* Russ Allbery (rra@stanford.edu) wrote: > Stephen Frost <sfrost@snowman.net> writes: > > Which is a terrible practice and shouldn't be done in general. The > > .orig.tar.gz's really *should* be the same as the upstream tarball. > > Convince upstream to remove them. > > Is there some sort of document or guide or the like about this issue? I > maintain a software package that currently includes an RFC (RFC 1413) and > we package it for Debian already internally at Stanford and hopefully > eventually will have it in the main archive as well, since it's of more > general use. I'd be happy to deal with this proactively. Glad to hear it. > Are all RFCs non-free? Only some after a particular date or with > particular statements in them? I'm assuming the issue is that no explicit > right to modification is granted in the RFC itself? It's the statements in them, yes. Saying all RFCs isn't really accurate, though alot of them use this license: ------------------------------------------------------------- 9. Full Copyright Statement Copyright (C) The Internet Society (1998). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. ------------------------------------------------------------- I didn't do more than a cursory check, but 30 out of 32 RFCs in the OpenLDAP package include this "The Internet Society" copyright statement and they look reasonably similar. The other two don't have copyright statements but do say: "Distribution of this memo is unlimited." AIUI, in both cases the work is not considered DFSG-free. > Is there a recommended metric for how long a document needs to be before > one should be concerned with the license on the document when including it > in the upstream tarball? (For example, some software packages include > Usenet posts or e-mail exchanges about the history of the package, or > various documents about the design or future plans that don't have any > explicit license.) This is difficult to judge. I don't know of any recommended metrics beyond attempting to gauge risk. Is it likely the Usenet post or e-mail author would sue SPI for considering those works DFSG-free and treating them as such? Not very likely given the source and that they wouldn't be likely to win, imv. Of course, there's only two ways to CYA for sure- contact the author and get a statement, or remove the work. Personally, I actually did this for OpenLDAP and went through all of the files and received clarification from current OpenLDAP upstream, as well as some of the individual authors, regarding the works. I havn't specifically asked them to remove the RFCs yet, but it's certainly something I'm planning on doing, along w/ the libnss-ldap upstream. Been kind of busy lately. :) A few notes- I am not a lawyer and this is not intended to be legal advice. If you're really concerned about what you're distributing, contact your lawyer. Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature