Am 09.12.2015 um 02:18 schrieb Mikołaj Izdebski: > On Tue, Dec 8, 2015 at 1:01 PM, Arnaud Vandyck <avandyck@gmail.com> wrote: >> I was on my way trying to package org.osgi.core 6 and before downloading I >> have to agree with this page: >> >> https://www.osgi.org/developer/downloads/release-6/release-6-no-form/ >> >> In the "License Grant", it seems that it could be problematic to package >> osgi in Debian. Am I right? >> >> Any thoughts? > > My thoughts on this matter: > > OSGi code can be consider part of specification, which is non-free. > Downloading code from upstream page requires accepting non-free > license first. Upstream website does not have a separate license page > for code accompanying the specification. > > License headers alone can't be used as authoritative information about > licensing of the project as a whole. Many projects don't add their own > copyright headers, but retain headers of files coming from other > projects they forked or bundled. > > So IMHO licensing and DFSG status of OSGi code is not clear. Other > GNU/Linux distros (at least Fedora and RHEL) decided against packaging > and distributing any code from OSGi alliance. If you are questioning the license terms of OSGi packages in Debian, then there is only one way to find out if your suspicion is correct. Please contact the copyright holder(s) and ask them to clarify the license terms of their source distributions of the OSGi specification. If you get an authoritative and public response from the copyright holder(s) that the Apache 2.0 license does not apply to their distributed code on maven central (see [1], from where we downloaded those files), then please file bug reports against all OSGi packages with severity serious and explain why those package are not in compliance with the original intent of the copyright holders and why they violate the DFSG. All packages that violate the DFSG will then be removed ASAP. At the moment we distribute the OSGi specification under the terms of the Apache-2.0 license and we have no indication that we misrepresent the original intent of the copyright holder. All files are clearly marked as distributed under the terms of the Apache-2.0 license with copyright OSGi Alliance. If they were modified by another party, the Apache 2.0 license requires that: "You must cause any modified files to carry prominent notices stating that You changed the files;" Since there is no sign of any modification, we must assume that the OSGi Alliance is the copyright holder that distributed those files without any modifications by third parties under the terms of the Apache-2.0 license until there is unmistakable evidence that those license headers are wrong, manipulated and not the original intent of the copyright holder. My point of view: https://www.osgi.org/developer/downloads/release-6/release-6-no-form/ If you agree to those license terms you are allowed to download the specification in _bytecode format_, not as source files. This is similar to the Android project where binary distributions may have different license terms to ensure that there is only one "official" version. However the source files are freely licensed and those files are distributed by Debian. We have the same situation here. Regards, Markus [1] http://metadata.ftp-master.debian.org/changelogs/main/o/osgi-compendium/unstable_copyright http://metadata.ftp-master.debian.org/changelogs/main/o/osgi-core/unstable_copyright http://metadata.ftp-master.debian.org/changelogs/main/o/osgi-annotation/unstable_copyright
Attachment:
signature.asc
Description: OpenPGP digital signature