[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GnuTLS in Debian

"Bernhard R. Link" <brlink@debian.org> writes:
> * Russ Allbery <rra@debian.org> [131224 01:42]:

>> On the contrary, it's Debian's insistence on following an idiosyncratic
>> license interpretation that's creating the supposed unfairness.  This
>> is obviously not Red Hat's fault.

> Could you please stop using that word "idiosyncratic".

I believe idiosyncratic is exactly the correct term:

  idiosyncratic
      adj 1: peculiar to the individual; "we all have our own
             idiosyncratic gestures"; "Michelangelo's highly
             idiosyncratic style of painting"

and therefore decline to stop using it.  We are the only project that
arrives at quite the conclusions that we arrive at, which makes our
license interpretation idiosyncratic by definition.  All of the machinery,
such as the Desert Island Test or the Dissident Test, is peculiar to
Debian or to members of the broader community who were taught license
analysis by the Debian project.

There is nothing wrong with idiosyncracies.  I have a large collection of
them.  But I think we have a responsibility to own our own idiosyncracies
and not get upset at other people or projects for not having the same
ones.

> How about using "interpretations I do not like".

I'm not going to use that because it's not true.  I actually prefer
Debian's interpretation because it appeals to me as a programmer.  We're
very literal about licenses and assume they mean what they say they mean,
like code, and just steer clear of ones that seem to imply things we don't
like.  I think this serves us well on several fronts: it's actually more
conservative than the legal system in several ways, and it tends to be
closer to how most of our upstreams who really care about licensing read
their licenses (since most of them are not lawyers and have no legal
advice), so it means we get along with them better.

There are, however, places where this license interpretation method gets
us into trouble precisely because it's not the license interpretation
method actually used by legal systems, and therefore not the one that
matters in the broader societies in which we're embedded.  And, as a
result, we can end up in situations like we're in with TLS libraries where
there is no desirable library available for use in the places we want to
use it that satisfies our method of license interpretation.  In part
because our method is not the method used by the legal world, and
therefore the incentive to adjust to our interpretation is low.

I'm not particularly interested in a radical change.  I like how we
interpret licenses.  I am interested in not continuing to beat our head
against the OpenSSL problem unless we see some real possibility of
changing the world by doing so (and the results have been disappointing to
date), or the legal system thinks we need to.  Consider it an exception
where we go with a prevailing legal opinion instead of our own, dare I say
idiosyncratic, methods.  The exception is worth it in this case *because*
OpenSSL is so pervasive and is causing us so many problems, and because I
think it's very difficult to find a point of ethics in our current stance
on the license (as opposed to slippery slope worries).

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: