Hello Nicholas,
> Because of the ambiguity as to which license (and license version)
> applies, and because Debian's copy of mini-httpd is now the defacto
> upstream, I insist that the applicable license is also documented.
I agree, we need to document the NCSA bits.
> Do you think that httpd 1.1, httpd 1.15, or some other version is the
> most likely source? If they're identical from the perspective of
> mini-httpd, then I think you can make an argument for either, even
> though it's probable that mini-httpd inherited whatever license was
> active at the NCSA at the time of mini-httpd's creation.
After yet some more software archaeology, I've uncovered some more
rusty HTML 1.0 documents which are of interest to our dilemma.
Apparently, NCSA HTTPd Acknowledgements as of 7-14-95 state:
"Thanks to:
Robert McCool
For developing NCSA HTTPd till version 1.3 and this documentation."
https://web.archive.org/web/20090416132804/http://hoohoo.ncsa.uiuc.edu/docs/acknowledgement.html
This is the time Robert left the project and the date (and license
release - 1.3) probably aligns best with the code we have in mini-
httpd. After extensive googling, it seems to me that the original mini-
httpd-1.0.0.tar.gz source is lost to time, or at least is buried beyond
my reach.
Anyway, this might settle our ambiguity; I'll come up with a definitive
reply once I diff the sources again.
I transitioned all debian mail-related services to Google, and am using
a good MUA now (PGP signing properly). (BTW, does everything look all
right on your end?)
I've committed to salsa and uploaded to mentors a new .changes which
reflects the change in Maintainer's E-Mail. Naturally, I changed the
key and updated the changelog.
Thanks and have a great day/night !
Alexandru Mihail
------- Original Message -------
On Tuesday, July 4th, 2023 at 5:24 PM, Nicholas D Steeves
<sten@debian.org> wrote:
> Hello Alexandru,
>
> Alexandru Mihail alexandru_mihail@protonmail.ch writes:
>
> > Hello Nicholas,
> > debian-legal replied, I could only find occurences of Rob McCool's
NCSA derived code in htpasswd.c as well. The NCSA license states we
might(not must) include a copy of their short legal excerpt on
derivative works (and mini-httpd is one)
> > Maybe we should include a mention of said excerpt in
debian/copyright under htpasswd: and include the excerpt somewhere ?
> > Anyway, it seems to me we're in the clear when it comes to DFSG.
>
>
> Sort of in the clear; however, from what I've read there isn't just
one
> "The NCSA license"; there seem to be three. Rob McCool is still a
> copyright holder, and needs to be documented in debian/copyright.
> Because of the ambiguity as to which license (and license version)
> applies, and because Debian's copy of mini-httpd is now the defacto
> upstream, I insist that the applicable license is also documented.
> Also, the way I see it, if you've done the work, you might as well
> document your findings as well as the fact that you did the work.
This
> type of work, while not immediately evident, is nonetheless
> copyrightable, so--if you want to--you will be able to add you own
claim
> to the debian/* section of copyright.
>
> > Attaching debian-legal reply:
> >
> > On 2023-07-02 16:43, Alexandru Mihail wrote:
> >
> > > mini-httpd contains early portions of code commited by Rob
> > > McCool which seem to originate from NCSA httpd.
> >
> > Just htpasswd.c (which is what I get when searching for Rob
McCool), or
> > something else?
> >
> > > How do we proceed to clarify this situation?
> >
> > Figure out (from the history of the code, etc.) if that license
applies.
> >
> > Looking into this a bit, I found this repository (which I am
assuming,
> > but have not verified, is a faithful import of NCSA httpd):
> > https://github.com/TooDumbForAName/ncsa-httpd/
> >
> > I definitely see some code from mini-httpd's htpasswd.c in
> > cgi-src/util.c in the HEAD of that repository above.
> >
> > Looking at git blame on that, it came from auth/htpasswd.c in httpd
1.1:
> >
https://github.com/TooDumbForAName/ncsa-httpd/commit/9572b626b7f10ab57e4715b3f3ff41b3f0696684#diff-7c5a48b0225b3fd1048000f4dfe2c4d9f56faa29f74876ff724384244d6d099d
> >
> > So that seems to be the original source of the code in question.
> >
> > In that same version, the top-level README says:
> >
> > ----
> > This code is in the public domain. Specifically, we give to the
public
> > domain all rights for future licensing of the source code, all
resale
> > rights, and all publishing rights.
> >
> > We ask, but do not require, that the following message be included
in
> > all derived works:
> >
> > Portions developed at the National Center for Supercomputing
> > Applications at the University of Illinois at Urbana-Champaign.
> >
> > THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED,
> > FOR THE SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT
> > LIMITATION, WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR
A
> > PARTICULAR PURPOSE.
> > ----
>
>
> Do you think that httpd 1.1, httpd 1.15, or some other version is the
> most likely source? If they're identical from the perspective of
> mini-httpd, then I think you can make an argument for either, even
> though it's probable that mini-httpd inherited whatever license was
> active at the NCSA at the time of mini-httpd's creation.
>
> Note that public domain doesn't exist in some countries. In this case
> ("public domain"), the mini-httpd author would need to have written
> mini-httpd (distribution might count too, but I'm not sure) in a
country
> that recognises public domain; then, the relevant public domain bits
> would become implicitly relicensed under the primary license for
> mini-httpd. If this is the case, then a note should also be added to
> McCool's debian/copyright section.
>
> Cheers,
> Nicholas
Attachment:
signature.asc
Description: This is a digitally signed message part