[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to deal with teTeX's and texlive's RC licensing bugs

Dear release team, dear fellow TeX maintainers,

[Executive Summary:  Being in the process of contacting upstream
authors, should we rather fix the bugs early and maybe overreact, or

as you probably know, the teTeX[1] packages have a couple of RC bugs[2]
because documentation or runtime files are non-free or have an unclear
license status.  In most cases, we have tried to contact upstream
authors, some have replied, some not yet, but are still known to be
alive and active in software development, others probably won't be
found.  In the cases where we have contact to upstream, or will get it,
chances are good that things will be properly (re-)licensed sooner or

With the freeze coming nearer, I am unsure how to deal with this.  I
currently see two options:

a) Either remove all problematic files from the orig.tar.gz right now,
   with the option to add them again later

b) Or keep the bug open and only do the removal in the last sensible
   moment, as the release team judges.

The good thing about (a) is that any possible breakage in other packages
(e.g. packages that need non-free components for the build process) have
good chances to be detected, while some might slip into etch with option
(b).  On the other hand, option (a) is not in the interest of our users,
and/or the release process:

- if we do not re-add files that turn out to be free, they will be
  missing in etch, which doesn't serve our users,

- if we re-add them, this would mean to allow versions of tetex-base
  into etch after the freeze that do not fix any RC bug.  That's against
  the rules, and I don't know whether you are willing to grant
  exceptions with licensing issues.

As for the possible breakage, I've sent a mail to debian-devel[3],
listing all affected packages and maintainers, but hardly got any
response.  And frankly, I don't expect much even if we mail each
maintainer individually, because most don't know about the internals of
their packages' document creation setup, and hence have no idea how to
check which LaTeX packages are used.  Needless to say, the TeX Task
Force also does not have the time to check packages by the dozen (283
Build-Depends, unnumbered Depends).

As a personal guess, I'd expect that there will be no or only little
problems; this won't turn out to be a major release blocker.  But I
might be wrong.

What do you think?  Which of the options should we choose?

Regards, Frank

[1] TeXLive is probably equally affected
[2] #345604 documentation, mostly sorted out and fixed
    #356853 no license statement at all
    #363061 non-free licenses of non-documentation
    #368968 particularly weird case of a self-contradicting license
[3] http://lists.debian.org/debian-devel/2006/09/msg00614.html
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX/TeXLive)

Reply to: