Re: Maintaining of CodeBlocks
(I'm not subscribed to debian-legal, please cc me on replies.)
Hi Alexander,
On Tue, May 31, 2016 at 3:26 AM, Alexander Gerasiov <gq@debian.org> wrote:
> Hello Vincent,
>
> On Fri, 20 May 2016 02:01:11 -0700
> Vincent Cheng <vcheng@debian.org> wrote:
>
>> Hi Alexander,
>>
>> Sorry about the late reply..."next week" turned into "a few months
>> later", but better late than never, right?
> Yeah! Good work. I was interrupted with other tasks and had no time to
> finish this since that.
>
> [...]
>
>> I've gone ahead and merged your WIP branch as well as finish dealing
>> with everything left in copyright.TODO, dealing with BTS patches,
>> lintian issues, etc., and I think everything is ready for upload now
>> except for that DFSG violation you pointed out:
>>
>> WARNING: DFSG violation in
>> src/plugins/contrib/source_exporter/wxPdfDocument/src/pdfencrypt.cpp
>> src/plugins/contrib/source_exporter/wxPdfDocument/src/pdfxml.cpp
>>
>> License: RDS-Data-Security
>> License to copy and use this software is granted provided that
>> it is identified as the "RSA Data Security, Inc. MD5 Message
>> Digest Algorithm" in all material mentioning or referencing this
>> software or this function.
>> .
>> License is also granted to make and use derivative works
>> provided that such works are identified as "derived from the RSA
>> Data Security, Inc. MD5 Message Digest Algorithm" in all
>> material mentioning or referencing the derived work.
>
> 1. I believe this clause forces Debian to mention RSA Data Security on
> every html page and in every place where CodeBlock is mentioned. Isn't
> it?
>
> 2. Your main code is GPL v3 (note, 3d version, not 3+, because there
> are several files which don't allow "any later version"). But GPL is
> not compatible with such advertising clauses, see famous BSD-4 vs GPL
> example: http://www.gnu.org/licenses/license-list.html#OriginalBSD
>
> I cc debian-legal, these guys will correct me, if I'm wrong.
Ah, you're right that the RSA license contains wording that is quite
similar to 4-clause BSD's advertising clause. I've filed #826379 to
keep track of this issue, and will report a bug upstream as well.
I do want to point out that 4-clause BSD is actually DFSG-compatible
and suitable for Debian main [1], so there's still no reason to
believe that the RSA md5 license violates the DFSG as you originally
claim, even though it contains an advertising clause. Codeblocks is
non-distributable merely due to GPL's incompatibility with the RSA md5
license (not because it's non-free).
>> .
>> RSA Data Security, Inc. makes no representations concerning
>> either the merchantability of this software or the suitability
>> of this software for any particular purpose. It is provided "as
>> is" without express or implied warranty of any kind.
>> .
>> These notices must be retained in any copies of any part of this
>> documentation and/or software.
>>
>> However, I don't think that's actually a DFSG violation. The
>> RDS-Data-Security license allows for free use, copying, redistribution
>> and derivative works; I don't think any of its clauses are violating
>> DFSG. Also, several other packages in Debian main seem to include
>> source files that use this license, e.g. erlang [1] or ftpmirror [2].
>> Can you explain why you think it's a DFSG violation?
>>
>> Regards,
>> Vincent
>>
>> [1]
>> http://metadata.ftp-master.debian.org/changelogs/main/e/erlang/unstable_copyright
>> [2]
>> http://metadata.ftp-master.debian.org/changelogs/main/f/ftpmirror/unstable_copyright
>
>
> I think we should replace this MD5 implementation with any other free
> one. (And send patch to upstream, because they are also affected.)
s/free/GPL compatible/...it *is* a free license. Just annoyingly non
GPL compatible...
Regards,
Vincent
[1] https://www.debian.org/legal/licenses/
Reply to: