Re: Upstream GPL-3+ vs debian/* GPL-2+
2014-08-19 18:44 GMT-03:00 Charles Plessy ple...@debian.org: if your packaging work contains copyrightable parts (note that some typical files in debian directories are definitely trivial and therefore non-copyrightable), then their license need to be compatible with the upstream sources if they are combined in the same work. The GPL-2+ is compatible with the GPL-3+, because the “+” means “or (at your option) any later version”. Without that clause, the GPLv3 and the GPLv2 are not compatible. Thanks a lot for your reply Charles. But I am a bit confuse... Is the debian/ a derivative work from upstream code? If yes, must be the license GPL-3+ or not? I didn't understand the fact of the upstream use GPL-3+ and debian/ can be GPL-2+ or other because I am thinking about derivative work. Thanks! Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJfG4bckVf5Fu-DCXB0nftGEM==-4hif18_nwqauzrb...@mail.gmail.com
Re: Simple doubt about section to use
Thanks Ian! Pierre, you need think about what to do. Cheers, Eriberto 2014-09-16 13:46 GMT-03:00 Ian Jackson ijack...@chiark.greenend.org.uk: At DC14 we had a conversation about the fact that at the moment it is not possible for a user to say only once, when installing Debian, that they only want free software. I think the best situation would be if lutris could be made to offer for installation only DFSG games, unless contrib or non-free is enabled. If you can do that then lutris could be in main, IMO. Perhaps you could do this with a lutris-nonfree-library package in contrib. I assume that lutris is already written not to connect to any game library without permission. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cap+dxjc-jojkxcdawac43yjeo3dhtf0cr8vh237ddazegiz...@mail.gmail.com
Re: Simple doubt about section to use
2014-09-16 14:53 GMT-03:00 Pierre Rudloff cont...@rudloff.pro: Unfortunately, Lutris does not provide any information about the games' licence. So I guess we should add it to contrib ? I think that it is the better way. Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cap+dxje2036rsdskp8kjbnjeiusemjzpmybv2kde5d8qoxw...@mail.gmail.com
Re: e2ps missing license
IMHO you can use GPL-2, considering 1999-2002 (or nearly) as upstream date. Regards, Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJfWhwX_R7RHPvdyVLdZh=rawUz=ktnvqdbvzgpube2...@mail.gmail.com
Re: Is mpage DFSG compatible?
After some time, I came back. Thanks a lot for all replies. I will file a bug now. Regards, Eriberto
Re: Is mpage DFSG compatible?
Thanks Riley and Ángel! Ángel, The copyright notices in headers should be considered as priority over licenses inside generical files. So, the upstream intents provided by generical copyright files shouldn't be considered when packaging and if the files have headers. I understood your words, but the main license is non-DFSG (IMHO). Thanks a lot for your help! Regards, Eriberto 2015-10-18 19:06 GMT-02:00 Ángel González <keis...@gmail.com>: > I have to agree with the interpretations of the given text. > > However, in addition to the license in the README file, it also comes with > COPYING > and COPYING.LESSER files with the text of GPL and LGPL, which seems to imply > they > wanted to allow distributing the program under (L)GPL. > Seems worth a clarification by the copyright owner, those may be old > copyright notices, > and they are probably willing to relicense. > > That may not be possible for Contrib/mfix/test.ps, but that file could be > stripped.
Re: Is mpage DFSG compatible?
2015-10-18 20:11 GMT-02:00 Ángel González <keis...@gmail.com>: > > Kudos to Ben for noticing that old Changelog entry. > Yes, yes. Ben was really well. I will wait new opinions and I will open a serious bug. After this I will contact the upstream. I was afraid to open the bug without ask for opinions in debian-legal because the package is in Debian several years without problems. Thanks a lot to Riley, Ángel and Ben. Cheers, Eriberto
Re: Is mpage DFSG compatible?
Thanks Riley and Ángel! Ángel, The copyright notices in headers should be considered as priority over licenses inside generical files. So, the upstream intents provided by generical copyright files shouldn't be considered when packaging and if the files have headers. I understood your words, but the main license is non-DFSG (IMHO). Thanks a lot for your help! Regards, Eriberto 2015-10-18 19:06 GMT-02:00 Ángel González <keis...@gmail.com>: > I have to agree with the interpretations of the given text. > > However, in addition to the license in the README file, it also comes with > COPYING > and COPYING.LESSER files with the text of GPL and LGPL, which seems to imply > they > wanted to allow distributing the program under (L)GPL. > Seems worth a clarification by the copyright owner, those may be old > copyright notices, > and they are probably willing to relicense. > > That may not be possible for Contrib/mfix/test.ps, but that file could be > stripped. > > >
Re: Transity: GPL-licensed but Free only for Non-Commercials
Em sexta-feira, 20 de dezembro de 2019, Bagas Sanjaya escreveu: > > Transity is licensed under GPL-3.0-or-later and can be used free of charge >> at non-profits and for evaluation. For long-term usage, however, please >> make sure to purchase a license at [link redacted]. >> > > IMO it is not DFSG compatible. Sounds like GPL-3+ and my own terms. However these terms are not compliant with GPL and there are restrictions to usage. Regards, Eriberto
Upstream GPL-3+ vs debian/* GPL-2+
Hi, I have a doubt about a situation. The upstream source code is GPL3+. Packaging is a derivative work and I think that it must be GPL. So, GPL-3+, right? Or can the debian/* be GPL-2+? From FSF site[1]: - Is GPLv3 compatible with GPLv2? No. Some of the requirements in GPLv3, such as the requirement to provide Installation Information, do not exist in GPLv2. As a result, the licenses are not compatible: if you tried to combine code released under both these licenses, you would violate section 6 of GPLv2. - Can someone confirm it? Thanks. Regards, Eriberto [1] http://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJfQBBgx0Pej5r0f1Tz-H=6vLqF-YH=-knymqhso93b...@mail.gmail.com
Re: Upstream GPL-3+ vs debian/* GPL-2+
Charles and Ian, thanks for explanations. Now, I would like to understand why the packaging isn't a derivative work (when haven't a patch). So, I am thinking that is because Debian distributes, separately, the upstream code (orig.tar.gz) and debian.tar.xz. Is this? But, the .deb is a product of the junction of these files. So, I am confused. Can you clarify me this issue? Thanks, Eriberto 2014-08-21 19:08 GMT-03:00 Charles Plessy ple...@debian.org: Yes, sorry for not being clear: by « if combined » I meant debian/patches. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cap+dxjcawc2xmax-d9ti6tgjj7bbxqtkptgpm8pxrkw2mtt...@mail.gmail.com
Re: Upstream GPL-3+ vs debian/* GPL-2+
Thanks all for explanations. This question is clear to me now. Regards, Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJe=hwzz5xsvavfrqhbqwq2dblfegxlhly1fz8fmutm...@mail.gmail.com
Simple doubt about section to use
Hi, I am reviewing the package lutris (ITP #754129). From upstream[1]: --- Lutris is an open source gaming platform for GNU/Linux. It makes gaming on Linux easier by taking care of managing, installing and providing optimal settings for games. Lutris does not sell games, you have to provide your own copy of the games unless they are Open Source or Freeware. The games can be installed anywhere you want on your system, the tool does not impose anything. --- My doubt is if is a main or contrib program. I think in main, because lutris can survive running DFSG games only. However, we have the possibility to install proprietary and commercial games too. So, what is the better section for lutris? Thanks a lot in advance. Regards, Eriberto [1] https://github.com/lutris/lutris -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJd5F2c9xZsy+nKUYAjKsz4OZE__JaFtkCNNQ=yo8m0...@mail.gmail.com
Upstream pointing to COPYING file in headers
Hi guys, I would like to confirm a situation. In a package that I will sponsor, the upstream points to COPYING file in each header. Here is an example: --- (C) 2007-2009 Lluís Batlle i Rossell Please find the license in the provided COPYING file. --- The provided COPYING file is the conventional full text of the GPL-2. The upstream homepage[1] says: Download the latest version (GPLv2+ licensed): ts-0.7.5.tar.gz - v0.7.5 (2014-03-06) - Changelog [1] http://vicerveza.homeunix.net/~viric/soft/ts/ However, I can't see any GPL-2+ reference in source code and the COPYING file has the conventional FSL GPL text (as here[2]). [2] https://www.gnu.org/licenses/gpl-2.0.html IMHO, this generical case imposes a GPL-2 license, not a GPL-2+, because the upstream didn't explain his intent in source code. What is your opinion? Thanks in advance. Regards, Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cap+dxjcgb8dbks_erz_4v_wb85noxjftogwq_kmkjdargp5...@mail.gmail.com
Re: Upstream pointing to COPYING file in headers
Hi Ben, 2015-05-01 22:52 GMT-03:00 Ben Finney ben+deb...@benfinney.id.au: It may be *intended* to grant some license, and that intention may be meaningful if a case is ever heard in court. But as it stands, that text does not IMO inform the recipient what they may and may not do with the work. In particular, as you point out, there is no word on whether the recipient may redistribute the work under “(at your option) any later version” of the GPL “as published by the Free Software Foundation”. Thanks a lot for your opinion. I will consider, for a first release in NEW, GPL-2 only and ask for upstream to change the headers. So, my initial POV will be kept. Regards, Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJdTbFiW2fXz1zp_7qvPzWtA90oet6Oeq=jg9l4fvs9...@mail.gmail.com
Re: Upstream pointing to COPYING file in headers
2015-05-02 20:40 GMT-03:00 Josue Abarca jmasli...@debian.org: Also note that the final part of GPL 2 section 9 [G1] states: ... If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. I suppose that can be an incentive to add an appropriate license grant. [G1] https://www.gnu.org/licenses/old-licenses/gpl-2.0.html#section9 -- Josué M. Abarca S. Ok, but it is an option to final user. A package can't impose a version. A package must describe the original upstream license only. Eriberto -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAP+dXJd_xqRP7B3cSDgsOBru=0UW+1OqtbxK=qjotzm+tut...@mail.gmail.com
Is mpage DFSG compatible?
Hi guys, I am doing a revision over the orphaned package 'mpage' (in main tree). When migrating the debian/copyright file to 1.0 format, I did a full revision in source code and I found two doubtful situations for me. The first issue is the license used by mpage: * Permission is granted to anyone to make or distribute verbatim * copies of this document as received, in any medium, provided * that this copyright notice is preserved, and that the * distributor grants the recipient permission for further * redistribution as permitted by this notice. IMO, this license doesn't allow modify the source code. So, this license is inadequate. The second issue is the license of the Contrib/mfix/test.ps file: % Copyright (c) 1986-89, ArborText, Inc. % Permission to copy is granted so long as the PostScript code % is not resold or used in a commercial product. In this license the rigths to resold or use in a commercial product is denied. In this case, the solution is remove the file (not essential, a contrib only). Well, I need your opinions about what to do. Should be this package moved to non-free? Must it be removed? Am I wrong? Thanks in advance. Regards, Eriberto
Is possible relicense from GPL to BSD?
Hi, The distorm3 upstream relicensed the source code from GPL3+ to BSD-4-Clause. I think it is wrong but I didn't found references about it. So, I need opinions about this issue. Regards, Eriberto
Re: Is possible relicense from GPL to BSD?
Thanks Charles. The distorm3 is a dependency for volatility and I am concerned. Cheers, Eriberto 2016-05-31 20:50 GMT-03:00 Charles Plessy <ple...@debian.org>: > > if the distorm3 upstream developer fully holds the copyright on the software, > then he can relicense as he wishes. > > However, BSD-4-Clause is a poor choice, since it is not compatible with the > GPL, which can cause trouble to GPL-licensed projects using the distorm3 > source > code and following its updates. > > Maybe you can suggest to the author to switch to a GPL-compatible version of > the BSD license ? I think that he may have picked the 4-clause version only > by > inadvertance. For instance, in the setup.py file, he declares "License :: OSI > Approved :: BSD License", however if one looks at the licenses on the OSI > website, the 4-clause BSD is not there.
Can "rockyou" wordlist be packaged in Debian?
Hi, >From Wikipedia[1]: "Based in San Francisco, California, RockYou was founded in 2005 by Lance Tokuda and Jia Shen. The company's first product, a slide show service, was designed to work as an application widget. Later applications included various forms of voice mail, text and photo stylization, and games. [...] In December 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts. This resulted from storing user data in an unencrypted database and not patching a ten-year-old SQL vulnerability. RockYou failed to provide a notification of the breach to users and miscommunicated the extent of the breach." [1] https://en.wikipedia.org/wiki/RockYou Well, the quoted event resulted in a file with 14 million passwords, distributed by Kali Linux. These passwords are widely used by most common users around the world and are a very good dictionary for crackers as John the Ripper and Aircrack-ng. It is useful for security checks, forensics investigations, etc. A little example: bowhunter6 bowhunter3 bowhouse bowflex1 bowfinger Can rockyou be packaged in Debian, considering that Kali will put a DFSG-compatible license for this wordlist? Thanks a lot in advance. Regards, Eriberto
Re: Can "rockyou" wordlist be packaged in Debian?
Hi Ben, Ángel and Paul, Thanks a lot for your reply. I think that it is possible redistribute the wordlist in Debian. Seeing your considerations, is a bit clear to me that this wordlist can be considered as a "regular" dictionary with words and expressions used in now days. It is also a list about what don't to use for security. However, I will wait more opinions before submit a package to Debian. Regards, Eriberto
Re: Can "rockyou" wordlist be packaged in Debian?
Hi all, Thanks for your opinions. I will drop my idea about to package this wordlist. Thanks! Eriberto 2016-09-22 1:24 GMT-03:00 Charles Plessy <ple...@debian.org>: >> Eriberto Mota <eribe...@debian.org> writes: >> >> > However, I will wait more opinions before submit a package to Debian. > > Le Thu, Sep 22, 2016 at 10:33:02AM +1000, Ben Finney a écrit : >> >> Don't (only) wait for them here. I would advise you to ask the people >> distributing the work what they think the copyright status of the work >> is. > > Hi all, > > I am not entirely sure if it will be constructive, but in doubt, it might be > also preferable to get the opinion from those whom the data was stolen, even > if > it not copyrightable. For instance, they may advise on how to use (or not!) > their name in the package description, etc. > > Have a nice day, > > -- > Charles
Re: Freeware Public License (FPL)
2016-10-29 18:11 GMT-02:00 Ben Finney <bign...@debian.org>: > > Because no other DFSG freedoms are granted, those remain reserved to the > copyright holders. > > So a work under this license would be non-free. I agree. I can't see rights for modify the source code. This and other rights must be explicit in license text. Reagrds, Eriberto
configure.in is missing but...
Hi, In #882538, Helmut pointed that outguess[1] has a configure file[2] generated by a missing configure.in. He considers that configure, an interpreted script (shell), has no source code because the following lines: # Generated automatically using autoconf version 2.12 [...] # Any additions from configure.in: [...] The script also has a notice: # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. IMHO, the configure script can't be regenerated from a configure.ac or configure.in but it can be modified to work if it is necessary. It is similar to traditional configure file, made by hand. I don't see a real problem here. However, Pabs agrees with Helmut here[3]. I still have doubts about if this situation is a DFSG violation and I need more opinions. Thanks a lot in advance. Regards, Eriberto [1] https://tracker.debian.org/pkg/outguess [2] https://sources.debian.net/src/outguess/1:0.2-8/jpeg-6b-steg/configure/ [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882538#20
Re: configure.in is missing but...
2017-11-25 2:13 GMT-02:00 Paul Wise <p...@debian.org>: > On Fri, Nov 24, 2017 at 9:33 PM, Ian Jackson wrote: > >> Can't you find a copy of the configure.ac somewhere ? If not, you may >> be able to reconstruct one. Skimreading the configure script suggests >> that wouldn't be too hard. Thanks Ian, At first glance, creating a new configure.ac seems a bit hard. I already made some configure.ac for some projects. However, I am not the upstream and it is a complicating factor. I will try make something. > It looks like the jpeg-6b-steg is a modified embedded code copy of > libjpeg6b. outguess upstream really should send their patches in > jpeg-6b-steg.diff to libjpeg upstream and remove the copy. I expect > that outguess is probably vulnerable to the various libjpeg CVEs that > have been released over the years. > > Looking at the unmodified source code, libjpeg upstream didn't release > their configure.ac file until libjpeg7: > > http://ijg.org/files/jpegsrc.v6b.tar.gz > http://ijg.org/files/jpegsrc.v7.tar.gz Thanks a lot Paul. It is a good catch. > So I think what needs to happen here is that outguess needs a proper > upstream project to exist and be active, remove the embedded code copy > and port the diff to a newer libjpeg and upstream that and then get > that uploaded to Debian. I agree. Cheers, Eriberto
Tux licensing again
Hi all, I am packaging a software that distribute a Tux image and its license, as shown below: "Permission to use and/or modify this image is granted provided you acknowledge me lew...@isc.tamu.edu and The GIMP if someone asks." The original license can be viewed here[1]. This question was already discussed here[2] and here[3] but was inconclusive for me. There are 3 packages using the Tux license[4]. [1] https://isc.tamu.edu/~lewing/linux/ [2] https://lists.debian.org/debian-legal/2005/09/msg00512.html [3] https://lists.debian.org/debian-legal/2011/06/msg2.html [4] https://codesearch.debian.net/search?q=me+lewing%40isc.tamu.edu For me the Tux license don't explicitly allow one redistribute the original or modified image. However, looks like I am wrong because there are packages in 'main' using the Tux license. Can someone say me "you are wrong, so go ahead, upload your package"? Regards, Eriberto
upstream changing from GPL-2+ to GPL-3+ without copyright holders permission
Hi folks, I have a basic doubt. A program called "test" was released by Bob over GPL-2+. This program got contributions from Ana and Chloe. The development was stopped some years later and, now, Ted want continue this development. However, Ted kept the name "test" and changed the licensing to GPL-3+ without a permission from previous copyright holders, that are inactive. Is possible do it, only considering the plus signal in previous licensing (GPL-2+)? Regards, Eriberto
Is this BSD-3-Clause Variant DFSG-compliant?
Hi folks, Today I found the file test/ftp.y, in btyacc package, using the following license: test/ftp.y: * Copyright (c) 1985, 1988 Regents of the University of California. test/ftp.y- * All rights reserved. test/ftp.y- * test/ftp.y- * Redistribution and use in source and binary forms are permitted test/ftp.y: * provided that the above copyright notice and this paragraph are test/ftp.y- * duplicated in all such forms and that any documentation, test/ftp.y- * advertising materials, and other materials related to such test/ftp.y- * distribution and use acknowledge that the software was developed test/ftp.y- * by the University of California, Berkeley. The name of the test/ftp.y- * University may not be used to endorse or promote products derived test/ftp.y- * from this software without specific prior written permission. test/ftp.y- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR test/ftp.y- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED test/ftp.y- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. For me it is not DFSG-compatible because I can't see a clause about allowing modifications in source code. However, I found several packages[1] in main section using this license. [1] https://codesearch.debian.net/search?q=duplicated+in+all+such+forms+and+that+any+documentation%2C+advertising=1 Regards, Eriberto