[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Maintaining of CodeBlocks

(I'm not subscribed to debian-legal, please cc me on replies.)

Hi Alexander,

On Tue, May 31, 2016 at 3:26 AM, Alexander Gerasiov <gq@debian.org> wrote:
> Hello Vincent,
> On Fri, 20 May 2016 02:01:11 -0700
> Vincent Cheng <vcheng@debian.org> wrote:
>> Hi Alexander,
>> Sorry about the late reply..."next week" turned into "a few months
>> later", but better late than never, right?
> Yeah! Good work. I was interrupted with other tasks and had no time to
> finish this since that.
> [...]
>> I've gone ahead and merged your WIP branch as well as finish dealing
>> with everything left in copyright.TODO, dealing with BTS patches,
>> lintian issues, etc., and I think everything is ready for upload now
>> except for that DFSG violation you pointed out:
>> WARNING: DFSG violation in
>> src/plugins/contrib/source_exporter/wxPdfDocument/src/pdfencrypt.cpp
>> src/plugins/contrib/source_exporter/wxPdfDocument/src/pdfxml.cpp
>> License: RDS-Data-Security
>>  License to copy and use this software is granted provided that
>>  it is identified as the "RSA Data Security, Inc. MD5 Message
>>  Digest Algorithm" in all material mentioning or referencing this
>>  software or this function.
>>  .
>>  License is also granted to make and use derivative works
>>  provided that such works are identified as "derived from the RSA
>>  Data Security, Inc. MD5 Message Digest Algorithm" in all
>>  material mentioning or referencing the derived work.
> 1. I believe this clause forces Debian to mention RSA Data Security on
> every html page and in every place where CodeBlock is mentioned. Isn't
> it?
> 2. Your main code is GPL v3 (note, 3d version, not 3+, because there
> are several files which don't allow "any later version"). But GPL is
> not compatible with such advertising clauses, see famous BSD-4 vs GPL
> example: http://www.gnu.org/licenses/license-list.html#OriginalBSD
> I cc debian-legal, these guys will correct me, if I'm wrong.

Ah, you're right that the RSA license contains wording that is quite
similar to 4-clause BSD's advertising clause. I've filed #826379 to
keep track of this issue, and will report a bug upstream as well.

I do want to point out that 4-clause BSD is actually DFSG-compatible
and suitable for Debian main [1], so there's still no reason to
believe that the RSA md5 license violates the DFSG as you originally
claim, even though it contains an advertising clause. Codeblocks is
non-distributable merely due to GPL's incompatibility with the RSA md5
license (not because it's non-free).

>>  .
>>  RSA Data Security, Inc. makes no representations concerning
>>  either the merchantability of this software or the suitability
>>  of this software for any particular purpose.  It is provided "as
>>  is" without express or implied warranty of any kind.
>>  .
>>  These notices must be retained in any copies of any part of this
>>  documentation and/or software.
>> However, I don't think that's actually a DFSG violation. The
>> RDS-Data-Security license allows for free use, copying, redistribution
>> and derivative works; I don't think any of its clauses are violating
>> DFSG. Also, several other packages in Debian main seem to include
>> source files that use this license, e.g. erlang [1] or ftpmirror [2].
>> Can you explain why you think it's a DFSG violation?
>> Regards,
>> Vincent
>> [1]
>> http://metadata.ftp-master.debian.org/changelogs/main/e/erlang/unstable_copyright
>> [2]
>> http://metadata.ftp-master.debian.org/changelogs/main/f/ftpmirror/unstable_copyright
> I think we should replace this MD5 implementation with any other free
> one. (And send patch to upstream, because they are also affected.)

s/free/GPL compatible/...it *is* a free license. Just annoyingly non
GPL compatible...


[1] https://www.debian.org/legal/licenses/

Reply to: