Re: non free IETF's RFC documents in .orig.tar.gz

To: Russ Allbery <rra@stanford.edu>
Cc: debian-devel@lists.debian.org
Subject: Re: non free IETF's RFC documents in .orig.tar.gz
From: Stephen Frost <sfrost@snowman.net>
Date: Mon, 30 Aug 2004 20:56:23 -0400
Message-id: <[🔎] 20040831005623.GH21419@ns.snowman.net>
Mail-followup-to: Russ Allbery <rra@stanford.edu>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 873c24gohe.fsf@windlord.stanford.edu>
References: <[🔎] 20040829124425.GF1591@niquia.its.monash.edu.au> <[🔎] 20040829191250.GA17029@quux.local> <[🔎] 20040830161703.GC21419@ns.snowman.net> <[🔎] 873c24gohe.fsf@windlord.stanford.edu>

* Russ Allbery (rra@stanford.edu) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > Which is a terrible practice and shouldn't be done in general.  The
> > .orig.tar.gz's really *should* be the same as the upstream tarball.
> > Convince upstream to remove them.
> 
> Is there some sort of document or guide or the like about this issue?  I
> maintain a software package that currently includes an RFC (RFC 1413) and
> we package it for Debian already internally at Stanford and hopefully
> eventually will have it in the main archive as well, since it's of more
> general use.  I'd be happy to deal with this proactively.

Glad to hear it.

> Are all RFCs non-free?  Only some after a particular date or with
> particular statements in them?  I'm assuming the issue is that no explicit
> right to modification is granted in the RFC itself?

It's the statements in them, yes.  Saying all RFCs isn't really
accurate, though alot of them use this license:

-------------------------------------------------------------
9.  Full Copyright Statement

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-------------------------------------------------------------

I didn't do more than a cursory check, but 30 out of 32 RFCs in the
OpenLDAP package include this "The Internet Society" copyright statement
and they look reasonably similar.  The other two don't have copyright
statements but do say: "Distribution of this memo is unlimited."

AIUI, in both cases the work is not considered DFSG-free.

> Is there a recommended metric for how long a document needs to be before
> one should be concerned with the license on the document when including it
> in the upstream tarball?  (For example, some software packages include
> Usenet posts or e-mail exchanges about the history of the package, or
> various documents about the design or future plans that don't have any
> explicit license.)

This is difficult to judge.  I don't know of any recommended metrics
beyond attempting to gauge risk.  Is it likely the Usenet post or e-mail
author would sue SPI for considering those works DFSG-free and treating
them as such?  Not very likely given the source and that they wouldn't
be likely to win, imv.  Of course, there's only two ways to CYA for
sure- contact the author and get a statement, or remove the work.

Personally, I actually did this for OpenLDAP and went through all of the
files and received clarification from current OpenLDAP upstream, as well
as some of the individual authors, regarding the works.  I havn't
specifically asked them to remove the RFCs yet, but it's certainly
something I'm planning on doing, along w/ the libnss-ldap upstream.
Been kind of busy lately. :)

A few notes- I am not a lawyer and this is not intended to be legal
advice.  If you're really concerned about what you're distributing,
contact your lawyer.

	Thanks,

		Stephen

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: non free IETF's RFC documents in .orig.tar.gz
  - From: Thomas Bushnell BSG <tb@becket.net>

References:
- non free IETF's RFC documents in .orig.tar.gz
  - From: Anibal Monsalve Salazar <anibal@its.monash.edu.au>
- Re: non free IETF's RFC documents in .orig.tar.gz
  - From: Graham Wilson <bob@decoy.wox.org>
- Re: non free IETF's RFC documents in .orig.tar.gz
  - From: Stephen Frost <sfrost@snowman.net>
- Re: non free IETF's RFC documents in .orig.tar.gz
  - From: Russ Allbery <rra@stanford.edu>

Prev by Date: Re: non free IETF's RFC documents in .orig.tar.gz
Next by Date: Re: depend on httpd, not also apache?
Previous by thread: Re: non free IETF's RFC documents in .orig.tar.gz
Next by thread: Re: non free IETF's RFC documents in .orig.tar.gz
Index(es):
- Date
- Thread