the rules that would appear to disallow
Debian to do something that Debian is already doing, has been doing for
years, and nobody ever objected to Debian doing and nobody ever intends
to object. To me this effort does not seem to be constructive, and not
leading to any improvement of anything, but only to more inconvenience
and annoyance to everybody involved.

 (and it would be fun if Debian distributed Icescriptinglanguage, instead
 of PHP, except for those affected).

I think taking this route would make Debian a huge disservice. Of
course, 99.999% of Debian users would immediately switch to using a
third-party repo that would include actual PHP packages instead of that
contraption, but there's no reason to inflict this onto Debian users.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53d94ed1.1020...@sugarcrm.com

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[MJ Ray]

On 30 July 2014 22:00:17 CEST, Stas Malyshev smalys...@sugarcrm.com wrote:
 If Debian OTOH decides to make their own
fork of PHP, they can distribute it still, but not under the name of
PHP. I don't think Debian even claimed that the thing they distribute
under the name of PHP is anything but the original product, so I don't
see a problem here. I'm not sure why there's an effort to seek
maximally
contorted interpretation of the rules that would appear to disallow
Debian to do something that Debian is already doing, has been doing for
years, and nobody ever objected to Debian doing and nobody ever intends
to object. To me this effort does not seem to be constructive, and not
leading to any improvement of anything, but only to more inconvenience
and annoyance to everybody involved.

I think everyone does claim that. You do know Debian doesn't just distribute 
the binaries from Php.net, right? No contortion: the php5 in Debian is a 
derived work. Here's a list of patches 
http://sources.debian.net/src/php5/5.6.0%7Erc2%2Bdfsg-5/debian/patches

I agree that renaming would not be constructive. Why can't people call this 
PHP, please, PHP project? Would you change the licence to something more usual, 
like MIT/X style?
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


--
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/c6887a8b-365a-4cae-8378-51037985d...@email.android.com

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Ángel González]

On 30/07/14 22:00, Stas Malyshev wrote:

On the other hand, my own reading of the PHP Licence is that we may not,
in fact, distribute (binaries of) modified versions of PHP software (the
interpreter as well as everything else under that licence), period - but

You could not distribute other derived products bearing the name of PHP
- but distributing PHP itself is fine, since it's not a product derived
from PHP but the actual PHP. If Debian OTOH decides to make their own
fork of PHP, they can distribute it still, but not under the name of
PHP. I don't think Debian even claimed that the thing they distribute
under the name of PHP is anything but the original product, so I don't
see a problem here. I'm not sure why there's an effort to seek maximally
contorted interpretation of the rules that would appear to disallow
Debian to do something that Debian is already doing, has been doing for
years, and nobody ever objected to Debian doing and nobody ever intends
to object. To me this effort does not seem to be constructive, and not
leading to any improvement of anything, but only to more inconvenience
and annoyance to everybody involved.

They have a point. A buggy php version with an added patch that avoids
that it crashes when run on even dates could be considered -from a legal
POV- a «derivative product of PHP». Legal-speak is quite different than
common sense.

Trying to keep the spirit of the PHP License and at the same time solve 
that
strict interpretation, I propose the following change to the PHP License 
3.01,

which will hopefully please both parties:


--- 3_01.txt2014-07-30 22:58:13.682449866 +0200
+++ 3_02.txt2014-07-30 23:20:07.332445907 +0200
@@ -24,6 +24,13 @@
  from gr...@php.net.  You may indicate that your software works in
  conjunction with PHP by saying Foo for PHP instead of calling
  it PHP Foo or phpfoo
+
+  4½ On the other hand, minor patches to products already containing
+ the PHP label, including without exception those fixing its
+ security and/or functionality, are not considered a new product
+ and do not require any additional permission. Nonetheless their
+ version string should be modified in order to clearly differenciate
+ them from the official versions published by the original author(s).

   5. The PHP Group may publish revised and/or new versions of the
  license from time to time. Each version will be given a

Notes:
There is some ambiguity on what is a «minor patch», but I feel it's better
to leave that to the courts should a lawsuit really arise (which would be a
non-clear case) than attempting to set an arbitrary limit on number of diff
lines or an appropiate ratio with the original code, which would fail sooner
or later. Use Common Sense for determining if it's a minor patch.

Still, bugfixes are explicitely listed as minor, given that they will be 
the most

common case and the one which concerns Debian modifications.

The result of those small modifications of PHP-labeled products is that 
requisites
of §3 and §4 are waived, which IMHO is in the spirit of the PHP License 
as asserted

by the current usage.

The mention for modifying the version string was inspired by Thorsten 
email, and
is related to the clause present on other licenses that a Modified work 
should be
presented as such. A variant would be changing the should into 
shall. I chose
the former version to allow waiving the requirement for trivial changes 
or those
without a clear version string (think on builds from git or from 
proposed patches).


The term “original author(s)” was preferred over “The PHP Group” for 
including works

by third parties.

PS: 4½ is just a placeholder for discussion, the final version would 
need renumbering.



Would this change have the blessing of Debian and the approval of PHP?


--
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53d969ef.7090...@gmail.com

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Walter Landry]

Ángel González keis...@gmail.com wrote:
 Trying to keep the spirit of the PHP License and at the same time
 solve that strict interpretation, I propose the following change to
 the PHP License 3.01, which will hopefully please both parties:

Stop.  Please just stop.  Please pick an existing, well known license
so that we do not have to argue *again* over whether this really
solves all of the problems.

Thanks,
Walter Landry

RES: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Alejandro Michelin Salomon (GMAIL)]

Walter :

I agree to stop discussing this.

The problem is not PHP.

Only Debian can't accept de PHP license.

The PHP License is good for PHP as is? YES!!! that's all.

Alejandro M.S

-Mensagem original-
De: Walter Landry [mailto:wlan...@caltech.edu]
Enviada em: quarta-feira, 30 de julho de 2014 19:35
Para: keis...@gmail.com
Cc: smalys...@sugarcrm.com; t...@debian.org; pecl-...@lists.php.net; 
debian-legal@lists.debian.org
Assunto: Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

 ngel Gonz lez keis...@gmail.com wrote:
 Trying to keep the spirit of the PHP License and at the same time
 solve that strict interpretation, I propose the following change to
 the PHP License 3.01, which will hopefully please both parties:

Stop.  Please just stop.  Please pick an existing, well known license so that 
we do not have to argue *again* over whether this really solves all of the 
problems.

Thanks,
Walter Landry


---
Este email está limpo de vírus e malwares porque a proteção do avast! Antivírus 
está ativa.
http://www.avast.com


--
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/019f01cfac47$be038170$3a0a8450$@com

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Stas Malyshev]

Hi!

 I think everyone does claim that. You do know Debian doesn't just

Everyone being whom specifically?

 distribute the binaries from Php.net, right? No contortion: the php5
 in Debian is a derived work. Here's a list of patches
 http://sources.debian.net/src/php5/5.6.0%7Erc2%2Bdfsg-5/debian/patches

There is no such thing as binaries from php.net, at least when
Debian-supported OSes are concerned. But even if they were, it's not a
separate product in any sane meaning of a product. Adding a config file
does not make it into a new product. Neither I have ever seen any
communication from Debian claiming it is anything but the product we all
know and love as PHP. One could invent a thousand of contorted
definition of product, including defining every binary with different
sha1 checksum as separate product, but this pointless exercise has
nothing to do with PHP and is just that - pointless.

  I agree that renaming would not be constructive. Why can't people
 call this PHP, please, PHP project? 

They can, and they were told so many, many times.

 Would you change the licence to something more usual, like MIT/X style?

No, this is completely infeasible - this would require asking permission
from every contributor from the start of the project. Moreover, this
titanic effort would be completely useless as it would achieve no useful
purpose, because everybody - including Debian - is free to distribute
PHP under PHP license right now, and nobody ever tried to prevent
anybody from doing so. Literally nobody except Debian people ever said
there's any problem in that. Frankly, I am astonished at how much effort
is spend to find trouble where there was not ever one. Can't we spend
our time on something more useful?
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/53d985bb.5030...@sugarcrm.com

Re: [PECL-DEV] Re: Re: [PHP-QA] Debian and the PHP license

[Walter Landry]

Stas Malyshev smalys...@sugarcrm.com wrote:
 Would you change the licence to something more usual, like MIT/X style?
 
 No, this is completely infeasible

That is not correct.  It is very easy to change the license because
the license has an upgrade clause (condition #5).

Cheers,
Walter Landry


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140730.175410.333118138785423294.wlan...@caltech.edu