Re: DomainKeys license(s)
Not quite contradicting what was written, but it isn't quite so simple... Stephen Gran [EMAIL PROTECTED] wrote: trademarks are a no-op. The DFSG allows for name-change clauses (DFSG 4). This allows us to modify and redistribute without infringing trademarks if need be. No freedom issue here. The trademark-related freedom problems I've seen most often are uses of a copyright licence to support a 'super-trademark' either by termination clause, or simply including software which doesn't follow DFSG (logo artwork and so on). I think super-trademark terminations were one of the inspirations for the suggested Dictator Test. By the way, are there still a few countries not in the Berne Union? Maybe copyright isn't completely cross-jurisdiction, but it seems near enough. [...] Patents on the other hand are completely jurisdiction dependant. [...] Not completely (TRIPS, WTO, bilaterals, blah) but enough to be annoying. [...] If it is not under active enforcement, and is under a free license, there is no reason not to have it in main. Sounds sensible to me. Anyone knows case law well? What might happen if a submarine patent in main starts being actively enforced? It looks to me as if the usual opening move is to send a take-down notice: http://swpat.ffii.org/pikta/xrani/lake/index.en.html Hope that explains, -- MJR/slef My Opinion Only: see http://people.debian.org/~mjr/ Please follow http://www.uk.debian.org/MailingLists/#codeofconduct -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DomainKeys license(s)
On Thursday 24 August 2006 21:19, MJ Ray took the opportunity to say: Magnus Holmgren [EMAIL PROTECTED] wrote: On Thursday 27 July 2006 12:15, Magnus Holmgren took the opportunity to say: I sent a clarification request using their feedback form a couple of weeks ago. Still no reaction (reply or update of their web page). I asked if their intention is to license their patents as long as all code using them is available under (at least) GPL 2.0. If so, it should at least be safe (w.r.t. to copyright and patents) to package libmail-domainkeys-perl and libmail-dkim-perl. Can I and my sponsor proceed, assuming that nothing bad will happen? I think it's a pretty good assumption, but I guess that this kind of legal uncertainty is unacceptable. Can someone with more influence please try to get an answer out of Yahoo? Considering all the complaining about how broken SPF is, I reckon there must be some interest in DKIM. I still haven't received any comment on this. Isn't anyone interested? I thought you were waiting for help contacting Yahoo. I don't think I can do more than you on that. Do you know that your clarification request ever got to a human? Have you tried following up by phone, fax or whatever? That too. I haven't found any other way of contact, except http://yhoo.client.shareholder.com/press/permission.cfm. In any case it would probably be cheaper for someone on the right side of the pond to call them. Since DFSG apparently (according to the recent discussion) only deals with copyright and restrictions imposed by the copyright owner, [...] Sorry, but I think that's nonsense. Please be careful who you believe. Check for yourself: try searching the DFSG and Social Contract for any such limit. At least I provoked some responses. :-) What about the Perl license and the OpenSSL license (my packages depend on Perl OpenSSL wrapper packages)? [...] Can someone please explain the full implications? My head is spinning... Yep, that's messy. I'm no OpenSSL expert - please start a new thread on that with OpenSSL in the subject so that wiser people will spot it. ftpmasters may be happy or not about the patent situation (it doesn't seem to be very actively enforced), but I guess the OpenSSL question needs checking. When I think about it: Since there is no object code in the libmail-domainkeys-perl or libmail-dkim-perl binary packages, there shouldn't be any problems with GPL as far as *these* packages are concerned. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpgWauobymw7.pgp Description: PGP signature
Re: DomainKeys license(s)
On Friday 25 August 2006 01:57, Stephen Gran took the opportunity to say: So, if the domain keys patent is under active enforcement, this software probably should not be approved by the ftp masters. If it is not under active enforcement, and is under a free license, there is no reason not to have it in main. And since Yahoo!-sponsored http://domainkeys.sf.net/ even links to http://killa.net/infosec/Mail-DomainKeys/ I can't see why Yahoo! would have anything against it being distributed by Debian. I think Yahoo! would be reasonable enough that we can go on and resolve any disagreement afterwards, should they complain. The libdomainkeys C library is a different matter. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpZkWDknuBzy.pgp Description: PGP signature
Re: DomainKeys license(s)
On Fri, Aug 25, 2006 at 09:35:34AM +0100, MJ Ray wrote: By the way, are there still a few countries not in the Berne Union? Maybe copyright isn't completely cross-jurisdiction, but it seems near enough. The only real country left is Taiwan, and it's mostly because the rebels in the mainland prevent them from entering most international agreements. Montenegro just hasn't re-signed it yet -- not a strange thing for a country a month and a half old. The rest consists of: * a couple of micronations (San Marino, Marshall Islands) With populations of 28k and 61k they don't even bother. * fourth world countries Mud-stick huts, no stable governments, and so on. Their third-world neighbours like Nigeria are in, though. * islamists (Afghanistan, Iraq, Iran, ...) They hardly ever bother with Western laws. The first two got a nudge recently, though. * other totalitarian ones (Myanmar, Turkmenistan, ...) Go ahead, take your luck enforcing your copyrights there. Taiwan does have copyright agreements with US, UK and several other countries, so it isn't completely outside the copyright world. So generally, for any real purpose the Berne Convention is an universal thing. [...] Patents on the other hand are completely jurisdiction dependant. [...] Not completely (TRIPS, WTO, bilaterals, blah) but enough to be annoying. Yet, since most countries of the world don't recognize software patents, you can still use software endangered by patent trolls everywhere except for the non-free countries. A server outside the US+UK+Germany+Japan would be just fine. [...] If it is not under active enforcement, and is under a free license, there is no reason not to have it in main. Sounds sensible to me. Anyone knows case law well? What might happen if a submarine patent in main starts being actively enforced? It looks to me as if the usual opening move is to send a take-down notice: http://swpat.ffii.org/pikta/xrani/lake/index.en.html There is absolutely no way to avoid submarine patents, as basically everything is patented, including any means of doing something on a remote server, for example. Thus, you can either take the risk or shut down all Debian infrastructure in the US and co. They don't need any real matter to drag you into costly litigation. A CeaseDesist requesting you to stop breathing because you infringe their exclusive rights to air will cost you less than a litigation due to a completely obvious patent, but with enough money thrown into harassing you, it _will_ cost you a lot of time, effort and, at least temporarily, money. -- 1KB // Microsoft corollary to Hanlon's razor: // Never attribute to stupidity what can be // adequately explained by malice. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DomainKeys license(s)
[EMAIL PROTECTED] wrote: When I think about it: Since there is no object code in the libmail-domainkeys-perl or libmail-dkim-perl binary packages, there shouldn't be any problems with GPL as far as *these* packages are concerned. Did you notice my answer? I already explained the issue. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DomainKeys license(s)
Adam Borowski wrote: On Fri, Aug 25, 2006 at 09:35:34AM +0100, MJ Ray wrote: By the way, are there still a few countries not in the Berne Union? Maybe copyright isn't completely cross-jurisdiction, but it seems near enough. The only real country left is Taiwan, and it's mostly because the rebels in the mainland prevent them from entering most international agreements. The Special Administrative Region of Taiwan, ROC is a member (Separate Customs Territory) of the WTO, and so has accepted the TRIPS agreement. http://www.gio.gov.tw/taiwan-website/4-oa/wto/wto01.htm Article 9 of TRIPS says that Taiwan has to comply with Articles 1 through 21 of the Berne Convention (1971) and the Appendix thereto. http://www.wto.org/english/tratop_e/trips_e/t_agm3_e.htm#1 So for all intents and purposes, Berne applies in Taiwan. Arnoud -- Arnoud Engelfriet, Dutch European patent attorney - Speaking only for myself Patents, copyright and IPR explained for techies: http://www.iusmentis.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DomainKeys license(s)
On Thursday 27 July 2006 12:15, Magnus Holmgren took the opportunity to say: On Tuesday 20 June 2006 18:43, Magnus Holmgren took the opportunity to write: On Saturday 17 June 2006 23:02, Joe Smith took the opportunity to write: Magnus Holmgren [EMAIL PROTECTED] wrote What about the statement on http://antispam.yahoo.com/domainkeys? Yahoo!'s DomainKeys Intellectual Property may be licensed under either of the following terms: * Yahoo! DomainKeys Patent License Agreement * GNU General Public License version 2.0 (and no other version). Hmm.. the GPL does not deal directly with the patents, however, That statement presumably means that they grant a patent licence for all programs under the GPL 2. Confusing. We need a clarification. I sent a clarification request using their feedback form a couple of weeks ago. Still no reaction (reply or update of their web page). I asked if their intention is to license their patents as long as all code using them is available under (at least) GPL 2.0. If so, it should at least be safe (w.r.t. to copyright and patents) to package libmail-domainkeys-perl and libmail-dkim-perl. Can I and my sponsor proceed, assuming that nothing bad will happen? I think it's a pretty good assumption, but I guess that this kind of legal uncertainty is unacceptable. Can someone with more influence please try to get an answer out of Yahoo? Considering all the complaining about how broken SPF is, I reckon there must be some interest in DKIM. I still haven't received any comment on this. Isn't anyone interested? Since DFSG apparently (according to the recent discussion) only deals with copyright and restrictions imposed by the copyright owner, I assume that uploading the independently developed Perl packages, libmail-domainkeys-perl and libmail-dkim-perl, should be possible. Just one more question: What about the Perl license and the OpenSSL license (my packages depend on Perl OpenSSL wrapper packages)? The Perl license is a dual license (Artistic, which goes fine with OpenSSL (right?), + GPL, which is incompatible with OpenSSL. Doesn't the OpenSSL dependency destroy the GPL license option? Perhaps not for my packages, but for libcrypt-openssl-*-perl? Can someone please explain the full implications? My head is spinning... -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgprc2WAkpFp3.pgp Description: PGP signature
Re: DomainKeys license(s)
[EMAIL PROTECTED] wrote: Since DFSG apparently (according to the recent discussion) only deals with copyright and restrictions imposed by the copyright owner, I assume that uploading the independently developed Perl packages, libmail-domainkeys-perl and libmail-dkim-perl, should be possible. Just one more question: Yes, please do not wait further. What about the Perl license and the OpenSSL license (my packages depend on Perl OpenSSL wrapper packages)? The Perl license is a dual license (Artistic, which goes fine with OpenSSL (right?), + GPL, which is incompatible with OpenSSL. Doesn't the OpenSSL dependency destroy the GPL license option? Perhaps not for my packages, but for libcrypt-openssl-*-perl? Tipically different perl modules are not considered a derived work, but if they were then the GPL option would not be usable. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DomainKeys license(s)
Magnus Holmgren [EMAIL PROTECTED] writes: Since DFSG apparently (according to the recent discussion) only deals with copyright and restrictions imposed by the copyright owner It's quite apparent from reading the DFSG that there's no such limitation. The DFSG in particular are concerned with the rights that pertain to the software as received by the user, and are not limited in domain to any specific legal system. -- \Most people don't realize that large pieces of coral, which | `\ have been painted brown and attached to the skull by common | _o__) wood screws, can make a child look like a deer. -- Jack Handey | Ben Finney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DomainKeys license(s)
This one time, at band camp, Ben Finney said: Magnus Holmgren [EMAIL PROTECTED] writes: Since DFSG apparently (according to the recent discussion) only deals with copyright and restrictions imposed by the copyright owner It's quite apparent from reading the DFSG that there's no such limitation. The DFSG in particular are concerned with the rights that pertain to the software as received by the user, and are not limited in domain to any specific legal system. As I understand the issue, there are roughly three forms of things which can encumber software: copyrights/licenses, trademarks, and patents. Iterating over that list in a non-linear order: trademarks are a no-op. The DFSG allows for name-change clauses (DFSG 4). This allows us to modify and redistribute without infringing trademarks if need be. No freedom issue here. copyright/license issues are the mainstay of -legal for a very good reason - these are cross jurisdictional. If I obtain a piece of software under a certain license, I am bound by the terms of that license whether I live and work in the UK or Zimbabwe. Patents on the other hand are completely jurisdiction dependant. If there is a software patent in the US, are you of the opinion that French Debian developers should be bound by it? In particular, the Chinese government has shown itself to be quite happy to overlook Euro-American patents; which legal system are you going to hold Chinese Debian developers to? While it's true that the DFSG doesn't address these forms of restrictions directly, arbitrarily stating that we should now respect random patent rulings in random jurisdictions is not particularly helpful. It has been Debian's policy that we care about patents only when they are actively enforced, and that seems a reasonably prudent path to me. But to be clear, this is not a freedom issue per se - we just can't do anything about the government, even though the license itself might be free. So, if the domain keys patent is under active enforcement, this software probably should not be approved by the ftp masters. If it is not under active enforcement, and is under a free license, there is no reason not to have it in main. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: DomainKeys license(s)
On Tuesday 20 June 2006 18:43, Magnus Holmgren took the opportunity to write: On Saturday 17 June 2006 23:02, Joe Smith took the opportunity to write: Magnus Holmgren [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]news:[EMAIL PROTECTED] ib yte.se... What about the statement on http://antispam.yahoo.com/domainkeys? Yahoo!'s DomainKeys Intellectual Property may be licensed under either of the following terms: * Yahoo! DomainKeys Patent License Agreement * GNU General Public License version 2.0 (and no other version). Hmm.. the GPL does not deal directly with the patents, however, That statement presumably means that they grant a patent licence for all programs under the GPL 2. Confusing. We need a clarification. I sent a clarification request using their feedback form a couple of weeks ago. Still no reaction (reply or update of their web page). I asked if their intention is to license their patents as long as all code using them is available under (at least) GPL 2.0. If so, it should at least be safe (w.r.t. to copyright and patents) to package libmail-domainkeys-perl and libmail-dkim-perl. Can I and my sponsor proceed, assuming that nothing bad will happen? I think it's a pretty good assumption, but I guess that this kind of legal uncertainty is unacceptable. Can someone with more influence please try to get an answer out of Yahoo? Considering all the complaining about how broken SPF is, I reckon there must be some interest in DKIM. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpViDqCDtqSE.pgp Description: PGP signature
DomainKeys license(s) (Re: Hello and request for sponsor (DomainKeys packages))
On Saturday 17 June 2006 23:02, Joe Smith took the opportunity to write: Magnus Holmgren [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]news:[EMAIL PROTECTED] yte.se... What about the statement on http://antispam.yahoo.com/domainkeys? Yahoo!'s DomainKeys Intellectual Property may be licensed under either of the following terms: * Yahoo! DomainKeys Patent License Agreement * GNU General Public License version 2.0 (and no other version). Hmm.. the GPL does not deal directly with the patents, however, That statement presumably means that they grant a patent licence for all programs under the GPL 2. Confusing. We need a clarification. The sourceforge site only mentions the patent licence version 1-2. The software is published under the Public Licence, which contains all of the terms of the patent licence, and additional terms dealing with the software. So while the patents can be used by a GPL2'd program, the licence of software on source, the souceforge software is not GPL'd, is definately not GPL2-compatible, and is most likely not DFSG-free. But if an entity releases a piece of software under one license, then later publicly gives everyone permission to use it under a different licence (and is in the capacity of doing so), surely anyone can choose to excercise that permission? Also, the links on http://domainkeys.sourceforge.net/ to Other Libraries seem to indicate that it's OK to release DomainKeys libraries packages with DomainKeys in their name. That does not mean they do not violate the licence. Do we know that they haven't received permission? Of course that won't help us... At the very least they violate trademark law. They are using the trademark as a name for their product. But trademark law, like patent law, normally (it may be different in some countries) only restricts *commercial* activities, doesn't it? So the author of the Perl package can get away with it for that reason, even if commerce can mean a lot. They do not have a trademark licence allowing that. At the worst, programs they are violating the patent agreement (unless they are GPL2'd) which means they have even greater liablity, as they presumably do not recive the rights under the patent agreement while they are violating it. On the other hand, by including libdomainkeys in its distribution by that name, Debian dosn't exactly use DomainKeys to endorse anything or as a trademark in any way, though it's probably quite clearly use[s] the term 'DomainKeys' in or as part of a name [...] for Your Licensed Code. The only non-messy situation I can see is software under the GPL2 not using DomainKeys in the name. We probably need an OpenSSL exception too. A question though: The GPL requires all executables built from a work to be distributed with full source (except for everything normally distributed with the major components of the OS (except when the whole OS comes with the executable)). So merely compiling an executable and distributing it means that you have to provide the source code to all libraries under the GPL, even if the original author did not? Can further restrictions be interpreted relative to any restrictions already present due to dependencies in the original source? Otherwise, what's the point? To summarize: Great confusion (at least on my part, as you can see). Hopefully permission to call the package libdomainkeys can be obtained, though it might be harder to get a permission compatible with the DFSG. Has there been any followup to http://lists.debian.org/debian-legal/2004/11/msg00072.html and/or any official contact with Yahoo? I could submit a question via their feedback form, but will I get a response? Is DK interesting enough that someone with a more direct channel will take the time to contact Yahoo's legal department about this (again)? -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpV8JpmjVzmJ.pgp Description: PGP signature
