Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
> On Sat, 9 Sep 2017, R0b0t1 wrote: > I suspect the links in ebuilds are more like torrent files, in which > case I think it makes sense to wait to be contacted to remove the > links. Ebuilds aren't hypertext, so by definition they don't contain any "links". They merely contain lists of URIs. You even cannot cut and paste a typical SRC_URI to a browser, because it will choke on things like ${P}, mirror://, arrows, USE-conditional syntax, etc. Ulrich pgpFBMHggTW9H.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Sat, Sep 9, 2017 at 3:58 AM, Kent Fredric wrote: > On Fri, 8 Sep 2017 20:33:49 -0500 > R0b0t1 wrote: > >> In any case it is my understanding that the issue is that simple. It's >> the reason torrents and magnet links exist, and why there are no legal >> claims possible against websites which host magnet links. > > The entire court case against PirateBay was based on that. > > And the court case was won against PirateBay > > https://en.wikipedia.org/wiki/The_Pirate_Bay_trial#Trial_and_courtroom_charges > >> The court found that the defendants were all guilty of accessory to >> crime against copyright law, strengthened by the commercial and >> organized nature of the activity. > This was normal torrents, not magnet links? Was the complaint retried against someone else who was hosting a magnet link website? I suspect the links in ebuilds are more like torrent files, in which case I think it makes sense to wait to be contacted to remove the links. Otherwise, lots of other precautions should be taken, such as disclaiming liability for acts of terrorism perpetrated using Gentoo.
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, 8 Sep 2017 20:33:49 -0500 R0b0t1 wrote: > In any case it is my understanding that the issue is that simple. It's > the reason torrents and magnet links exist, and why there are no legal > claims possible against websites which host magnet links. The entire court case against PirateBay was based on that. And the court case was won against PirateBay https://en.wikipedia.org/wiki/The_Pirate_Bay_trial#Trial_and_courtroom_charges > The court found that the defendants were all guilty of accessory to > crime against copyright law, strengthened by the commercial and > organized nature of the activity. pgpG_n42ZpQNE.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, Sep 8, 2017 at 8:33 PM, R0b0t1 wrote: > On Fri, Sep 8, 2017 at 10:56 AM, Kent Fredric wrote: >> On Fri, 8 Sep 2017 10:11:51 -0500 >> R0b0t1 wrote: >> >>> Then I'm quite confused as to why people seem to be extremely attentive to >>> copyright infringement (besides an immediate payout). In the US they cite >>> the reasoning I gave, from memory. >>> >>> Maybe that was for trademarks? >> >> This is one of those problems where the nebulous term "IP" has infected >> our thinking. >> >> Yes, US is very *copyright* infringement zealous. >> >> But Trademark and Copyright are very different beasts. >> >> Trademarks (read: brands, company names, company symbols, etc) do >> expire much shorter, but that's due to other reasons. Namely, that if >> your company ceases to be doing business for 10 years, nobody is harmed >> by people using a name of a company that doesn't exist, because >> "Trademark protection" is largely a device to prevent competitors >> claiming they're you, and to prevent competitors selling products >> claiming you made them. >> >> Copyright (read: the right to publish, distribute, and sell) has a much >> longer life as the results of that can be inheritable, eg: profits from >> sale copyrighted works can go towards the estate of the author of those >> works after the death of that author. >> >> There are documented *exceptions* to this, but they don't apply to us >> as they apply to public institutions such as archives and libraries. >> >> And there are exceptions in cases of "fair use", which Gentoo does not >> fall under. >> >> So, even though it is true that copyright expires, copy right expiry >> dates are currently such that most juristictions don't have any >> software that could conceivably exist that expires. >> >> If the expiry period is 50 years, and there's no software in >> circulation older than 30, its kindof a moot point to argue software >> that is less than 10 years old might have expired. >> > > There's nothing in this though that says a copyright couldn't be > weakened by failure to enforce claims against infringers. However, it > happens that copyright law allows selective enforcement. > >>> >> Sir, please see my above comment about building ballistic missiles. >>> >> It may be important for the Gentoo Foundation to add a disclaimer >>> >> similar to the one I mentioned. I would hate for the Foundation or >>> >> any of its administrators or contributors to be found guilty of >>> >> aiding and abetting terrorists. >>> > >>> > Yeah. Stop trolling, please. >>> > >>> >>> I am being completely serious. You can find such a clause in the iTunes >>> license. >>> >>> If it seems ridiculous please reconsider the subject in question. >> >> I'm not sure how enforceable that clause is as a License. >> >> As a Warranty, sure. >> > > The point isn't to be practically enforceable. If someone put their > mind to using iTunes to make an ICBM I'm sure no one could stop them. > The point is that Apple has now disclaimed liability for terrorist > acts associated with iTunes in a very legally important way, which I > believe is related to export restrictions (the item of interest likely > being the cryptography portions of the digital restrictions management > code). > >> "if you use it for this, don't blame us if bad things happen, we told >> you not to" >> > > There's a myriad of laws that duplicate the intent of the basic laws > against property damage and taking life. > My apologies. In my dimwittedness I forgot to finish this section. There's a lot of overlapping laws that duplicate things already in existence. Likewise, people keep attempting to disclaim whatever liability the law tells them they have in shrinkwrap contracts. A good example is Li-Ion batteries. Did you know you're supposed to watch them and not let them out of your sight while charging? If you leave them out of your sight or do not take additional precautions that no reasonable person I know would take, then the manufacturer claims they are not responsible for property damage (read: fires) due to their product's defects. However, in fairly recent memory, the fires cause by Samsung phones were being blamed on Samsung, and other smaller suits have been won against battery manufacturers. >> Also, those are typically things that fall under "National Laws" and it >> doesn't really make sense to have to explicitly articulate in a >> software license that its intended use is to be done within the scope >> of your local governing laws. >> >> You're bound to follow local law regardless of whether you accept or >> reject a given license. So, its kinda moot. >> > > It is my understanding that this realization supports the view that > the link should be left in. It's up to the user of the software, radio > broadcasting kit, car, etc, to use the item in a responsible manner. > > I am worried about ceding rights where it is not necessary to do so. A > good analogue to the situation at hand is crowdfunded electronics > projec
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, Sep 8, 2017 at 10:56 AM, Kent Fredric wrote: > On Fri, 8 Sep 2017 10:11:51 -0500 > R0b0t1 wrote: > >> Then I'm quite confused as to why people seem to be extremely attentive to >> copyright infringement (besides an immediate payout). In the US they cite >> the reasoning I gave, from memory. >> >> Maybe that was for trademarks? > > This is one of those problems where the nebulous term "IP" has infected > our thinking. > > Yes, US is very *copyright* infringement zealous. > > But Trademark and Copyright are very different beasts. > > Trademarks (read: brands, company names, company symbols, etc) do > expire much shorter, but that's due to other reasons. Namely, that if > your company ceases to be doing business for 10 years, nobody is harmed > by people using a name of a company that doesn't exist, because > "Trademark protection" is largely a device to prevent competitors > claiming they're you, and to prevent competitors selling products > claiming you made them. > > Copyright (read: the right to publish, distribute, and sell) has a much > longer life as the results of that can be inheritable, eg: profits from > sale copyrighted works can go towards the estate of the author of those > works after the death of that author. > > There are documented *exceptions* to this, but they don't apply to us > as they apply to public institutions such as archives and libraries. > > And there are exceptions in cases of "fair use", which Gentoo does not > fall under. > > So, even though it is true that copyright expires, copy right expiry > dates are currently such that most juristictions don't have any > software that could conceivably exist that expires. > > If the expiry period is 50 years, and there's no software in > circulation older than 30, its kindof a moot point to argue software > that is less than 10 years old might have expired. > There's nothing in this though that says a copyright couldn't be weakened by failure to enforce claims against infringers. However, it happens that copyright law allows selective enforcement. >> >> Sir, please see my above comment about building ballistic missiles. >> >> It may be important for the Gentoo Foundation to add a disclaimer >> >> similar to the one I mentioned. I would hate for the Foundation or >> >> any of its administrators or contributors to be found guilty of >> >> aiding and abetting terrorists. >> > >> > Yeah. Stop trolling, please. >> > >> >> I am being completely serious. You can find such a clause in the iTunes >> license. >> >> If it seems ridiculous please reconsider the subject in question. > > I'm not sure how enforceable that clause is as a License. > > As a Warranty, sure. > The point isn't to be practically enforceable. If someone put their mind to using iTunes to make an ICBM I'm sure no one could stop them. The point is that Apple has now disclaimed liability for terrorist acts associated with iTunes in a very legally important way, which I believe is related to export restrictions (the item of interest likely being the cryptography portions of the digital restrictions management code). > "if you use it for this, don't blame us if bad things happen, we told > you not to" > There's a myriad of laws that duplicate the intent of the basic laws against property damage and taking life. > Also, those are typically things that fall under "National Laws" and it > doesn't really make sense to have to explicitly articulate in a > software license that its intended use is to be done within the scope > of your local governing laws. > > You're bound to follow local law regardless of whether you accept or > reject a given license. So, its kinda moot. > It is my understanding that this realization supports the view that the link should be left in. It's up to the user of the software, radio broadcasting kit, car, etc, to use the item in a responsible manner. I am worried about ceding rights where it is not necessary to do so. A good analogue to the situation at hand is crowdfunded electronics projects that try to be FCC compliant, or delay shipping to obtain FCC compliance. They don't need to. They're almost always a product not intended for end users or an incomplete product. This makes me afraid, sir, because it may be the case in the future I can not produce any electronic equipment on my own. Likewise, being unable to tell someone where to download something is another situation that makes me afraid. > If your government goes and uses your software for military > applications despite your license saying "don't", I'm not really sure > you'll have much in the way of recourse. > I'm pretty sure it would be one of the rare times, at least in the US, that the government does not have sovereign immunity. > If it was that simple I'd just start putting license terms that > prohibits people from using software I wrote as part of a state > approved mass surveillance platform > If you did this the military would abide by your license. They'd just
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, Sep 8, 2017 at 11:15 AM, Ciaran McCreesh < ciaran.mccre...@googlemail.com> wrote: > On Fri, 8 Sep 2017 11:10:54 -0500 > Gordon Pettey wrote: > > And this is all irrelevant since the copyright applies to the > > software, not the location you obtain it from. Nobody commits > > copyright infringement by buying a used book from their neighbour > > instead of buying it at Half Price Books. > > Distribution licenses are another thing, but if the original SRC_URI > > from the ebuild wasn't RESTICT="fetch", what makes anybody think that > > would suddenly change with a new SRC_URI? > > Are you a lawyer, and does this constitute legal advice? I ask, because > the lawyers I've spoken to about a similar issue seemed to think it > wasn't that simple. > Since - just like you - I'm not lawyer, I have no obligation whatsoever to say whether or not anything I say is legal advice. And so you can avoid this the-sky-is-falling legal nonsense, here's yet another SRC_URI from the author himself: https://onedrive.live.com/download?resid=14984242E2F69941!25302&authkey=!AEUh_81RXMobRbo&ithint=file%2cexe See http://www.familyofadam.com/mod/nwn_downloads.aspx
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, 8 Sep 2017 11:10:54 -0500 Gordon Pettey wrote: > Distribution licenses are another thing, but if the original SRC_URI from > the ebuild wasn't RESTICT="fetch", what makes anybody think that would > suddenly change with a new SRC_URI? I've seen terms that state people aren't allowed to re-host anything, and may only obtain a resource from a specified URL ( including details of how people should link to the resource ) Its a bit contorted, but fits the bill. pgp9EHkMlbR5x.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, 8 Sep 2017 11:10:54 -0500 Gordon Pettey wrote: > And this is all irrelevant since the copyright applies to the > software, not the location you obtain it from. Nobody commits > copyright infringement by buying a used book from their neighbour > instead of buying it at Half Price Books. > Distribution licenses are another thing, but if the original SRC_URI > from the ebuild wasn't RESTICT="fetch", what makes anybody think that > would suddenly change with a new SRC_URI? Are you a lawyer, and does this constitute legal advice? I ask, because the lawyers I've spoken to about a similar issue seemed to think it wasn't that simple. -- Ciaran McCreesh
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
And this is all irrelevant since the copyright applies to the software, not the location you obtain it from. Nobody commits copyright infringement by buying a used book from their neighbour instead of buying it at Half Price Books. Distribution licenses are another thing, but if the original SRC_URI from the ebuild wasn't RESTICT="fetch", what makes anybody think that would suddenly change with a new SRC_URI? On Fri, Sep 8, 2017 at 11:05 AM, Ciaran McCreesh < ciaran.mccre...@googlemail.com> wrote: > On Sat, 9 Sep 2017 03:56:38 +1200 > Kent Fredric wrote: > > > >> Sir, please see my above comment about building ballistic > > > >> missiles. It may be important for the Gentoo Foundation to add a > > > >> disclaimer similar to the one I mentioned. I would hate for the > > > >> Foundation or any of its administrators or contributors to be > > > >> found guilty of aiding and abetting terrorists. > > > > > > > > Yeah. Stop trolling, please. > > > > > > > > > > I am being completely serious. You can find such a clause in the > > > iTunes license. > > > > > > If it seems ridiculous please reconsider the subject in question. > > > > I'm not sure how enforceable that clause is as a License. > > Until recently, there was a clause in the Nauty licence prohibiting use > in "military applications". This was sufficient for the highly paid > lawyers who looked at it to recommend not redistributing Nauty as part > of the GAP computer algebra system, because computer algebra could > conceivably be used for blowing stuff up. > > -- > Ciaran McCreesh > >
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Sat, 9 Sep 2017 03:56:38 +1200 Kent Fredric wrote: > > >> Sir, please see my above comment about building ballistic > > >> missiles. It may be important for the Gentoo Foundation to add a > > >> disclaimer similar to the one I mentioned. I would hate for the > > >> Foundation or any of its administrators or contributors to be > > >> found guilty of aiding and abetting terrorists. > > > > > > Yeah. Stop trolling, please. > > > > > > > I am being completely serious. You can find such a clause in the > > iTunes license. > > > > If it seems ridiculous please reconsider the subject in question. > > I'm not sure how enforceable that clause is as a License. Until recently, there was a clause in the Nauty licence prohibiting use in "military applications". This was sufficient for the highly paid lawyers who looked at it to recommend not redistributing Nauty as part of the GAP computer algebra system, because computer algebra could conceivably be used for blowing stuff up. -- Ciaran McCreesh
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, 8 Sep 2017 10:11:51 -0500 R0b0t1 wrote: > Then I'm quite confused as to why people seem to be extremely attentive to > copyright infringement (besides an immediate payout). In the US they cite > the reasoning I gave, from memory. > > Maybe that was for trademarks? This is one of those problems where the nebulous term "IP" has infected our thinking. Yes, US is very *copyright* infringement zealous. But Trademark and Copyright are very different beasts. Trademarks (read: brands, company names, company symbols, etc) do expire much shorter, but that's due to other reasons. Namely, that if your company ceases to be doing business for 10 years, nobody is harmed by people using a name of a company that doesn't exist, because "Trademark protection" is largely a device to prevent competitors claiming they're you, and to prevent competitors selling products claiming you made them. Copyright (read: the right to publish, distribute, and sell) has a much longer life as the results of that can be inheritable, eg: profits from sale copyrighted works can go towards the estate of the author of those works after the death of that author. There are documented *exceptions* to this, but they don't apply to us as they apply to public institutions such as archives and libraries. And there are exceptions in cases of "fair use", which Gentoo does not fall under. So, even though it is true that copyright expires, copy right expiry dates are currently such that most juristictions don't have any software that could conceivably exist that expires. If the expiry period is 50 years, and there's no software in circulation older than 30, its kindof a moot point to argue software that is less than 10 years old might have expired. > >> Sir, please see my above comment about building ballistic missiles. > >> It may be important for the Gentoo Foundation to add a disclaimer > >> similar to the one I mentioned. I would hate for the Foundation or > >> any of its administrators or contributors to be found guilty of > >> aiding and abetting terrorists. > > > > Yeah. Stop trolling, please. > > > > I am being completely serious. You can find such a clause in the iTunes > license. > > If it seems ridiculous please reconsider the subject in question. I'm not sure how enforceable that clause is as a License. As a Warranty, sure. "if you use it for this, don't blame us if bad things happen, we told you not to" Also, those are typically things that fall under "National Laws" and it doesn't really make sense to have to explicitly articulate in a software license that its intended use is to be done within the scope of your local governing laws. You're bound to follow local law regardless of whether you accept or reject a given license. So, its kinda moot. If your government goes and uses your software for military applications despite your license saying "don't", I'm not really sure you'll have much in the way of recourse. If it was that simple I'd just start putting license terms that prohibits people from using software I wrote as part of a state approved mass surveillance platform pgpR8fTo1LFd2.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Friday, September 8, 2017, Ulrich Mueller wrote: >> On Thu, 7 Sep 2017, R0b0t1 wrote: > >> Downloading does not imply committing a felony. As far as anyone can >> tell it is impossible to prosecute someone for downloading something >> they already own (regardless of what any EULA has claimed). > > Sure, if the user already has rightfully obtained the software then > nothing can stop him from downloading it again. > >> Further, copyrights lapse if not enforced. Depending on how long >> that download has been up the original rightsholder has forfeited >> their claim to their work. > > Copyright expires no sooner than 50 years after the author's death: > https://en.wikipedia.org/wiki/Berne_Convention > In most countries that term is even longer, e.g. 70 years in the > European Union. > > Also contrary to popular belief, there is no such concept as > "abandonware". In some legislations, there are some provisions to > allow archiving of orphan works, but only for public institutions > (e.g. in the EU, museums and digital archives). > Then I'm quite confused as to why people seem to be extremely attentive to copyright infringement (besides an immediate payout). In the US they cite the reasoning I gave, from memory. Maybe that was for trademarks? >> Sir, please see my above comment about building ballistic missiles. >> It may be important for the Gentoo Foundation to add a disclaimer >> similar to the one I mentioned. I would hate for the Foundation or >> any of its administrators or contributors to be found guilty of >> aiding and abetting terrorists. > > Yeah. Stop trolling, please. > I am being completely serious. You can find such a clause in the iTunes license. If it seems ridiculous please reconsider the subject in question. R0b0t1.
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, Sep 8, 2017 at 6:09 AM, Ulrich Mueller wrote: > > Quoting from "all-rights-reserved": > > | This package has an explicit "all rights reserved" clause, or comes > | without any license, or only with a disclaimer. This means that you > | have only the rights that are granted to you by law. If you have > | lawfully acquired a copy of the program (e.g., by buying it or by > | downloading it from the author's site) then in many legislations you > | are allowed to compile it, run it, make a backup, and to patch it as > | necessary, without permission from the copyright holder. > > Note that it explicitly says "downloading from the author's site". It also explicitly says "e.g." This means that this is merely one way of lawfully acquiring a copy of the program, and that other ways may exist. It sounds pedantic but this is the whole reason that "e.g." exists as opposed to "i.e." and courts certainly would read the policy in this way because lawyers distinguish between the two all the time. > I still think that we should handle this in a restrictive way, and > permit only sites where we can be reasonably certain that they > distribute the software with the copyright holder's approval. Sure, that's you opinion, and I have a different opinion, and kentnl has another opinion. This is why we have processes to turn those opinions into documented policies so that we can be consistent. Failing to do this can cause all kinds of problems. Suppose we remove this package. Suppose we don't remove some other package with the same problem. In the absence of a written policy one way or another somebody could cite your statement as a concession. > > Why not follow kentnl's suggestion? If you don't want to figure out > what the connection between the author and the download site is, then > make the ebuild fetch restricted, and have the user download the > file manually. I'd also suggest to put only the file's basename in > SRC_URI then. > It would be inconvenient for the user. That's why we don't fetch-restrict every package in the tree, even though doing so would lower our risk of getting sued. Maybe the Linux foundation redistributes something it shouldn't. I doubt it, but it could happen. If we fetch-restricted the kernel then we'd be covered if another SCO comes along. But, that would be ridiculous. We don't even do that with things like libcss which are higher risk. -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
> On Thu, 7 Sep 2017, Rich Freeman wrote: > On Thu, Sep 7, 2017 at 5:18 PM, Michał Górny wrote: >> W dniu czw, 07.09.2017 o godzinie 16∶42 -0400, użytkownik Rich Freeman >> napisał: >>> Are you saying it is sufficient to just point the SRC_URI at the >>> new URL and remove the mask? As far as I can tell that is all that >>> needs to be done. Per the policy the license is readily apparent, >>> so there is no need to contact the authors. Huh? The very problem here is that the package has *no* license. The LICENSE variable was always mandatory, so originally a package without a license (like the one mentioned in the subject) could not be added to the tree. Or, devs would tag it with the infamous "as-is" license label. Cleaning up the resulting mess was quite a nightmare [1]. Later it was noticed that there is a specific class of software where there is no license, but that are up for download at their author's site. Examples were dev-libs/djb and other packages related to qmail. We then came up with the "all-rights-reserved" license label [2], in order to permit such software in the tree. (You should be aware of this, because you were a trustee back then). Quoting from "all-rights-reserved": | This package has an explicit "all rights reserved" clause, or comes | without any license, or only with a disclaimer. This means that you | have only the rights that are granted to you by law. If you have | lawfully acquired a copy of the program (e.g., by buying it or by | downloading it from the author's site) then in many legislations you | are allowed to compile it, run it, make a backup, and to patch it as | necessary, without permission from the copyright holder. Note that it explicitly says "downloading from the author's site". I still think that we should handle this in a restrictive way, and permit only sites where we can be reasonably certain that they distribute the software with the copyright holder's approval. >> I don't know what is sufficient. It's your business as the new >> maintainer to figure it out and take the responsibility. If there's >> nobody willing to do that, then we don't get to keep the package. >> Simple as that. > And how would I figure it out, considering that simply asking on the > list doesn't seem to yield a straight answer? Do you really need me > to put it on the Council agenda? Or do we unmask it, let QA mask it > 10 minutes later, then go back and forth for a month, and THEN put it > on the Council agenda? Why not follow kentnl's suggestion? If you don't want to figure out what the connection between the author and the download site is, then make the ebuild fetch restricted, and have the user download the file manually. I'd also suggest to put only the file's basename in SRC_URI then. Ulrich [1] https://bugs.gentoo.org/436214 [2] https://bugs.gentoo.org/24 pgpfrj8f19GzK.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Fri, Sep 8, 2017 at 2:52 AM, Michał Górny wrote: > > Maybe find yourself a lawyer, and ask him. We're all volunteers, I've already done the research. There is no legal requirement to contact the authors before changing the SRC_URI. > and we're no in way obligated to give legal advices to you or anyone > in particular. I'm not asking for legal advice. Somebody suggested a solution. ulm objected to that solution. I'm merely asking that those trying to stop a problem from being solved to point to a written policy, because that is how virtually every organization on the planet works. If you don't put the impetus on the person trying to block action, then nothing gets done, because posting an objection on a mailing list costs nothing. > Especially if it all started with the tone 'how dare you > remove this?!' > I certainly never objected to the removal of the package. It didn't fetch and was unmaintained. Of course it should have been treecleaned. Maybe somebody else had that tone, and if that concerns you I suggest you take it up with them. -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
> On Thu, 7 Sep 2017, R0b0t1 wrote: > Downloading does not imply committing a felony. As far as anyone can > tell it is impossible to prosecute someone for downloading something > they already own (regardless of what any EULA has claimed). Sure, if the user already has rightfully obtained the software then nothing can stop him from downloading it again. > Further, copyrights lapse if not enforced. Depending on how long > that download has been up the original rightsholder has forfeited > their claim to their work. Copyright expires no sooner than 50 years after the author's death: https://en.wikipedia.org/wiki/Berne_Convention In most countries that term is even longer, e.g. 70 years in the European Union. Also contrary to popular belief, there is no such concept as "abandonware". In some legislations, there are some provisions to allow archiving of orphan works, but only for public institutions (e.g. in the EU, museums and digital archives). > Sir, please see my above comment about building ballistic missiles. > It may be important for the Gentoo Foundation to add a disclaimer > similar to the one I mentioned. I would hate for the Foundation or > any of its administrators or contributors to be found guilty of > aiding and abetting terrorists. Yeah. Stop trolling, please. Ulrich pgpnabBWWiRtr.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
W dniu czw, 07.09.2017 o godzinie 17∶56 -0400, użytkownik Rich Freeman napisał: > On Thu, Sep 7, 2017 at 5:18 PM, Michał Górny wrote: > > W dniu czw, 07.09.2017 o godzinie 16∶42 -0400, użytkownik Rich Freeman > > napisał: > > > On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny wrote: > > > > W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman > > > > napisał: > > > > > On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller > > > > > wrote: > > > > > > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: > > > > > > > > > > > > Don't you think there is a difference between downloading a package > > > > > > that has a known upstream and that is also carried by other distros, > > > > > > and downloading a license-less package from a random location on the > > > > > > internet? > > > > > > > > > > Most upstreams do not do much checking about the ownership of their > > > > > sources. > > > > > > > > > > Gentoo certainly doesn't - we don't even require developers to submit > > > > > a DCO. > > > > > > > > > > Other projects like the Linux kernel require signing a DCO for each > > > > > commit, but do not do any checking beyond this. I have no doubt that > > > > > they would remove offending sources if they were contacted, but they > > > > > do not actively go out and confirm authorship. > > > > > > > > > > > > > > > > > > > The package in question doesn't come with any license though, > > > > > > > > which > > > > > > > > means that only the copyright holder has the right to distribute > > > > > > > > it. So I believe that some extra care is justified, especially > > > > > > > > when > > > > > > > > the upstream location of the distfile has changed. > > > > > > > > > > > > > > Why? We don't redistribute anything that is copyrighted. > > > > > > > > > > > > Users download the file, and I think that we are responsible to have > > > > > > only such SRC_URIs in our ebuilds from where they can obtain the > > > > > > package without being exposed to potential legal issues. > > > > > > > > > > I'm not aware of any court rulings that have found downloading > > > > > something like this to be illegal. > > > > > > > > > > > > > > > > > > Perhaps if we want to enforce a policy like this we should take > > > > > > > the > > > > > > > time to actually write the policy down. As far as I can tell > > > > > > > Gentoo > > > > > > > has no such policy currently. > > > > > > > > > > > > The old Games Ebuild Howto [1] has this: > > > > > > > > > > > > > LICENSE > > > > > > > > > > > > > > The license is an important point in your ebuild. It is also a > > > > > > > common place for making mistakes. Try to check the license on any > > > > > > > ebuild that you submit. Often times, the license will be in a > > > > > > > COPYING file, distributed in the package's tarball. If the license > > > > > > > is not readily apparent, try contacting the authors of the package > > > > > > > for clarification. [...] > > > > > > > > > > > > I propose to add the paragraph above to the devmanual's licenses > > > > > > section. > > > > > > > > > > > > > > > > We already know there isn't a license for redistribution. This > > > > > doesn't speak about requiring us to ensure that those distributing our > > > > > source files have the rights to do so. It merely says to check the > > > > > license. We understand the license already. I don't see how this > > > > > paragraph pertains to this situation. > > > > > > > > AFAIK you're a developer. So if you want to keep this package, then > > > > please do the needful and take care of it yourself instead of > > > > complaining and demanding others to do the work you want done. > > > > > > > > > > Are you saying it is sufficient to just point the SRC_URI at the new > > > URL and remove the mask? As far as I can tell that is all that needs > > > to be done. Per the policy the license is readily apparent, so there > > > is no need to contact the authors. > > > > > > > I don't know what is sufficient. It's your business as the new > > maintainer to figure it out and take the responsibility. If there's > > nobody willing to do that, then we don't get to keep the package. Simple > > as that. > > > > And how would I figure it out, considering that simply asking on the > list doesn't seem to yield a straight answer? Do you really need me > to put it on the Council agenda? Or do we unmask it, let QA mask it > 10 minutes later, then go back and forth for a month, and THEN put it > on the Council agenda? Maybe find yourself a lawyer, and ask him. We're all volunteers, and we're no in way obligated to give legal advices to you or anyone in particular. Especially if it all started with the tone 'how dare you remove this?!' -- Best regards, Michał Górny
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Thu, 7 Sep 2017 17:56:32 -0400 Rich Freeman wrote: > And how would I figure it out, considering that simply asking on the > list doesn't seem to yield a straight answer? Do you really need me > to put it on the Council agenda? Or do we unmask it, let QA mask it > 10 minutes later, then go back and forth for a month, and THEN put it > on the Council agenda? > > -- Surely RESTRICT=fetch and then just do a "Hey look, the legal here is not clear so you need to acquire this yourself after making sure you have the rights to do so" You know, like we do for things that can only be installed with a physical copy. pgpXMW8l28_lm.pgp Description: OpenPGP digital signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
Hello, On Thu, Sep 7, 2017 at 8:04 AM, Ulrich Mueller wrote: >> On Thu, 7 Sep 2017, Rich Freeman wrote: > Do we routinely confirm that any site we list in SRC_URI has permission to redistribute files? That seems like a slippery slope. >>> >>> We don't, and for a package that comes with a license (as the vast >>> majority of packages does) it normally isn't necessary. > >> Why isn't this necessary? How do you know the person issuing the >> license actually has the right to issue it? > > Don't you think there is a difference between downloading a package > that has a known upstream and that is also carried by other distros, > and downloading a license-less package from a random location on the > internet? > >>> The package in question doesn't come with any license though, which >>> means that only the copyright holder has the right to distribute >>> it. So I believe that some extra care is justified, especially when >>> the upstream location of the distfile has changed. > >> Why? We don't redistribute anything that is copyrighted. > > Users download the file, and I think that we are responsible to have > only such SRC_URIs in our ebuilds from where they can obtain the > package without being exposed to potential legal issues. > Downloading does not imply committing a felony. As far as anyone can tell it is impossible to prosecute someone for downloading something they already own (regardless of what any EULA has claimed). Further, copyrights lapse if not enforced. Depending on how long that download has been up the original rightsholder has forfeited their claim to their work. It's also really hard to convince a judge or jury that I am to blame if someone follows my instructions (save for specific cases where I could be considered a subject matter expert). E.g. it's possible to sell radio kits that are illegal to put together and operate. >> Are you arguing that merely linking to the file is illegal? If so, >> then you better get the list archives purged. > > Arguably, items in SRC_URI aren't even hyperlinks. And no, I don't > think that such linking is illegal. IANAL, though. > It is at this point I would suggest that you have defeated your own argument. >>> We don't know this for sure unless we ask the author. So whoever is >>> interested in keeping the package in the tree should sort these >>> issues out. > >> Perhaps if we want to enforce a policy like this we should take the >> time to actually write the policy down. As far as I can tell Gentoo >> has no such policy currently. > > The old Games Ebuild Howto [1] has this: > > | LICENSE > | > | The license is an important point in your ebuild. It is also a > | common place for making mistakes. Try to check the license on any > | ebuild that you submit. Often times, the license will be in a > | COPYING file, distributed in the package's tarball. If the license > | is not readily apparent, try contacting the authors of the package > | for clarification. [...] > > I propose to add the paragraph above to the devmanual's licenses > section. > Should the Gentoo foundation include a disclaimer that the software distributed by it is not to be used to build ballistic missiles or run nuclear arms programs? Users might do those things, and Gentoo might be liable for the consequences if they do. On Thu, Sep 7, 2017 at 4:56 PM, Rich Freeman wrote: > Do you really need me to put it on the Council agenda? Sir, please see my above comment about building ballistic missiles. It may be important for the Gentoo Foundation to add a disclaimer similar to the one I mentioned. I would hate for the Foundation or any of its administrators or contributors to be found guilty of aiding and abetting terrorists. Respectfully, R0b0t1
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Thu, Sep 7, 2017 at 5:18 PM, Michał Górny wrote: > W dniu czw, 07.09.2017 o godzinie 16∶42 -0400, użytkownik Rich Freeman > napisał: >> On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny wrote: >> > W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman >> > napisał: >> > > On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller wrote: >> > > > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: >> > > > >> > > > Don't you think there is a difference between downloading a package >> > > > that has a known upstream and that is also carried by other distros, >> > > > and downloading a license-less package from a random location on the >> > > > internet? >> > > >> > > Most upstreams do not do much checking about the ownership of their >> > > sources. >> > > >> > > Gentoo certainly doesn't - we don't even require developers to submit a >> > > DCO. >> > > >> > > Other projects like the Linux kernel require signing a DCO for each >> > > commit, but do not do any checking beyond this. I have no doubt that >> > > they would remove offending sources if they were contacted, but they >> > > do not actively go out and confirm authorship. >> > > >> > > > >> > > > > > The package in question doesn't come with any license though, which >> > > > > > means that only the copyright holder has the right to distribute >> > > > > > it. So I believe that some extra care is justified, especially when >> > > > > > the upstream location of the distfile has changed. >> > > > > >> > > > > Why? We don't redistribute anything that is copyrighted. >> > > > >> > > > Users download the file, and I think that we are responsible to have >> > > > only such SRC_URIs in our ebuilds from where they can obtain the >> > > > package without being exposed to potential legal issues. >> > > >> > > I'm not aware of any court rulings that have found downloading >> > > something like this to be illegal. >> > > >> > > > >> > > > > Perhaps if we want to enforce a policy like this we should take the >> > > > > time to actually write the policy down. As far as I can tell Gentoo >> > > > > has no such policy currently. >> > > > >> > > > The old Games Ebuild Howto [1] has this: >> > > > >> > > > > LICENSE >> > > > > >> > > > > The license is an important point in your ebuild. It is also a >> > > > > common place for making mistakes. Try to check the license on any >> > > > > ebuild that you submit. Often times, the license will be in a >> > > > > COPYING file, distributed in the package's tarball. If the license >> > > > > is not readily apparent, try contacting the authors of the package >> > > > > for clarification. [...] >> > > > >> > > > I propose to add the paragraph above to the devmanual's licenses >> > > > section. >> > > > >> > > >> > > We already know there isn't a license for redistribution. This >> > > doesn't speak about requiring us to ensure that those distributing our >> > > source files have the rights to do so. It merely says to check the >> > > license. We understand the license already. I don't see how this >> > > paragraph pertains to this situation. >> > >> > AFAIK you're a developer. So if you want to keep this package, then >> > please do the needful and take care of it yourself instead of >> > complaining and demanding others to do the work you want done. >> > >> >> Are you saying it is sufficient to just point the SRC_URI at the new >> URL and remove the mask? As far as I can tell that is all that needs >> to be done. Per the policy the license is readily apparent, so there >> is no need to contact the authors. >> > > I don't know what is sufficient. It's your business as the new > maintainer to figure it out and take the responsibility. If there's > nobody willing to do that, then we don't get to keep the package. Simple > as that. > And how would I figure it out, considering that simply asking on the list doesn't seem to yield a straight answer? Do you really need me to put it on the Council agenda? Or do we unmask it, let QA mask it 10 minutes later, then go back and forth for a month, and THEN put it on the Council agenda? -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
W dniu czw, 07.09.2017 o godzinie 16∶42 -0400, użytkownik Rich Freeman napisał: > On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny wrote: > > W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman > > napisał: > > > On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller wrote: > > > > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: > > > > > > > > Don't you think there is a difference between downloading a package > > > > that has a known upstream and that is also carried by other distros, > > > > and downloading a license-less package from a random location on the > > > > internet? > > > > > > Most upstreams do not do much checking about the ownership of their > > > sources. > > > > > > Gentoo certainly doesn't - we don't even require developers to submit a > > > DCO. > > > > > > Other projects like the Linux kernel require signing a DCO for each > > > commit, but do not do any checking beyond this. I have no doubt that > > > they would remove offending sources if they were contacted, but they > > > do not actively go out and confirm authorship. > > > > > > > > > > > > > The package in question doesn't come with any license though, which > > > > > > means that only the copyright holder has the right to distribute > > > > > > it. So I believe that some extra care is justified, especially when > > > > > > the upstream location of the distfile has changed. > > > > > > > > > > Why? We don't redistribute anything that is copyrighted. > > > > > > > > Users download the file, and I think that we are responsible to have > > > > only such SRC_URIs in our ebuilds from where they can obtain the > > > > package without being exposed to potential legal issues. > > > > > > I'm not aware of any court rulings that have found downloading > > > something like this to be illegal. > > > > > > > > > > > > Perhaps if we want to enforce a policy like this we should take the > > > > > time to actually write the policy down. As far as I can tell Gentoo > > > > > has no such policy currently. > > > > > > > > The old Games Ebuild Howto [1] has this: > > > > > > > > > LICENSE > > > > > > > > > > The license is an important point in your ebuild. It is also a > > > > > common place for making mistakes. Try to check the license on any > > > > > ebuild that you submit. Often times, the license will be in a > > > > > COPYING file, distributed in the package's tarball. If the license > > > > > is not readily apparent, try contacting the authors of the package > > > > > for clarification. [...] > > > > > > > > I propose to add the paragraph above to the devmanual's licenses > > > > section. > > > > > > > > > > We already know there isn't a license for redistribution. This > > > doesn't speak about requiring us to ensure that those distributing our > > > source files have the rights to do so. It merely says to check the > > > license. We understand the license already. I don't see how this > > > paragraph pertains to this situation. > > > > AFAIK you're a developer. So if you want to keep this package, then > > please do the needful and take care of it yourself instead of > > complaining and demanding others to do the work you want done. > > > > Are you saying it is sufficient to just point the SRC_URI at the new > URL and remove the mask? As far as I can tell that is all that needs > to be done. Per the policy the license is readily apparent, so there > is no need to contact the authors. > I don't know what is sufficient. It's your business as the new maintainer to figure it out and take the responsibility. If there's nobody willing to do that, then we don't get to keep the package. Simple as that. -- Best regards, Michał Górny
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny wrote: > W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman > napisał: >> On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller wrote: >> > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: >> > >> > Don't you think there is a difference between downloading a package >> > that has a known upstream and that is also carried by other distros, >> > and downloading a license-less package from a random location on the >> > internet? >> >> Most upstreams do not do much checking about the ownership of their sources. >> >> Gentoo certainly doesn't - we don't even require developers to submit a DCO. >> >> Other projects like the Linux kernel require signing a DCO for each >> commit, but do not do any checking beyond this. I have no doubt that >> they would remove offending sources if they were contacted, but they >> do not actively go out and confirm authorship. >> >> > >> > > > The package in question doesn't come with any license though, which >> > > > means that only the copyright holder has the right to distribute >> > > > it. So I believe that some extra care is justified, especially when >> > > > the upstream location of the distfile has changed. >> > > Why? We don't redistribute anything that is copyrighted. >> > >> > Users download the file, and I think that we are responsible to have >> > only such SRC_URIs in our ebuilds from where they can obtain the >> > package without being exposed to potential legal issues. >> >> I'm not aware of any court rulings that have found downloading >> something like this to be illegal. >> >> > >> > > Perhaps if we want to enforce a policy like this we should take the >> > > time to actually write the policy down. As far as I can tell Gentoo >> > > has no such policy currently. >> > >> > The old Games Ebuild Howto [1] has this: >> > >> > > LICENSE >> > > >> > > The license is an important point in your ebuild. It is also a >> > > common place for making mistakes. Try to check the license on any >> > > ebuild that you submit. Often times, the license will be in a >> > > COPYING file, distributed in the package's tarball. If the license >> > > is not readily apparent, try contacting the authors of the package >> > > for clarification. [...] >> > >> > I propose to add the paragraph above to the devmanual's licenses >> > section. >> > >> >> We already know there isn't a license for redistribution. This >> doesn't speak about requiring us to ensure that those distributing our >> source files have the rights to do so. It merely says to check the >> license. We understand the license already. I don't see how this >> paragraph pertains to this situation. > > AFAIK you're a developer. So if you want to keep this package, then > please do the needful and take care of it yourself instead of > complaining and demanding others to do the work you want done. > Are you saying it is sufficient to just point the SRC_URI at the new URL and remove the mask? As far as I can tell that is all that needs to be done. Per the policy the license is readily apparent, so there is no need to contact the authors. -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman napisał: > On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller wrote: > > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: > > > > Don't you think there is a difference between downloading a package > > that has a known upstream and that is also carried by other distros, > > and downloading a license-less package from a random location on the > > internet? > > Most upstreams do not do much checking about the ownership of their sources. > > Gentoo certainly doesn't - we don't even require developers to submit a DCO. > > Other projects like the Linux kernel require signing a DCO for each > commit, but do not do any checking beyond this. I have no doubt that > they would remove offending sources if they were contacted, but they > do not actively go out and confirm authorship. > > > > > > > The package in question doesn't come with any license though, which > > > > means that only the copyright holder has the right to distribute > > > > it. So I believe that some extra care is justified, especially when > > > > the upstream location of the distfile has changed. > > > Why? We don't redistribute anything that is copyrighted. > > > > Users download the file, and I think that we are responsible to have > > only such SRC_URIs in our ebuilds from where they can obtain the > > package without being exposed to potential legal issues. > > I'm not aware of any court rulings that have found downloading > something like this to be illegal. > > > > > > Perhaps if we want to enforce a policy like this we should take the > > > time to actually write the policy down. As far as I can tell Gentoo > > > has no such policy currently. > > > > The old Games Ebuild Howto [1] has this: > > > > > LICENSE > > > > > > The license is an important point in your ebuild. It is also a > > > common place for making mistakes. Try to check the license on any > > > ebuild that you submit. Often times, the license will be in a > > > COPYING file, distributed in the package's tarball. If the license > > > is not readily apparent, try contacting the authors of the package > > > for clarification. [...] > > > > I propose to add the paragraph above to the devmanual's licenses > > section. > > > > We already know there isn't a license for redistribution. This > doesn't speak about requiring us to ensure that those distributing our > source files have the rights to do so. It merely says to check the > license. We understand the license already. I don't see how this > paragraph pertains to this situation. AFAIK you're a developer. So if you want to keep this package, then please do the needful and take care of it yourself instead of complaining and demanding others to do the work you want done. -- Best regards, Michał Górny
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Thu, 7 Sep 2017 15:04:34 +0200 Ulrich Mueller wrote: > > On Thu, 7 Sep 2017, Rich Freeman wrote: > > >>> Do we routinely confirm that any site we list in SRC_URI has > >>> permission to redistribute files? That seems like a slippery > >>> slope. > >> > >> We don't, and for a package that comes with a license (as the vast > >> majority of packages does) it normally isn't necessary. > > > Why isn't this necessary? How do you know the person issuing the > > license actually has the right to issue it? > > Don't you think there is a difference between downloading a package > that has a known upstream and that is also carried by other distros, > and downloading a license-less package from a random location on the > internet? If downloaded files are the same (e.g. sha512 hash matches), what's the difference? Best regards, Andrew Savchenko pgp10n1q4cpHA.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller wrote: >> On Thu, 7 Sep 2017, Rich Freeman wrote: > > Don't you think there is a difference between downloading a package > that has a known upstream and that is also carried by other distros, > and downloading a license-less package from a random location on the > internet? Most upstreams do not do much checking about the ownership of their sources. Gentoo certainly doesn't - we don't even require developers to submit a DCO. Other projects like the Linux kernel require signing a DCO for each commit, but do not do any checking beyond this. I have no doubt that they would remove offending sources if they were contacted, but they do not actively go out and confirm authorship. > >>> The package in question doesn't come with any license though, which >>> means that only the copyright holder has the right to distribute >>> it. So I believe that some extra care is justified, especially when >>> the upstream location of the distfile has changed. > >> Why? We don't redistribute anything that is copyrighted. > > Users download the file, and I think that we are responsible to have > only such SRC_URIs in our ebuilds from where they can obtain the > package without being exposed to potential legal issues. I'm not aware of any court rulings that have found downloading something like this to be illegal. > >> Perhaps if we want to enforce a policy like this we should take the >> time to actually write the policy down. As far as I can tell Gentoo >> has no such policy currently. > > The old Games Ebuild Howto [1] has this: > > | LICENSE > | > | The license is an important point in your ebuild. It is also a > | common place for making mistakes. Try to check the license on any > | ebuild that you submit. Often times, the license will be in a > | COPYING file, distributed in the package's tarball. If the license > | is not readily apparent, try contacting the authors of the package > | for clarification. [...] > > I propose to add the paragraph above to the devmanual's licenses > section. > We already know there isn't a license for redistribution. This doesn't speak about requiring us to ensure that those distributing our source files have the rights to do so. It merely says to check the license. We understand the license already. I don't see how this paragraph pertains to this situation. -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
> On Thu, 7 Sep 2017, Rich Freeman wrote: >>> Do we routinely confirm that any site we list in SRC_URI has >>> permission to redistribute files? That seems like a slippery >>> slope. >> >> We don't, and for a package that comes with a license (as the vast >> majority of packages does) it normally isn't necessary. > Why isn't this necessary? How do you know the person issuing the > license actually has the right to issue it? Don't you think there is a difference between downloading a package that has a known upstream and that is also carried by other distros, and downloading a license-less package from a random location on the internet? >> The package in question doesn't come with any license though, which >> means that only the copyright holder has the right to distribute >> it. So I believe that some extra care is justified, especially when >> the upstream location of the distfile has changed. > Why? We don't redistribute anything that is copyrighted. Users download the file, and I think that we are responsible to have only such SRC_URIs in our ebuilds from where they can obtain the package without being exposed to potential legal issues. > Are you arguing that merely linking to the file is illegal? If so, > then you better get the list archives purged. Arguably, items in SRC_URI aren't even hyperlinks. And no, I don't think that such linking is illegal. IANAL, though. >> We don't know this for sure unless we ask the author. So whoever is >> interested in keeping the package in the tree should sort these >> issues out. > Perhaps if we want to enforce a policy like this we should take the > time to actually write the policy down. As far as I can tell Gentoo > has no such policy currently. The old Games Ebuild Howto [1] has this: | LICENSE | | The license is an important point in your ebuild. It is also a | common place for making mistakes. Try to check the license on any | ebuild that you submit. Often times, the license will be in a | COPYING file, distributed in the package's tarball. If the license | is not readily apparent, try contacting the authors of the package | for clarification. [...] I propose to add the paragraph above to the devmanual's licenses section. Ulrich [1] https://wiki.gentoo.org/wiki/Project:Games/Ebuild_howto#LICENSE pgpKzfaecwAFg.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Thu, Sep 7, 2017 at 3:28 AM, Ulrich Mueller wrote: >> On Wed, 6 Sep 2017, Rich Freeman wrote: > >> Do we routinely confirm that any site we list in SRC_URI has >> permission to redistribute files? That seems like a slippery slope. > > We don't, and for a package that comes with a license (as the vast > majority of packages does) it normally isn't necessary. Why isn't this necessary? How do you know the person issuing the license actually has the right to issue it? > > The package in question doesn't come with any license though, which > means that only the copyright holder has the right to distribute it. > So I believe that some extra care is justified, especially when the > upstream location of the distfile has changed. Why? We don't redistribute anything that is copyrighted. Are you arguing that merely linking to the file is illegal? If so, then you better get the list archives purged. > > We don't know this for sure unless we ask the author. So whoever is > interested in keeping the package in the tree should sort these issues > out. > Perhaps if we want to enforce a policy like this we should take the time to actually write the policy down. As far as I can tell Gentoo has no such policy currently. -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
> On Wed, 6 Sep 2017, Rich Freeman wrote: > On Wed, Sep 6, 2017 at 2:52 AM, Ulrich Mueller wrote: >>> On Tue, 5 Sep 2017, Gordon Pettey wrote: >> >>> Can these package.mask notes stop saying "no alternative found" >>> when it's obvious five seconds of Google searching was not even >>> performed to find an alternative? >>> https://neverwintervault.org/project/nwn1/module/shadowlords-dreamcatcher-and-demon-campaigns >>> has live links, and the exe even matches the sha256sum. >> >> Do they have permission to redistribute the file, though? The >> ebuild is mirror restricted and LICENSE says "all-rights-reserved". > Do we routinely confirm that any site we list in SRC_URI has > permission to redistribute files? That seems like a slippery slope. We don't, and for a package that comes with a license (as the vast majority of packages does) it normally isn't necessary. The package in question doesn't come with any license though, which means that only the copyright holder has the right to distribute it. So I believe that some extra care is justified, especially when the upstream location of the distfile has changed. https://gitweb.gentoo.org/repo/gentoo.git/tree/licenses/all-rights-reserved > In any case, as far as I can tell this is probably one of the > largest sites for hosting this sort of content and I can't imagine > that it would have escaped the author's notice if they didn't want > the files distributed there. We don't know this for sure unless we ask the author. So whoever is interested in keeping the package in the tree should sort these issues out. Ulrich pgpRUcSjKVqyB.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
On Wed, Sep 6, 2017 at 2:52 AM, Ulrich Mueller wrote: >> On Tue, 5 Sep 2017, Gordon Pettey wrote: > >> Can these package.mask notes stop saying "no alternative found" when >> it's obvious five seconds of Google searching was not even performed >> to find an alternative? >> https://neverwintervault.org/project/nwn1/module/shadowlords-dreamcatcher-and-demon-campaigns >> has live links, and the exe even matches the sha256sum. > > Do they have permission to redistribute the file, though? The ebuild > is mirror restricted and LICENSE says "all-rights-reserved". > Do we routinely confirm that any site we list in SRC_URI has permission to redistribute files? That seems like a slippery slope. In any case, as far as I can tell this is probably one of the largest sites for hosting this sort of content and I can't imagine that it would have escaped the author's notice if they didn't want the files distributed there. -- Rich
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
> On Tue, 5 Sep 2017, Gordon Pettey wrote: > Can these package.mask notes stop saying "no alternative found" when > it's obvious five seconds of Google searching was not even performed > to find an alternative? > https://neverwintervault.org/project/nwn1/module/shadowlords-dreamcatcher-and-demon-campaigns > has live links, and the exe even matches the sha256sum. Do they have permission to redistribute the file, though? The ebuild is mirror restricted and LICENSE says "all-rights-reserved". Ulrich pgpp7l3H2mnxt.pgp Description: PGP signature
Re: [gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
Can these package.mask notes stop saying "no alternative found" when it's obvious five seconds of Google searching was not even performed to find an alternative? https://neverwintervault.org/project/nwn1/module/shadowlords-dreamcatcher-and-demon-campaigns has live links, and the exe even matches the sha256sum. On Tue, Sep 5, 2017 at 4:43 PM, Austin English wrote: > # Austin English (05 Sep 2017) > # Download has been broken for nearly a year, no alternative found > # Bug: https://bugs.gentoo.org/599390 > # Removal in 30 days > games-rpg/nwn-shadowlordsdreamcatcherdemon > > -- > -Austin > > Austin English > Gentoo Developer > GPG: 00B3 2957 B94B F3E1 > >
[gentoo-dev] Last rites: games-rpg/nwn-shadowlordsdreamcatcherdemon
# Austin English (05 Sep 2017) # Download has been broken for nearly a year, no alternative found # Bug: https://bugs.gentoo.org/599390 # Removal in 30 days games-rpg/nwn-shadowlordsdreamcatcherdemon -- -Austin Austin English Gentoo Developer GPG: 00B3 2957 B94B F3E1 signature.asc Description: OpenPGP digital signature