Bug#828970: ITP: singularity -- application containerization platform

To: <828970@bugs.debian.org>
Subject: Bug#828970: ITP: singularity -- application containerization platform
From: Dave Love <fx@gnu.org>
Date: Sun, 24 Jul 2016 00:34:49 +0100
Message-id: <[🔎] 87poq4rkrq.fsf@pc102091.liv.ac.uk>
Reply-to: Dave Love <fx@gnu.org>, 828970@bugs.debian.org
In-reply-to: <[🔎] 20160714163439.GC8170@onerussian.com> (Yaroslav Halchenko's message of "Thu, 14 Jul 2016 12:34:39 -0400")
References: <[🔎] 87wpko6yyo.fsf@pc102091.liv.ac.uk> <[🔎] 20160714163439.GC8170@onerussian.com>

Yaroslav Halchenko <debian@onerussian.com> writes:

> Thanks for following up, Dave!  I haven't realized that you are
> maintaining your own fork on github with adjusted debian packaging

It's not very adjusted from what I submitted.

> Before commenting on your points: Do you have intent to maintain
> singularity within Debian?  should we then join the forces? (I am DD so can
> upload)

No, I'm a Debian desktop user, but have to support RHEL-like systems and
package for that (though there seem to be some fundamental problems
using singularity on them and similar ones).

>> The licence is actually BSD-3-Clause-LBNL in SPDX terms.  I think its
>> default licensing clause is a potential trap which Debian might
>> consider.  I've asked for an opinion from Fedora legal about including
>> language to nullify that in a "separate written license agreement".  
>
> well -- for completeness -- it is "without imposing a separate written license
> agreement"

Yes, which is why I added a notice to COPYING.

> and overall paragraph in question is 

[...]

> which I (IANAL) do not see a problem with.  To me it reads as an additional
> clause providing copyleft like license mandating making contributions available
> back publicly or directly to the lab under permissive terms.  But indeed,
> it makes the license not quite just a BSD-3  ;)

It doesn't say the licence is to LBL.  It's definitely not copyleft, as
the purpose of copyleft is to prevent proprietary versions.  (There's an
explanation somewhere on gnu.org.)

> just a note:  problems with information on the website do not directly
> relate to the problems with the source code/packaging, and there all the terms
> are described, right?

It might be a concern if either you worry about LBL's interpretation of
the licence and copyright in general or if it made a package maintainer
unable to contribute "upstream".
>
> oh, where on the website? can't find

In the section on contributing.

> I guess you are talking about rhc54 AKA Ralph Castain ?   But he is not a
> lawyer [1] and not a major contributor to singularity anyways (although
> with sufficiently high privileges apparently on the upstream github repo).  

I know, but he appears to speak for the project and it seems consistent
with what seems to be LBL policy (but not consistent with the Open MPI
contributor agreement, for instance).

> I am really not sure what kind of bad mood (or grappa) could make him say "You
> cannot own" phrase... so I must say, I would just ignore that portion of the
> discussion, and provide concrete pull request suggesting adjustment of the
> wording and make that issue close with that:
> https://github.com/gmkurtzer/singularity/pull/137/files
> and by the time I have finished writing this email Gregory has already
> merged it!  ;)
>
> ut again -- that is not directly related to
> packaging/redistribution in Debian or Fedora.

I know what the licence says, I know what copyright law says, but I've
been around long and widely enough to worry about that being ignored or
mis-interpreted.  I'm just pointing it out and urging caution.

> oh -- thanks for the pointer.  So, if I get it right, you aren't feeling
> like contributing those patches to upstream yourself ATM?  and you would
> reconsider whenever a clarification is made on you retaining the
> copyright to those patches?

Yes.

> or what exactly? (I usually do not really
> care much enough to sweat for claiming my ownership on every line I have
> ever changed.... git log  keeps the record of the truth! ;) )

You may be OK putting changes in the public domain, but that's not
generally possible, and there's a principle involved.

> So, now we (I or you? or both?) should absorb the changes you have
> accumulated in your clone and/or fedora packaging, within Debian
> package:

Changes I've made are distributed under a BSD3 or BSD2 licence, so you
can take them if they're useful.  I think you should worry about things
that are at least potential security problems with a setuid program, but
there's a lot that potentially needs fixing.  After looking more closely
I decided the package isn't currently in a good enough state for Fedora.
I'd be happy for an expert to assure me that some of it isn't really a
problem, of course.

Reply to:

References:
- Bug#828970: ITP: singularity -- application containerization platform
  - From: Dave Love <fx@gnu.org>
- Bug#828970: ITP: singularity -- application containerization platform
  - From: Yaroslav Halchenko <debian@onerussian.com>

Prev by Date: Bug#823141: RFP: timeline -- An application to show events on a timeline
Next by Date: Bug#832311: ITP: pbtestdata -- small Pacific Biosciences datasets for testing
Previous by thread: Bug#828970: please reject singularity from NEW Was: Bug#828970: ITP: singularity
Next by thread: Processed: reassign 831232 to jitsi, forcibly merging 789038 831232
Index(es):
- Date
- Thread