Re: Is the APSL 2.0 DFSG-compliant?
Hello, On 8/4/22 8:30 PM, Paul Wise wrote: > What would have changed since the 2004 review of APSL 2.0? Here's a quote from that 2020 challenge of the APSL-1.2 being considered non-free in 2001: > For the APSL-1.2, it seems that the only clause that makes the > license non-DFSG-compliant is this one: > >> (c) You must make Source Code of all Your Deployed Modifications >> publicly available under the terms of this License, including >> the license grants set forth in Section 3 below, for as long as >> you Deploy the Covered Code or twelve (12) months from the date >> of initial Deployment, whichever is longer. You should >> preferably distribute the Source Code of Your Deployed >> Modifications electronically (e.g. download from a web site); > > It was claimed in [6] that this clause makes the APSL-1.2 > non-DFSG-compliant as it's not possible for Debian to keep every > single modification around for at least 12 months. > > This claim may have been valid in 2001, but I think it does not hold > up for 2020 since source code to packaging in Debian is usually > maintained in Salsa or Github and therefore keeping all modifications > available for 12 months and longer, plus there is Debian Snapshots [7] > which keeps a older versions of a package around as well - including > source code. Things like this make me question whether the 2004 decision to consider the APSL 2.0 non-DFSG-compliant is still valid in 2022. In fact, after reading through the thread [1] the wiki references making the APSL 2.0 incompatible with the DFSG, I'm not so sure it does that. IANAL, but from what I could understand it seemed that there was a good argument that the alleged non-DFSG clauses actually *did* comply with the DFSG, and that argument wasn't fully refuted. The wiki references one other thread, but that thread is specifically about the APSL 1.2, which the APSL 2.0 fixes the issues of according to the FSF. That thread was finished about two years before the APSL 2.0 came into existence. I just want to reopen the issue of whether or not the APSL 2.0, not 1.2, is DFSG-compliant, reviewing it fully instead of relying on a questionable decision made in 2001/4. Thanks, -- Ben Westover [1]: https://lists.debian.org/debian-legal/2004/06/msg00573.html OpenPGP_signature Description: OpenPGP digital signature
Re: Is the APSL 2.0 DFSG-compliant?
On Thu, 2022-08-04 at 19:09 -0400, Ben Westover wrote: > Those are based on conversations that are almost a decade old, and some > things have changed since then. I just wanted a re-review of the license > in 2022 to see if the complaints from before still hold up today. What would have changed since the 2004 review of APSL 2.0? -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: Is the APSL 2.0 DFSG-compliant?
Hello Mihai, On 8/4/22 02:03, Mihai Moldovan wrote: According to https://wiki.debian.org/DFSGLicenses#Apple_Public_Source_License_.28APSL.29 , which also lists discussions/reasoning for version 1.0 (which is considered non-free) and your desired version 2.0, it is considered free, but DFSG-incompatible. Those are based on conversations that are almost a decade old, and some things have changed since then. I just wanted a re-review of the license in 2022 to see if the complaints from before still hold up today. Thanks, -- Ben Westover OpenPGP_signature Description: OpenPGP digital signature
Re: Is the APSL 2.0 DFSG-compliant?
On Thu, 2022-08-04 at 19:15 -0400, Ben Westover wrote: > Interesting, the APSL 2.0 is seen in some relatively important > packages like Chromium and QtWebEngine. I wouldn't put any weight on the presence of the APSL 2.0 license text in the archive, probably it got into Debian in those packages due to lack of copyright/license review rather than deliberate acceptance, especially since it is in one of the many code copies in both of them. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: Is the APSL 2.0 DFSG-compliant?
Hi Walter, On August 5, 2022 1:03:18 AM EDT, Walter Landry wrote: >As someone who participated in that original exchange in 2004, APSL 2.0 >still looks impossible to follow. If Debian suddenly goes off-line, >Debian is not in compliance with the license. How exactly does Debian "go off-line", with so many mirrors and other forms of redundancy? >For all of the other >licenses, offering the source at the same time is sufficient. For APSL >2.0, Debian has to keep the source archive up for at least 12 months >since it last published a modification. Doesn't the GPL2 mandate three years of distribution for non-personal modifications? -- Ben Westover signature.asc Description: PGP signature
Re: Is the APSL 2.0 DFSG-compliant?
Ben Westover writes: > On August 5, 2022 1:03:18 AM EDT, Walter Landry wrote: >>As someone who participated in that original exchange in 2004, APSL 2.0 >>still looks impossible to follow. If Debian suddenly goes off-line, >>Debian is not in compliance with the license. > > How exactly does Debian "go off-line", with so many mirrors and other > forms of redundancy? The long arm of the law can make that happen. Whatever problems Debian may have with the law, that does not excuse its obligations under the license. But that is just if Debian wanted to distribute the code in non-free. For the main archive, the DFSG is a guarantee for the users. I know that if I, as an individual, get code from main and distribute changes, at most I will have to publish the corresponding source at the same time. The APSL requires me, personally, to make the corresponding source available for 12 months. I can not just take down my website and work on a farm. >>For all of the other >>licenses, offering the source at the same time is sufficient. For APSL >>2.0, Debian has to keep the source archive up for at least 12 months >>since it last published a modification. > > Doesn't the GPL2 mandate three years of distribution for non-personal > modifications? No. If you distribute the corresponding source at the same time, that is enough. Cheers, Walter Landry
Re: Is the APSL 2.0 DFSG-compliant?
Ben Westover writes: > Hello, > > On 8/4/22 8:30 PM, Paul Wise wrote: >> What would have changed since the 2004 review of APSL 2.0? > > Here's a quote from that 2020 challenge of the APSL-1.2 being considered > non-free in 2001: > >> For the APSL-1.2, it seems that the only clause that makes the >> license non-DFSG-compliant is this one: >> >>> (c) You must make Source Code of all Your Deployed Modifications >>> publicly available under the terms of this License, including >>> the license grants set forth in Section 3 below, for as long as >>> you Deploy the Covered Code or twelve (12) months from the date >>> of initial Deployment, whichever is longer. You should >>> preferably distribute the Source Code of Your Deployed >>> Modifications electronically (e.g. download from a web site); >> >> It was claimed in [6] that this clause makes the APSL-1.2 >> non-DFSG-compliant as it's not possible for Debian to keep every >> single modification around for at least 12 months. >> >> This claim may have been valid in 2001, but I think it does not hold >> up for 2020 since source code to packaging in Debian is usually >> maintained in Salsa or Github and therefore keeping all modifications >> available for 12 months and longer, plus there is Debian Snapshots [7] >> which keeps a older versions of a package around as well - including >> source code. > > Things like this make me question whether the 2004 decision to consider > the APSL 2.0 non-DFSG-compliant is still valid in 2022. In fact, after > reading through the thread [1] the wiki references making the APSL 2.0 > incompatible with the DFSG, I'm not so sure it does that. IANAL, but > from what I could understand it seemed that there was a good argument > that the alleged non-DFSG clauses actually *did* comply with the DFSG, > and that argument wasn't fully refuted. The wiki references one other > thread, but that thread is specifically about the APSL 1.2, which the > APSL 2.0 fixes the issues of according to the FSF. That thread was > finished about two years before the APSL 2.0 came into existence. As someone who participated in that original exchange in 2004, APSL 2.0 still looks impossible to follow. If Debian suddenly goes off-line, Debian is not in compliance with the license. For all of the other licenses, offering the source at the same time is sufficient. For APSL 2.0, Debian has to keep the source archive up for at least 12 months since it last published a modification. Cheers, Walter Landry
Re: Is the APSL 2.0 DFSG-compliant?
Hello Paul, On 8/4/22 02:32, Paul Wise wrote: The wiki describes it as being non-free and cites two threads: https://wiki.debian.org/DFSGLicenses#Apple_Public_Source_License_.28APSL.29 https://lists.debian.org/msgid-search/20010928105424z@physics.utah.edu https://lists.debian.org/msgid-search/20040626225314.5da7f9da@firenze.linux.it There are recent challenges to it being non-free in these threads: https://lists.debian.org/msgid-search/d2119303-b470-9ebe-138e-1b57deb8c...@physik.fu-berlin.de https://lists.debian.org/msgid-search/eff03d85-7990-af04-caac-57b076cc9...@physik.fu-berlin.de Thanks for these links. My choices for precedent are a conversations from almost a decade ago or a modern challenge that talks about an earlier version of that license. The APSL 1.* is very different to the APSL 2.0, and many of the previous issues with 1.* are solved in 2.0 according to the FSF. Some have argued it's less strict than even the GPL-2. I've seen a lot of those earlier conversations, but I just wanted a modern review of the license to see if version 2.0 specifically of the license is seen as DFSG-compliant in 2022, not based on 2000s precedent. There are copies of the license in Debian main: https://codesearch.debian.net/search?q=APPLE+PUBLIC+SOURCE+LICENSE=1 Interesting, the APSL 2.0 is seen in some relatively important packages like Chromium and QtWebEngine. Thanks for the info! -- Ben Westover OpenPGP_signature Description: OpenPGP digital signature
Re: Is the APSL 2.0 DFSG-compliant?
On Wed, 2022-08-03 at 23:00 -0400, Ben Westover wrote: > I was wondering if the Apple Public Source License (version 2.0) > complies with the DFSG. The Free Software Foundation considers it to be > a free software license (https://www.gnu.org/philosophy/apsl.en.html), > but I just wanted to make sure it's compatible with the DFSG. Below is > the full text of the license. I don't know about that, but I note some things: The wiki describes it as being non-free and cites two threads: https://wiki.debian.org/DFSGLicenses#Apple_Public_Source_License_.28APSL.29 https://lists.debian.org/msgid-search/20010928105424z@physics.utah.edu https://lists.debian.org/msgid-search/20040626225314.5da7f9da@firenze.linux.it There are recent challenges to it being non-free in these threads: https://lists.debian.org/msgid-search/d2119303-b470-9ebe-138e-1b57deb8c...@physik.fu-berlin.de https://lists.debian.org/msgid-search/eff03d85-7990-af04-caac-57b076cc9...@physik.fu-berlin.de There are copies of the license in Debian main: https://codesearch.debian.net/search?q=APPLE+PUBLIC+SOURCE+LICENSE=1 -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: Is the APSL 2.0 DFSG-compliant?
* On 8/4/22 05:00, Ben Westover wrote: > I was wondering if the Apple Public Source License (version 2.0) > complies with the DFSG. The Free Software Foundation considers it to be > a free software license (https://www.gnu.org/philosophy/apsl.en.html), > but I just wanted to make sure it's compatible with the DFSG. According to https://wiki.debian.org/DFSGLicenses#Apple_Public_Source_License_.28APSL.29 , which also lists discussions/reasoning for version 1.0 (which is considered non-free) and your desired version 2.0, it is considered free, but DFSG-incompatible. Mihai OpenPGP_signature Description: OpenPGP digital signature