I am packaging the "Seclists" package from Kali (https://pkg.kali.org/pkg/seclists
) for Debian and I have a question about a license found in some of the upstream files.
The license "CRM Public License Version 1.0" was found in files "Web-Shells/Vtiger/settings/actions/Gateway.php", "Web-Shells/Vtiger/modules/VtigerVulnPlugin/actions/Gateway.php" and "Web-Shells/Vtiger/modules/VtigerVulnPlugin/VtigerVulnPlugin.php" and I would like to check if this license is in accordance with the DFSG. I am in doubt whether this license complies with the DFSG even after reviewing it. I would like everyone's opinion to know about this license.
The main points that left me in doubt about the compatibility of this license with the DFSG are:
2. Source Code License.
2.1.The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims:
(a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and
(b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof).
This paragraph gave me the impression that someone can claim something on top of a program that is in Debian, for example, aiming for some profit.
(a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above.
In this item it seems to me that there is an imposition of royalty payment in case of any future problems that may happen to whoever uses the code.
License Website: https://www.vtiger.com/open-source-crm/vtiger-public-license/
Guilherme Xavier <firstname.lastname@example.org
1808 D926 7486 3C2E 07B7 B08C 1B14 0644 976B 8AC9