Re: DomainKeys license(s) (Re: Hello and request for sponsor (DomainKeys packages))
Magnus Holmgren [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Saturday 17 June 2006 23:02, Joe Smith took the opportunity to write: Magnus Holmgren [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]news:[EMAIL PROTECTED] yte.se... What about the statement on http://antispam.yahoo.com/domainkeys? Yahoo!'s DomainKeys Intellectual Property may be licensed under either of the following terms: * Yahoo! DomainKeys Patent License Agreement * GNU General Public License version 2.0 (and no other version). Hmm.. the GPL does not deal directly with the patents, however, That statement presumably means that they grant a patent licence for all programs under the GPL 2. Confusing. We need a clarification. Yeah, but I think what i said is a pretty safe assumption, as the other licence deals only with patents. The sourceforge site only mentions the patent licence version 1-2. The software is published under the Public Licence, which contains all of the terms of the patent licence, and additional terms dealing with the software. So while the patents can be used by a GPL2'd program, the licence of software on source, the souceforge software is not GPL'd, is definately not GPL2-compatible, and is most likely not DFSG-free. But if an entity releases a piece of software under one license, then later publicly gives everyone permission to use it under a different licence (and is in the capacity of doing so), surely anyone can choose to excercise that permission? Yes, but it is not clear that they ever gave permision to use the code under the GPL. That statement on the main page looks to be more about the patents. The fact that nothing on the sourceforge sight ever mentions the GPL is fairly telling. It can be claimed however that yahoo acidentally relicenced the code under the GPL, by using the phrase Yahoo!'s DomainKeys Intellectual Property, which surely includes any and all DomainKeys code they ever wrote. This is yet another reason why the phrase Intelectual Property is a bad idea. Also, the links on http://domainkeys.sourceforge.net/ to Other Libraries seem to indicate that it's OK to release DomainKeys libraries packages with DomainKeys in their name. That does not mean they do not violate the licence. Do we know that they haven't received permission? Of course that won't help us... No we don't but I strongly suspect they have not. At the very least they violate trademark law. They are using the trademark as a name for their product. But trademark law, like patent law, normally (it may be different in some countries) only restricts *commercial* activities, doesn't it? So the author of the Perl package can get away with it for that reason, even if commerce can mean a lot. AIUI, trademarks prevent anybody from using the same mark in a way that could mislead or confuse consumers. For example, I cannot use the word Microsoft in the name of my software, because that would misleadingly imply that my software was mad, sponsored, or endorsed by Microsoft. However, I can use the word Microsoft all I want to reference the company because that does not mislead or confuse. Indeed trademark law is one of the few so-called Intelectual property laws that is not is desperate need of reform. They do not have a trademark licence allowing that. At the worst, programs they are violating the patent agreement (unless they are GPL2'd) which means they have even greater liablity, as they presumably do not recive the rights under the patent agreement while they are violating it. On the other hand, by including libdomainkeys in its distribution by that name, Debian dosn't exactly use DomainKeys to endorse anything or as a trademark in any way, though it's probably quite clearly use[s] the term 'DomainKeys' in or as part of a name [...] for Your Licensed Code. Does it? It seems like the package name implies that the library is fully domainkeys compliant, and is perhaps even official. That is reasonable if no changes have been made to the upstream source, as we are simply redistributing an unmodified product under its original name. However if any changes are made to the package, then we are distibuting a modified product under the original name. That does normally need a trademark licence, AIUI. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]