[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#937234: pam-python: Python2 removal in sid/bullseye

Hi Russel,

On  Do 06 Mai 2021 12:21:28 CEST, Russell Stuart wrote:

On 6/5/21 12:55 am, Dominik George wrote:
@Mike, @Petter: Did you realise that pam-python is AGPL? It means that we cannot provide terminal servers or netbooting in Debian Edu without placing a prominent link to pam-python's sources on the desktop…

Err, no.  The requirement is [0]:

  Notwithstanding any other provision of this License, if you modify the
  Program, your modified version must prominently offer all users
  interacting with it remotely through a computer network (if your
  version supports such interaction) an opportunity to receive the
  Corresponding Source of your version by providing access to the
  Corresponding Source from a network server at no charge, through some
  standard or customary means of facilitating copying of software.

I packaged it.  I can assure you it wasn't modified.

That is not the point. E.g., if we spot a security issue with a package, maybe you as the maintainer / upstream developer (afaik, you are upstream and downstream for pam-python, Russel, right?) but also maybe someone in the security team (or any other third person) might apply a fix to the package and do an e.g. stable-security upload.

Then Debian ships a modified version of the original upstream release and with your way of reasoning, the package won't be compiant to the AGPL license anymore.

So, this "it-is-not-modified-I-can-assure-you" argument is not well applicable to Debian packages shipping AGPL'ed code in general. It works in case of libpam-python, but well, see above...

That aside, I don't think mentioning somewhere it is based on Debian,
mentioning Debian's values and perhaps with a link to www.debian.org for
more information is a bad idea.  That covers all source, nor just

No, see my previous mail for more details. Debian offers a very standardized way of obtaining the exact source code that the libpam-python bin:pkg has been built from. Period. Done. License compliance accomplished.

@Russell: Can you please relicence pam-python under a less insane licence?

I honestly can't see why an having "About" page somewhere is a problem.
 Hell, even Android does it, and it lists every licence Android uses
(but with nowhere near the thoroughness Debian policy insists on in its
"copyright" file).  And Android doesn't use the AGPL.  Surely, if
proprietary distributions can do that, we (Debian) can ensure there is a
link somewhere to www.debian.org, and a mention of open source and what
that means.  The rest, like being able to download the source, follows.

As for python3 support - it probably works now.  But I don't have tests
for it. I'm a bit anal about tests - but that's likely the only holdup. However, it won't be done for bullseye. It will be done for Bookworm.

I'd say, let's leave the license as it is for bullseye, because it works for software shipped via Debian.

For projects using libpam-python via e.g. PyPi, things might be differrent. For e.g. software being obtained e.g. as snap packages, libpam-python would cause problems (because snaps can't always be easily traced back to the original source code they were built from).

Furthermore, I agree with Nik, that AGPL for a non-web project (as that's where AGPL really makes sense) is disputable and you don't loose anything if you switch over to GPL-3+ instead of AGPL-3+.

Feedback? Comments?


c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgp4mtWBnVJca.pgp
Description: Digitale PGP-Signatur

Reply to: