Re: copyright issues on debian
Hi Jonathan, I think some of the frustration you're experiencing might
come from different degrees of thought about how important the specific
issue is.  You're reading the licence mismatch as a black&white
violation.  But in this specific r-cran situation, to use an argument
ad reductio, or ad absurdio, by taking the version numbers out of the
argument, the question is whether GPL licenced software is allowed to
link against GPL-licenced software.
When you read it that way, it might make it easier to understand why
people aren't so worried about the violation. The violation is in the
technicalities of the GPL versions.  That does matter in a legal sense.
But for the non-legal majority it's a bit of a "whatEver".  The
difference in attitude come from whether a person thinks the spirit or
the letter of the licence is more important.
Place these differences of attitude in a science context and as a
generalisation you'll find science-oriented people are more likely to
be pragmatic, i.e. not worried about licence technicalities. They just
want the code to work.  
Historically this sort of thing can happen if the author just uses the
latest version of the GPL available at the time, and doesn't bother to
follow later changes in the GPL (but doesn't object to them either). So
it could well be that in the author's mind there is no violation.  This
is partly why authors are encouraged to include the clause "or later
version", to avoid the ambiguity.
There are other contexts where the violation is certainly clear cut.
Finding GPL code in Microsoft Windows, you'd get more discussion on
that.  Likewise finding unlicenced (unauthorised, stolen) proprietary
code in Debian, say the code for Oracle's database, would be swiftly
removed.  Finding a case where a GPL-2 author explicitly has a
conscious conscientious objection to GPL-3 would be more black&white.  
In this r-cran example though, it sounds more like the author simply
never got round to updating the licence, or didn't see it important
enough to worry about.  Asking the author to worry about it could be a
simple way of fixing the problem.
But you did the right thing to ask the question, and debian-legal is
the right place to ask such questions. That's just a discussion forum
though.  More legally binding advice could be found from places like
SPI http://www.spi-inc.org/projects/services/
Drew
p.s. I'm not meaning to make a specific judgement on this r-cran case
except to say "you're probably right". I'm just addressing the general
question of why it wouldn't seem to be so important to some people.
On Mon, 2015-10-12 at 10:16 +0200, Jonathon Love wrote:
> hi,
> 
> i recently had some questions about the package r-cran-afex, and
> whether
> it violated the GPL, but after asking in several places, i
> didn't/haven't seemed to have got much of a response.
> 
> this is fine, of course, i appreciate that debian is run by
> volunteers,
> etc. and i'm not wanting to come out in a demanding or accusative
> way;
> i'm just trying to understand so i can adjust my expectations
> accordingly.
> 
> it might be easiest if i describe what the process has been like for
> me,
> and people might be able to explain where i erred, or what the
> situation is.
> 
> so i started by submitting a question to the debian-legal mailing
> list.
> the impression i'm under is that this like "the authority" when it
> comes
> to copyright issues, and a statement by them can save hours of
> discussion.
> 
> so this is where i began:
> 
> https://lists.debian.org/debian-legal/2015/09/msg00022.html
> 
> i only got one response, that the package didn't link against GPL2-
> only
> code, and i was able to subsequently explain that it did.
> 
> however, there was no response after this, which i was puzzled by,
> because the issue seemed pretty straight forward, and exactly the
> sort
> of enquiry that debian-legal handles.
> 
> anyhow, giving up on that, i came to debian-science. it didn't feel
> like
> the right place to ask, but where else do you go?
> 
> santiago and i had a small discussion about it, and in the end i
> think
> he thought that i was probably right... but no-one else chimed in.
> again, i was a little bit puzzled, because i thought people would be
> really interested in this, and the issue does seem pretty black and
> white.
> 
> but santiago suggested i raise a bug against bugs.debian.org, and so
> i
> thought "ah! so this is where this gets handled".
> 
> so then i submitted a bug against ftp.debian.org
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800891
> 
> which is marked with severity /serious/
> 
> now i submitted this bug a week ago, but it doesn't appear to be
> getting
> any attention. again, this might just be wrong expectations on my
> part,
> but the ftp team are very quick at handling uploads, etc. so i
> thought
> they would be very quick at handling a /serious/ issue.
> 
> and it seems to me to be pretty serious; the debian project
> presumably
> cannot legally distribute software which violates licenses.
> 
> so all this to say, i'm a bit puzzled about all of this. i thought
> this
> would be something that would be seen as important, and receive
> reasonable attention.
> 
> have i done everything correctly? i'm trying to understand why things
> aren't unfolding as i expect. any feedback or advice would be
> appreciated.
> 
> with thanks
> 
> jonathon
> 
Reply to: