[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [AMENDMENT]: Release Etch now, with source-less but legal and freely licensed firmware

On Friday 06 October 2006 14:19, MJ Ray wrote:
> As I've pointed out and repeat again here, getting this wrong may cause
> criminal liability of some resellers and mirrors.


> I think it's fair 
> for -vote to issue a clear position statement and (hopefully) protect
> the project from attack if those responsible do something different.

I still don't see what d-vote has to do with this. Distributability IMO is 
an issue that is the province of package maintainer and FTP masters.

If someone has evidence that some package or part of a package is not 
properly licenced, I see the following rough procedure:
- file an RC bug asking for removal from the archive (note: not from main
  to non-free, but total removal) of the offending material;
- maintainer will judge the BR; if he agrees, takes action; if not, he
  will probably consult with upstream (and maybe other distributions)
  about the issue;
- if upstream says there is no problem and can support that with legal
  arguments, the BR should probably be closed;
- if the submitter disagrees he can try asking for advice (d-legal, fsf)
  and possibly appeal to TC.

Compliance with licences is something based on facts, not votes. And this is 
the point that both Steve Langasek and Anthony Towns have made several 
times in this discussion.
To me it seems very strange that Debian should have a totally different take 
on this than other distros.

Only *after* having determined that the material is distributable do we need 
to decide whether or not it is suitable for main. This is where the DFSG 
comes in, where the opinion of the project counts and where you can solve 
differences of opinion or changes in policy by GR.

> > I have two times proposed to postpone the detailed analysis of the
> > firmware situation until after the release, and I still feel that that
> > is where it belongs: not on the list, but with a (delegated) team of
> > developers who have access to proper legal advice and can study the
> > implementation issues surrounding it in relative quiet and can prepare
> > a position statement (with alternatives) that can _then_ be voted on.
> On past experience, I have no confidence in this being done well in
> secret. I note that we have agreed that we will not hide problems.  This
> should be done in public as far as possible.

In endless flamewars that fail to reach any real result? Of course the 
delegates should work openly, but they should also be allowed to prepare 
their position statement in relative quiet before submitting it (probably 
in concept) for general discussion. And of course their reasoning needs to 
be documented and supported by evidence.

> > This is still an interpretation of the intention of the GPL, not a
> > legal standpoint.
> What is the difference between an interpretation and a legal standpoint?
> Years in law school and a lack of personal investment in the problem?

Larry (in this quote) only makes a claim about how firmware in general is 
produced, has no evidence how it was produced in these specific cases and 
himself does not even mention GPL implications.
The interpretation is done by the next person who jumps to the conclusion
"thus it is not distributable under the GPL".
Again, I have no firm opinion on this because I'll happily admit I've never 
really made a study of the GPL (other than to the extend required for NM), 
however I do feel that claims of non-compliance should be backed by 
evidence and verifiable expert (legal) opinion especially if it is a claim 
that is not supported by the FOSS community at large.

> I think maybe the licenceholders in the above text should be the
> licensors or the copyright holders, but even then the argument seems
> incorrect to me.

Yes, I realized that too after I had gone to bed: licenceholder should be 
copyright holder.

> We can easily argue that the upstream kernel developers are primarily
> responsible, but we should check their work, as any mistake can make
> DDs, mirrors and vendors liable too.  We must be confident that we have
> valid permissions from the copyright holders - that is to say, for each
> expression, we have a licensing statement from them that says something
> like firmware Z is Copyright year Y person X and licensed under the terms
> of the GNU GPL.
> If someone questions Z and we can't show a valid licence for it, we
> should investigate, then remove or replace if needed, not ignore it,
> rant about Licence Nazis or ping-pong bugs.

Agreed. See the procedure at the beginning of the mail. Still no need for a 
GR anywhere.

> Hope that explains,

Thanks for your mail,

Attachment: pgpM5Vz5JIyYB.pgp
Description: PGP signature

Reply to: