Re: Bug#974678: ITP: openh264 -- H.264 encoding and decoding
- To: Tobias Frost <tobi@debian.org>, 974678@bugs.debian.org
- Cc: 988484@bugs.debian.org, debian-legal@lists.debian.org
- Subject: Re: Bug#974678: ITP: openh264 -- H.264 encoding and decoding
- From: Bastian Germann <bastiangermann@fishpost.de>
- Date: Wed, 2 Jun 2021 23:22:28 +0200
- Message-id: <[🔎] 58cd90c6-8c25-db05-db83-c49cb795e7a3@fishpost.de>
- In-reply-to: <5f5ec2c0032dc3f054332a542b8df34a310495ef.camel@debian.org>
- References: <160528517484.103918.16687776202624256383.reportbug@thrall.metz.levert> <160528517484.103918.16687776202624256383.reportbug@thrall.metz.levert> <21cbd34c-c3b0-4ca2-f7bf-e523373a7bd5@hauke-m.de> <21cbd34c-c3b0-4ca2-f7bf-e523373a7bd5@hauke-m.de> <b5cb6d2a-2662-d279-9e2f-6048a6b5c309@fishpost.de> <b5cb6d2a-2662-d279-9e2f-6048a6b5c309@fishpost.de> <3cc5e79d-b00d-a781-9e2b-f35280947635@linutronix.de> <160528517484.103918.16687776202624256383.reportbug@thrall.metz.levert> <5f5ec2c0032dc3f054332a542b8df34a310495ef.camel@debian.org>
Am 02.06.21 um 17:33 schrieb Tobias Frost:
On Fri, 14 May 2021 00:04:52 +0200 Bastian Germann wrote:
This is fine. The package must not reside in main. If you plan to
release the package (the downloader) under a DFSG-compatible license,
please submit it to contrib rather than non-free.
I am currently packaging openh264.
(I was checking the RFS, thats why I came accross this ITP)
I'm confused; is there now a legal patent problem with the library that could
affect/hurt Debian?
There are H.264 patents that are applicable. I do not know how the existing H.264 implementations in
Debian handle this, e.g. x264 or ffmpeg. According to the legal FAQ, these seem to be ignored.
For the OpenH264 binaries, Cisco actually pays a license fee so that it can be used by the general
public at no cost. The exact license terms are included in the package:
https://salsa.debian.org/bage/openh264/-/blob/debian/2.1.1-1/debian/libopenh264-6.copyright
The key point for having the library package in contrib and download the library is: "The
Cisco-provided binary is separately downloaded to an end user's device, and not integrated into or
combined with third party software prior to being downloaded to the end user's device;"
Has this been discussed on e.g debian-legal or with the ftp masters beforehand?
Not for OpenH264 specifically, but I am including debian-legal now. For the H.264 patents, there is
an old thread at https://lists.debian.org/debian-legal/2006/04/msg00286.html
Is this RFS package now a downloader or the library itself?
It's both. The -dev package is created from the source files and resides in main. The library
package contains the downloader as a postinst script, which checks the known SHA256 hashes.
There are some example userspace tools available in the package which could potentially be packaged
in an additional package. I left this for a later version.
There is also a chance that reproducible build might be implemented:
https://github.com/cisco/openh264/issues/893
When that works, the package could build the lib, verify the resulting hashes, and throw away the
built binary. That way we could be sure not to have any additions to the downloaded library that are
not available as source.
I think, as Cisco provides the patent license, having the downloader in contrib (for some
architectures) is better than having the built library in main (for all compiling architectures). We
could also provide both. Any thoughts?
Reply to: