Bug#828970: ITP: singularity -- application containerization platform
Yaroslav Halchenko <debian@onerussian.com> writes:
> Thanks for following up, Dave! I haven't realized that you are
> maintaining your own fork on github with adjusted debian packaging
It's not very adjusted from what I submitted.
> Before commenting on your points: Do you have intent to maintain
> singularity within Debian? should we then join the forces? (I am DD so can
> upload)
No, I'm a Debian desktop user, but have to support RHEL-like systems and
package for that (though there seem to be some fundamental problems
using singularity on them and similar ones).
>> The licence is actually BSD-3-Clause-LBNL in SPDX terms. I think its
>> default licensing clause is a potential trap which Debian might
>> consider. I've asked for an opinion from Fedora legal about including
>> language to nullify that in a "separate written license agreement".
>
> well -- for completeness -- it is "without imposing a separate written license
> agreement"
Yes, which is why I added a notice to COPYING.
> and overall paragraph in question is
[...]
> which I (IANAL) do not see a problem with. To me it reads as an additional
> clause providing copyleft like license mandating making contributions available
> back publicly or directly to the lab under permissive terms. But indeed,
> it makes the license not quite just a BSD-3 ;)
It doesn't say the licence is to LBL. It's definitely not copyleft, as
the purpose of copyleft is to prevent proprietary versions. (There's an
explanation somewhere on gnu.org.)
> just a note: problems with information on the website do not directly
> relate to the problems with the source code/packaging, and there all the terms
> are described, right?
It might be a concern if either you worry about LBL's interpretation of
the licence and copyright in general or if it made a package maintainer
unable to contribute "upstream".
>
> oh, where on the website? can't find
In the section on contributing.
> I guess you are talking about rhc54 AKA Ralph Castain ? But he is not a
> lawyer [1] and not a major contributor to singularity anyways (although
> with sufficiently high privileges apparently on the upstream github repo).
I know, but he appears to speak for the project and it seems consistent
with what seems to be LBL policy (but not consistent with the Open MPI
contributor agreement, for instance).
> I am really not sure what kind of bad mood (or grappa) could make him say "You
> cannot own" phrase... so I must say, I would just ignore that portion of the
> discussion, and provide concrete pull request suggesting adjustment of the
> wording and make that issue close with that:
> https://github.com/gmkurtzer/singularity/pull/137/files
> and by the time I have finished writing this email Gregory has already
> merged it! ;)
>
> ut again -- that is not directly related to
> packaging/redistribution in Debian or Fedora.
I know what the licence says, I know what copyright law says, but I've
been around long and widely enough to worry about that being ignored or
mis-interpreted. I'm just pointing it out and urging caution.
> oh -- thanks for the pointer. So, if I get it right, you aren't feeling
> like contributing those patches to upstream yourself ATM? and you would
> reconsider whenever a clarification is made on you retaining the
> copyright to those patches?
Yes.
> or what exactly? (I usually do not really
> care much enough to sweat for claiming my ownership on every line I have
> ever changed.... git log keeps the record of the truth! ;) )
You may be OK putting changes in the public domain, but that's not
generally possible, and there's a principle involved.
> So, now we (I or you? or both?) should absorb the changes you have
> accumulated in your clone and/or fedora packaging, within Debian
> package:
Changes I've made are distributed under a BSD3 or BSD2 licence, so you
can take them if they're useful. I think you should worry about things
that are at least potential security problems with a setuid program, but
there's a lot that potentially needs fixing. After looking more closely
I decided the package isn't currently in a good enough state for Fedora.
I'd be happy for an expert to assure me that some of it isn't really a
problem, of course.
Reply to: