On Friday 06 October 2006 14:19, MJ Ray wrote: > As I've pointed out and repeat again here, getting this wrong may cause > criminal liability of some resellers and mirrors. Ack. > I think it's fair > for -vote to issue a clear position statement and (hopefully) protect > the project from attack if those responsible do something different. I still don't see what d-vote has to do with this. Distributability IMO is an issue that is the province of package maintainer and FTP masters. If someone has evidence that some package or part of a package is not properly licenced, I see the following rough procedure: - file an RC bug asking for removal from the archive (note: not from main to non-free, but total removal) of the offending material; - maintainer will judge the BR; if he agrees, takes action; if not, he will probably consult with upstream (and maybe other distributions) about the issue; - if upstream says there is no problem and can support that with legal arguments, the BR should probably be closed; - if the submitter disagrees he can try asking for advice (d-legal, fsf) and possibly appeal to TC. Compliance with licences is something based on facts, not votes. And this is the point that both Steve Langasek and Anthony Towns have made several times in this discussion. To me it seems very strange that Debian should have a totally different take on this than other distros. Only *after* having determined that the material is distributable do we need to decide whether or not it is suitable for main. This is where the DFSG comes in, where the opinion of the project counts and where you can solve differences of opinion or changes in policy by GR. > > I have two times proposed to postpone the detailed analysis of the > > firmware situation until after the release, and I still feel that that > > is where it belongs: not on the list, but with a (delegated) team of > > developers who have access to proper legal advice and can study the > > implementation issues surrounding it in relative quiet and can prepare > > a position statement (with alternatives) that can _then_ be voted on. > > On past experience, I have no confidence in this being done well in > secret. I note that we have agreed that we will not hide problems. This > should be done in public as far as possible. In endless flamewars that fail to reach any real result? Of course the delegates should work openly, but they should also be allowed to prepare their position statement in relative quiet before submitting it (probably in concept) for general discussion. And of course their reasoning needs to be documented and supported by evidence. [...] > > This is still an interpretation of the intention of the GPL, not a > > legal standpoint. > > What is the difference between an interpretation and a legal standpoint? > Years in law school and a lack of personal investment in the problem? Larry (in this quote) only makes a claim about how firmware in general is produced, has no evidence how it was produced in these specific cases and himself does not even mention GPL implications. The interpretation is done by the next person who jumps to the conclusion "thus it is not distributable under the GPL". Again, I have no firm opinion on this because I'll happily admit I've never really made a study of the GPL (other than to the extend required for NM), however I do feel that claims of non-compliance should be backed by evidence and verifiable expert (legal) opinion especially if it is a claim that is not supported by the FOSS community at large. [...] > I think maybe the licenceholders in the above text should be the > licensors or the copyright holders, but even then the argument seems > incorrect to me. Yes, I realized that too after I had gone to bed: licenceholder should be copyright holder. > We can easily argue that the upstream kernel developers are primarily > responsible, but we should check their work, as any mistake can make > DDs, mirrors and vendors liable too. We must be confident that we have > valid permissions from the copyright holders - that is to say, for each > expression, we have a licensing statement from them that says something > like firmware Z is Copyright year Y person X and licensed under the terms > of the GNU GPL. > > If someone questions Z and we can't show a valid licence for it, we > should investigate, then remove or replace if needed, not ignore it, > rant about Licence Nazis or ping-pong bugs. Agreed. See the procedure at the beginning of the mail. Still no need for a GR anywhere. > Hope that explains, Thanks for your mail, FJP
Attachment:
pgpbK0JyzvC8b.pgp
Description: PGP signature