[opensuse-factory] licence status
Hello, I just notice zypper have a "licences" option, that lists the licence of the installed packages. Do we have a similar list online for any openSUSE package (distribution)? for the OBS? It would be usefull to manage the licence problem If we could also have statistics about licences (list of all licences, with the usage number) it would be great :-) thanks jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am 04.02.2011 20:09, schrieb jdd:
Hello,
Hi,
I just notice zypper have a "licences" option, that lists the licence of the installed packages.
Do we have a similar list online for any openSUSE package (distribution)? for the OBS?
It would be usefull to manage the licence problem
If we could also have statistics about licences (list of all licences, with the usage number) it would be great :-)
Within my YiPI project I keep track of roughly 28.000+ packets from 300+ repositories from the openSUSE universe. I have just compiled two lists that might be helpful concerning the license discussion. You can find them at - http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_license_types.html This list shows existing different license tags (from example RPM packages). The links lead to information pages where you can find detailled (German) information about a project package. By clicking on "Homepage" you can have a quick look at their project homepage where you usually find some license information. - http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt An alphabetical list of the 28.000+ packets with their licenses. As you can see there is a zoo of licenses :-) HTH Nico
thanks jdd
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le 05/02/2011 13:35, Nicolaus Millin a écrit :
Within my YiPI project I keep track of roughly 28.000+ packets from 300+ repositories from the openSUSE universe.
good!
I have just compiled two lists that might be helpful concerning the license discussion. You can find them at
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_license_types.html
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt An alphabetical list of the 28.000+ packets with their licenses.
are these pages stable enough to be referenced on the wiki (specially the text one, easier because sorted)?
As you can see there is a zoo of licenses :-)
I know that, and think some education could limit the number of such licences for example, in the LDP HOWTOs, we have many HOWTO without any licence, that maks them impossible to change (contrary as most people think, having no licence revert to the legal author=only god licence :-) what mean exactly "any" in your document? (any permissive, any proprietary)? thanks jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am 05.02.2011 14:02, schrieb jdd:
Le 05/02/2011 13:35, Nicolaus Millin a écrit :
Within my YiPI project I keep track of roughly 28.000+ packets from 300+ repositories from the openSUSE universe.
good!
I have just compiled two lists that might be helpful concerning the license discussion. You can find them at
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_license_types.html
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt An alphabetical list of the 28.000+ packets with their licenses.
are these pages stable enough to be referenced on the wiki (specially the text one, easier because sorted)?
yes, just go ahead. The first one (html) lists all existing license tags within the openSUSE RPMs. The idea behind this was to get an overview of all the existing different license types. The text one lists all tracked RPMs alphabetically with their respective license types.
As you can see there is a zoo of licenses :-)
I know that, and think some education could limit the number of such licences
for example, in the LDP HOWTOs, we have many HOWTO without any licence, that maks them impossible to change (contrary as most people think, having no licence revert to the legal author=only god licence :-)
what mean exactly "any" in your document? (any permissive, any proprietary)?
good question ;-); to get more information on this you should have a look at the project homepages. The license information in the list only stems from the RPM license tags the package maintainers added. Best regards Nico
thanks jdd
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Nicolaus Millin <info@millin.de> wrote:
I have just compiled two lists that might be helpful concerning the license discussion. You can find them at
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_license_types.html This list shows existing different license tags (from example RPM packages). The links lead to information pages where you can find detailled (German) information about a project package. By clicking on "Homepage" you can have a quick look at their project homepage where you usually find some license information.
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt An alphabetical list of the 28.000+ packets with their licenses.
Could you please give us some explanations on the tables? Did you create them on your own? How did you retrueve the data seen inside? What does the unspecific term "GPL" mean? Why is there "CDDL" and "SUN Common Development and Distribution License 1.0" in the same table? Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am 05.02.2011 15:29, schrieb Joerg Schilling:
Nicolaus Millin<info@millin.de> wrote:
I have just compiled two lists that might be helpful concerning the license discussion. You can find them at
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_license_types.html This list shows existing different license tags (from example RPM packages). The links lead to information pages where you can find detailled (German) information about a project package. By clicking on "Homepage" you can have a quick look at their project homepage where you usually find some license information.
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt An alphabetical list of the 28.000+ packets with their licenses.
Could you please give us some explanations on the tables?
following the discussion on this list I tried to help answering a question from jdd (his mail from Fri, 04 Feb 2011 20:09:43 +0100, licence status). I tinkered a little with the database from my YiPI project that tracks a good deal of the openSUSE repositories. Having the RPM package meta information in my database I just had to create the two lists mentioned above. - OS_RPM_licenses.txt is an alphabetical list of all tracked RPMs alphabetically sorted by RPM name with their respective license information / license tag retrieved from their RPM package meta information. - OS_license_types.html is an alphabetically sorted list of all different license tags that are present in my database (right column). In the left column you´ll find one example of an RPM with this type of license. I thought this to be handy for a quick overview of the different license types. Clicking a RPM link you get to a page with detailed information about this RPM. By clicking the button "Homepage" on this detailed RPM information page you can have a closer look into a project where you usually find its license information.
Did you create them on your own?
yes
How did you retrueve the data seen inside?
by retrieving the repository RPM meta information from each repository and putting it into my database.
What does the unspecific term "GPL" mean?
sorry, I can´t answer that; the table only shows information retrieved from the RPM repositories meta information. If you follow the links and go to the homepage of a project you should get some more information there.
Why is there "CDDL" and "SUN Common Development and Distribution License 1.0" in the same table?
same as above. The list just shows what different license tags exist within my database; alphabetically sorted with an example RPM for each type of license tag. (maybe this overview can help in creating a more standardized listing in the license tag. This could make it easier to sort for license types etc.) Best regards Nico
Jörg
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Nicolaus Millin <info@millin.de> wrote:
Having the RPM package meta information in my database I just had to create the two lists mentioned above.
- OS_RPM_licenses.txt is an alphabetical list of all tracked RPMs alphabetically sorted by RPM name with their respective license information / license tag retrieved from their RPM package meta information.
- OS_license_types.html is an alphabetically sorted list of all different license tags that are present in my database (right column). In the left column you?ll find one example of an RPM with this type of license. I thought this to be handy for a quick overview of the different license types. Clicking a RPM link you get to a page with detailed information about this RPM. By clicking the button "Homepage" on this detailed RPM information page you can have a closer look into a project where you usually find its license information.
How did you retrueve the data seen inside?
by retrieving the repository RPM meta information from each repository and putting it into my database.
Well, then the base you got the data from seems to be mostly wrong...... at least if I check the program names against the claims in that list. cdrecord | CDDL, GPL, Other License(s), see package wrong.... Correct: cdrecord is 100% CDDL, there is no GPL inside, there is no other license cdda2wav | CDDL, GPL, Other License(s), see package wrong.... Correct: cdda2wav contains _no_ GPL code. It is CDDL with one file under BSD and it links against CDDL libs, against a single BSD lib and against single library (libparanoia) that is under LGPL-2.1 with versions since May 2006. mkisofs | CDDL, GPL, Other License(s), see package wrong.... Correct: mkisofs is 100% GPL, it links against one lib under BSD license and against some libraries under CDDL, but this does of course not affect the license of the "work mkisofs" - otherwise you would need to e.g. call GNU tar on Solaris CDDL+GPL smake | CDDL correct ;-) star | SUN Common Development and Distribution License 1.0 correct ;-) wodim | GPLv2 ; GPLv2+ wrong.... Correct: wodim is 100% GPLv2 icedax | GPLv2+ wrong.... Correct: icedax is GPLv2; note that cdrkit is based on a cdrtools version from September 2004 and at that time, base64.c and base64.h have been (as a result of an action from an upstream coder) illegally published under GPL. iceday still did not fix that problem. genisoimage | GPLv2+ wrong.... Correct: genisoimage is under GPLv2, it links against libraries under GPLv2 and as is derived from cdrtools from September 2004, there may be unaddressed license problems.............. vcdimager | GPLv2+ wrong.... Correct: vcdimager contains a major part (a Reed Solomon coder) that is _not_ under GPL at all. The code has been derived from an Implementation from Heiko Eißfeld who created it for the cdrtools project but made it available only to people who asked for permission to use it but definitely not under GPL: vcdimager claims that the related code is under GPL and for this reason, vcdimager is violating Copyright law. libcdio | GPLv2+ wrong.... Correct: libcdio is based on code from cdd2awav, that in former times has been published under GPLv2, For this reason, libcdio cannot be published under GPLv2+ Note that there are other problems with libcdio: libcdio is usually called from LGPL code and it is questionable whether this is legally correct. For this reason, Sun did remove libcdio from Solaris in Autumn 2006 and replaced it by a library that calls cdda2wav from a pipe My impression is that there is a need for a more in depth license review.... 8 from 10 programs I checked are not listed correctly. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le dimanche 06 février 2011 à 15:26 +0100, Joerg Schilling a écrit :
Nicolaus Millin <info@millin.de> wrote:
Having the RPM package meta information in my database I just had to create the two lists mentioned above.
- OS_RPM_licenses.txt is an alphabetical list of all tracked RPMs alphabetically sorted by RPM name with their respective license information / license tag retrieved from their RPM package meta information.
- OS_license_types.html is an alphabetically sorted list of all different license tags that are present in my database (right column). In the left column you?ll find one example of an RPM with this type of license. I thought this to be handy for a quick overview of the different license types. Clicking a RPM link you get to a page with detailed information about this RPM. By clicking the button "Homepage" on this detailed RPM information page you can have a closer look into a project where you usually find its license information.
How did you retrueve the data seen inside?
by retrieving the repository RPM meta information from each repository and putting it into my database.
Well, then the base you got the data from seems to be mostly wrong...... at least if I check the program names against the claims in that list.
cdrecord | CDDL, GPL, Other License(s), see package wrong....
Correct: cdrecord is 100% CDDL, there is no GPL inside, there is no other license
cdda2wav | CDDL, GPL, Other License(s), see package wrong....
Correct: cdda2wav contains _no_ GPL code. It is CDDL with one file under BSD and it links against CDDL libs, against a single BSD lib and against single library (libparanoia) that is under LGPL-2.1 with versions since May 2006.
mkisofs | CDDL, GPL, Other License(s), see package wrong....
Correct: mkisofs is 100% GPL, it links against one lib under BSD license and against some libraries under CDDL, but this does of course not affect the license of the "work mkisofs" - otherwise you would need to e.g. call GNU tar on Solaris CDDL+GPL
smake | CDDL correct ;-)
star | SUN Common Development and Distribution License 1.0 correct ;-)
wodim | GPLv2 ; GPLv2+ wrong....
Correct: wodim is 100% GPLv2
icedax | GPLv2+ wrong....
Correct: icedax is GPLv2; note that cdrkit is based on a cdrtools version from September 2004 and at that time, base64.c and base64.h have been (as a result of an action from an upstream coder) illegally published under GPL. iceday still did not fix that problem.
genisoimage | GPLv2+ wrong....
Correct: genisoimage is under GPLv2, it links against libraries under GPLv2 and as is derived from cdrtools from September 2004, there may be unaddressed license problems..............
vcdimager | GPLv2+ wrong....
Correct: vcdimager contains a major part (a Reed Solomon coder) that is _not_ under GPL at all. The code has been derived from an Implementation from Heiko Eißfeld who created it for the cdrtools project but made it available only to people who asked for permission to use it but definitely not under GPL: vcdimager claims that the related code is under GPL and for this reason, vcdimager is violating Copyright law.
libcdio | GPLv2+ wrong....
Correct: libcdio is based on code from cdd2awav, that in former times has been published under GPLv2, For this reason, libcdio cannot be published under GPLv2+
Note that there are other problems with libcdio: libcdio is usually called from LGPL code and it is questionable whether this is legally correct. For this reason, Sun did remove libcdio from Solaris in Autumn 2006 and replaced it by a library that calls cdda2wav from a pipe
My impression is that there is a need for a more in depth license review....
8 from 10 programs I checked are not listed correctly. \\
Feel free to open bug reports regarding these issues. -- Frederic Crozat -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Frederic Crozat <fcrozat@novell.com> wrote: ...
vcdimager | GPLv2+ wrong....
Correct: vcdimager contains a major part (a Reed Solomon coder) that is _not_ under GPL at all. The code has been derived from an Implementation from Heiko Eißfeld who created it for the cdrtools project but made it available only to people who asked for permission to use it but definitely not under GPL: vcdimager claims that the related code is under GPL and for this reason, vcdimager is violating Copyright law.
libcdio | GPLv2+ wrong....
Correct: libcdio is based on code from cdd2awav, that in former times has been published under GPLv2, For this reason, libcdio cannot be published under GPLv2+
Note that there are other problems with libcdio: libcdio is usually called from LGPL code and it is questionable whether this is legally correct. For this reason, Sun did remove libcdio from Solaris in Autumn 2006 and replaced it by a library that calls cdda2wav from a pipe
My impression is that there is a need for a more in depth license review....
8 from 10 programs I checked are not listed correctly. \\
Feel free to open bug reports regarding these issues.
How do you believe that this should be handled? A serious analysis of the license status for _many_ OSS projects is a task that takes a long time and that only partially can be done correctly in case that you rely on the statements from the authors or maintainers from a packet. A packet typically uses code from ore than one author and not every author is giving correct answers on the status (see examples from above above). On the other side, the Sun legal department discovered (during a license analysis) that there may be a problem. So I believe that an in depth license analysis for all projects may help to aproach a more clean knowledge on the license status. BTW: I came to this kind of analysis before changeing the license for most parts of the cdrtools from GPL to CDDL. Before I thought that there was no problem, but the state _after_ the chage is much cleaner than it has been before. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le lundi 07 février 2011 à 11:22 +0100, Joerg Schilling a écrit :
Frederic Crozat <fcrozat@novell.com> wrote:
...
vcdimager | GPLv2+ wrong....
Correct: vcdimager contains a major part (a Reed Solomon coder) that is _not_ under GPL at all. The code has been derived from an Implementation from Heiko Eißfeld who created it for the cdrtools project but made it available only to people who asked for permission to use it but definitely not under GPL: vcdimager claims that the related code is under GPL and for this reason, vcdimager is violating Copyright law.
libcdio | GPLv2+ wrong....
Correct: libcdio is based on code from cdd2awav, that in former times has been published under GPLv2, For this reason, libcdio cannot be published under GPLv2+
Note that there are other problems with libcdio: libcdio is usually called from LGPL code and it is questionable whether this is legally correct. For this reason, Sun did remove libcdio from Solaris in Autumn 2006 and replaced it by a library that calls cdda2wav from a pipe
My impression is that there is a need for a more in depth license review....
8 from 10 programs I checked are not listed correctly. \\
Feel free to open bug reports regarding these issues.
How do you believe that this should be handled?
It is quite simple : if it is a problem in openSUSE packages, open bug reports. If it is a problem upstream, report upstream. Period. PS : please don't cc me, I'm subscribed to the list. -- Frederic Crozat -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Frederic Crozat <fcrozat@novell.com> wrote:
Feel free to open bug reports regarding these issues.
How do you believe that this should be handled?
It is quite simple : if it is a problem in openSUSE packages, open bug reports. If it is a problem upstream, report upstream. Period.
As I reported the problem in vcdimager and libcdio already to the upstream to no avail, it is now the time to inform downstreams that they need to start own activities. This could either be to contact the related upstrams by Suse or to remove the related packages from the list of pacakges in Suse. BTW: Could you please give me an official Suse URL where I can verify the origin for the data in http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt A bug report into the Suse Bugtracking only makes sense if I know the target of the bug and if I know whether the bug is also present in the Suse database.
PS : please don't cc me, I'm subscribed to the list.
If you get a mail more than once, please fix your mailer. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le 07/02/2011 13:17, Joerg Schilling a écrit :
BTW: Could you please give me an official Suse URL where I can verify the origin for the data in http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt
if you have any installed openSUSE, zypper licences gives you the status of the package installed jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Monday 07 February 2011, Joerg Schilling wrote:
Frederic Crozat <fcrozat@novell.com> wrote:
PS : please don't cc me, I'm subscribed to the list.
If you get a mail more than once, please fix your mailer.
YOU might want to look at your mailer. You sent the message to the poster twice. It's in the header. If you can't figure it out, ask for help. Mike -- Powered by SuSE 11.0 Kernel 2.6.25 KDE 3.5 Kmail 1.9 1:41pm up 3 days 19:32, 4 users, load average: 0.12, 0.13, 0.12 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am 07.02.2011 13:17, schrieb Joerg Schilling:
Frederic Crozat<fcrozat@novell.com> wrote:
BTW: Could you please give me an official Suse URL where I can verify the origin for the data in http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt
I doubt you will be able to find an official openSUSE URL here; the lack of this kind of information was one of the main reasons I started with my YiPI project ;-) (to have a database that allows for easy retrieval of information about the (IMHO) most important / interesting openSUSE projects - and from which they and their different versions can easily be 1-click installed). The point is, the license information presented here should be as official as you can get it within openSUSE. With the help of several scripts this information is directly retrieved from the different RPM repositories (meta information). The "file OS_RPM_licenses.txt" just shows the license information each RPM maintainer provided. Best regards Nico
Jörg
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Nicolaus Millin <info@millin.de> wrote:
Am 07.02.2011 13:17, schrieb Joerg Schilling:
Frederic Crozat<fcrozat@novell.com> wrote:
BTW: Could you please give me an official Suse URL where I can verify the origin for the data in http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt
I doubt you will be able to find an official openSUSE URL here; the lack of this kind of information was one of the main reasons I started with my YiPI project ;-) (to have a database that allows for easy retrieval of information about the (IMHO) most important / interesting openSUSE projects - and from which they and their different versions can easily be 1-click installed).
Thank you for this information, so it may be a good idea to use your list as a referece for a bug report. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le 07/02/2011 11:22, Joerg Schilling a écrit :
How do you believe that this should be handled?
given we have limited manpower, I think we can only setup pages for reference on the wiki, and already this is difficult.
On the other side, the Sun legal department discovered (during a license analysis) that there may be a problem.
*our* problem is to have a brief summary exposing why is the problem and in what circomstances. *brief, because else it wont be read and so be unusefull. *summary because I'm sure the original document is long and hard to read. A link to it would be good, though, for anybody that likes reading (that's why I added links to books on our page) *but we need it because there is no universally approved authority, even SUN lawyers are not. one of the reason GPL is so popular is the charismatic person that is RMS. I'm sure GPL is appropriate in many circonstances, but pretty sure it's not always. You made a very intersting discussion of your difficulties on your web site, thanks. Individualism is high in our world, so many developpers wants they own licence, thinking they need one. Creative Common did a good work, tying to limit the number of licences. The openSUSE problem, speaking as a distribution, is that we need to make all this live peacefully :-( I beg we can only do our best and try to avoid conflicts as much as possible. jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/06/2011 04:26 PM, Joerg Schilling wrote:
Nicolaus Millin <info@millin.de> wrote:
Having the RPM package meta information in my database I just had to create the two lists mentioned above.
- OS_RPM_licenses.txt is an alphabetical list of all tracked RPMs alphabetically sorted by RPM name with their respective license information / license tag retrieved from their RPM package meta information.
- OS_license_types.html is an alphabetically sorted list of all different license tags that are present in my database (right column). In the left column you?ll find one example of an RPM with this type of license. I thought this to be handy for a quick overview of the different license types. Clicking a RPM link you get to a page with detailed information about this RPM. By clicking the button "Homepage" on this detailed RPM information page you can have a closer look into a project where you usually find its license information.
How did you retrueve the data seen inside?
by retrieving the repository RPM meta information from each repository and putting it into my database.
Well, then the base you got the data from seems to be mostly wrong...... at least if I check the program names against the claims in that list.
cdrecord | CDDL, GPL, Other License(s), see package wrong....
Correct: cdrecord is 100% CDDL, there is no GPL inside, there is no other license
cdda2wav | CDDL, GPL, Other License(s), see package wrong....
Correct: cdda2wav contains _no_ GPL code. It is CDDL with one file under BSD and it links against CDDL libs, against a single BSD lib and against single library (libparanoia) that is under LGPL-2.1 with versions since May 2006.
mkisofs | CDDL, GPL, Other License(s), see package wrong....
Correct: mkisofs is 100% GPL, it links against one lib under BSD license and against some libraries under CDDL, but this does of course not affect the license of the "work mkisofs" - otherwise you would need to e.g. call GNU tar on Solaris CDDL+GPL
smake | CDDL correct ;-)
star | SUN Common Development and Distribution License 1.0 correct ;-)
wodim | GPLv2 ; GPLv2+ wrong....
Correct: wodim is 100% GPLv2
icedax | GPLv2+ wrong....
Correct: icedax is GPLv2; note that cdrkit is based on a cdrtools version from September 2004 and at that time, base64.c and base64.h have been (as a result of an action from an upstream coder) illegally published under GPL. iceday still did not fix that problem.
genisoimage | GPLv2+ wrong....
Correct: genisoimage is under GPLv2, it links against libraries under GPLv2 and as is derived from cdrtools from September 2004, there may be unaddressed license problems..............
vcdimager | GPLv2+ wrong....
Correct: vcdimager contains a major part (a Reed Solomon coder) that is _not_ under GPL at all. The code has been derived from an Implementation from Heiko Eißfeld who created it for the cdrtools project but made it available only to people who asked for permission to use it but definitely not under GPL: vcdimager claims that the related code is under GPL and for this reason, vcdimager is violating Copyright law.
libcdio | GPLv2+ wrong....
Correct: libcdio is based on code from cdd2awav, that in former times has been published under GPLv2, For this reason, libcdio cannot be published under GPLv2+
Note that there are other problems with libcdio: libcdio is usually called from LGPL code and it is questionable whether this is legally correct. For this reason, Sun did remove libcdio from Solaris in Autumn 2006 and replaced it by a library that calls cdda2wav from a pipe
My impression is that there is a need for a more in depth license review....
8 from 10 programs I checked are not listed correctly.
Jörg
Now you are prodding me a bit too hard. I maintain multimedia:libs and I know that those libs mostly libcdio are used in the backend of most, if not all media players. How many years have you known this and how long ago was it that you informed upstream and a reference to the report is needed because you have proven yourself not very good at unbiased factual communication maybe it was the wording of your bug report, you did use a bug report?. By unbiased I'm referring to the influence that your ego has. Which other major distros are you informing about this or is this a vendetta against openSUSE? Or do we have a case that openSUSE is too lenient with your illogical licensing statements and inflammatory comments. Huh Dave P -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Dave Plater <davejplater@gmail.com> wrote:
Now you are prodding me a bit too hard. I maintain multimedia:libs and I know that those libs mostly libcdio are used in the backend of most, if not all media players. How many years have you known this and how long ago was it that you informed upstream and a reference to the report is needed because you
As mentioned before, this has been discovered and published by the Sun legal department in 2006. Why don't you know about the problems?
have proven yourself not very good at unbiased factual communication maybe it was the wording of your bug report, you did use a bug report?. By unbiased I'm referring to the influence that your ego has. Which other major distros are you informing about this or is this a vendetta against openSUSE? Or do we have a case that openSUSE is too lenient with your illogical licensing statements and inflammatory comments.
I am sorry to see that you seem to be very biased. Why do you attack me instead of trying to have a fact based discussion? Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/09/2011 12:41 AM, Joerg Schilling wrote:
Dave Plater <davejplater@gmail.com> wrote:
Now you are prodding me a bit too hard. I maintain multimedia:libs and I know that those libs mostly libcdio are used in the backend of most, if not all media players. How many years have you known this and how long ago was it that you informed upstream and a reference to the report is needed because you
As mentioned before, this has been discovered and published by the Sun legal department in 2006. Why don't you know about the problems?
have proven yourself not very good at unbiased factual communication maybe it was the wording of your bug report, you did use a bug report?. By unbiased I'm referring to the influence that your ego has. Which other major distros are you informing about this or is this a vendetta against openSUSE? Or do we have a case that openSUSE is too lenient with your illogical licensing statements and inflammatory comments.
I am sorry to see that you seem to be very biased. Why do you attack me instead of trying to have a fact based discussion?
You have put the license status of a major library in question. That is an attack. You don't want me to attack you. I will slander and libel you across the internet and press, believe me I have nothing except a very creative imagination and afaic all is fair in love and war. This will be war. Why can't you answer my questions why does the first statement you made accuse me of attacking you, it only gives credence to the statement "You have proven yourself not very good at unbiased factual communication" read through this thread and tell me if anything constructive has come of this so called discussion. There's still a standoff between the patent holder of cdrtools and no hope of resolution. What are you really trying to achieve with your provocative comments? Dave Plater
Jörg
It's not biased, I can see the possible consequences of a statement like yours on this list. openSUSE attempts to adhere to the law to the best of it's abilities and you are attempting to put a major library in legal doubt. Why not do this to all the major linux distros at once or are you scared. I don't know what linux and openSUSE has done to you in the past. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Wed, 09 Feb 2011 01:06:53 +0200 Dave Plater <davejplater@gmail.com> wrote:
I don't know what linux and openSUSE has done to you in the past.
They patched his code. Which, of course is a bad assault against his highness, because Jörg's code does not need patches of unworthy users of such unworthy operating systems as "Linux". And If he decides, that "bus,id,lun" is the only way to address a device, then who are the SUSE hackers to try to ease the pain of their users by also allowing /dev/sr0! That's real blasphemy! :-) Just ignore him, no matter what crap he touts. It's the only way of dealing with him. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Dave Plater <davejplater@gmail.com> wrote:
I am sorry to see that you seem to be very biased. Why do you attack me instead of trying to have a fact based discussion?
You have put the license status of a major library in question. That is an attack. You don't want me to attack you. I will slander and libel you across the internet and press, believe me I have nothing except a very creative imagination and afaic all is fair in love and war. This will be war.
People like you are reponsible for demolishing the credibility of the Linux community. I am not willing to start a speudo discussion with people who just like to attack me, so this is an EOD for me. In case you don't understant what you did: You ruined your credibility with personal attacks. For others: I am always open for fact based discussions but I will ignore a "discussion" in case people try to treat facts similar to personal attacks. Back to facts: maintainers of "major" libraries like libcdio that ignore the Copyright law need to be prepared that their libraries cannot be used any longer. Sun as a major GNOME contributor did inform people about the problems with libcdio and there is a legal way to replace libcdio: use libgstcdda2wav.so instead. It is based on cdda2wav, it has been written by Brian Cameron and me and it even gives better DAE quality than libcdio. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/09/2011 02:12 AM, Joerg Schilling wrote:
Dave Plater <davejplater@gmail.com> wrote:
I am sorry to see that you seem to be very biased. Why do you attack me instead of trying to have a fact based discussion?
You have put the license status of a major library in question. That is an attack. You don't want me to attack you. I will slander and libel you across the internet and press, believe me I have nothing except a very creative imagination and afaic all is fair in love and war. This will be war.
People like you are reponsible for demolishing the credibility of the Linux community. I am not willing to start a speudo discussion with people who just like to attack me, so this is an EOD for me. In case you don't understant what you did: You ruined your credibility with personal attacks.
For others: I am always open for fact based discussions but I will ignore a "discussion" in case people try to treat facts similar to personal attacks.
Back to facts: maintainers of "major" libraries like libcdio that ignore the Copyright law need to be prepared that their libraries cannot be used any longer. Sun as a major GNOME contributor did inform people about the problems with libcdio and there is a legal way to replace libcdio: use libgstcdda2wav.so instead.
It is based on cdda2wav, it has been written by Brian Cameron and me and it even gives better DAE quality than libcdio.
Jörg
And it's license is? Dave P -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Feb 09, 11 19:40:49 +0200, Dave Plater wrote:
On 02/09/2011 02:12 AM, Joerg Schilling wrote:
Back to facts: maintainers of "major" libraries like libcdio that ignore the Copyright law need to be prepared that their libraries cannot be used any longer. Sun as a major GNOME contributor did inform people about the problems with libcdio and there is a legal way to replace libcdio: use libgstcdda2wav.so instead.
It is based on cdda2wav, it has been written by Brian Cameron and me and it even gives better DAE quality than libcdio.
And it's license is?
Good news: LGPLv2+ Thanks for the pointer, Joerg. cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday, February 08, 2011 05:06:53 pm Dave Plater wrote:
openSUSE attempts to adhere to the law to the best of it's abilities and you are attempting to put a major library in legal doubt.
Current status of licensing is very messy and reducing number of licenses to 1 will still leave all other parameters in numbers that will produce numerous combinations. The best what anyone on the planet can do, not only openSUSE, opensource, or proprietary code producers, is to adhere to legal stuff as much as possible. I skipped answer to Joerg, where I tried, to the best of abilities of legal outsider, to pick up all preconditions to solve issues. There is many: * licenses, * jurisdictions, * applicable laws, (etc) * contributors. There are also time lines: - when certain code was written, - what license was used at that moment, - when license text change happened, - how contributors with their legal status influence legal status of the code contributing patches, - legal environment change, (law changes and court decisions, contributor moves to another jurisdiction, etc). How easy is to solve that? You can pick one piece of code, and produce timeline, for one jurisdiction, but it will take days to collect all relevant pieces for each file, and that in case that project used some kind of version control from day one, all contributors are well known and willing to give their personal histories, and you already have timeline of all applicable licenses, laws and court decisions ready. And that is only about the code. How to calculate contributions that are not lines of the code? Graphic and audio is not a code, but it is part of the program. What about user feedback, other developers comments and advices? It is not a code, but it shapes the code. How about applying that on 2000 packages, having tens of files each, where 10000 contributors are coming from 50 jurisdictions? IMHO, whoever thinks it is possible to solve the problem is naive or has a plan, ie. specific target. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Feb 09, 11 01:06:53 +0200, Dave Plater wrote:
On 02/09/2011 12:41 AM, Joerg Schilling wrote:
Dave Plater <davejplater@gmail.com> wrote:
As mentioned before, this has been discovered and published by the Sun legal department in 2006. Why don't you know about the problems?
An obvious lack of communication.
I will slander and libel you across the internet and press, believe me I have nothing except a very creative imagination and afaic all is fair in love and war. This will be war.
If this is war, take this war to a seperate battlefield. Dave I had not expect such language from you. over and out, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 09/02/11 10:23, Juergen Weigert wrote:
On Feb 09, 11 01:06:53 +0200, Dave Plater wrote:
On 02/09/2011 12:41 AM, Joerg Schilling wrote:
Dave Plater<davejplater@gmail.com> wrote:
As mentioned before, this has been discovered and published by the Sun legal department in 2006. Why don't you know about the problems?
An obvious lack of communication.
I will slander and libel you across the internet and press, believe me I have nothing except a very creative imagination and afaic all is fair in love and war. This will be war.
If this is war, take this war to a seperate battlefield. Dave I had not expect such language from you.
over and out, JW-
This needs a list all of it's own. It has been rumbling on for years and it flares up from time to time. All of Linux on one side and Jorg on the other as usual. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Senior Staff Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, Feb 8, 2011 at 4:32 PM, Dave Plater <davejplater@gmail.com> wrote:
On 02/06/2011 04:26 PM, Joerg Schilling wrote: <snip>
libcdio | GPLv2+ wrong....
Correct: libcdio is based on code from cdd2awav, that in former times has been published under GPLv2, For this reason, libcdio cannot be published under GPLv2+
Note that there are other problems with libcdio: libcdio is usually called from LGPL code and it is questionable whether this is legally correct. For this reason, Sun did remove libcdio from Solaris in Autumn 2006 and replaced it by a library that calls cdda2wav from a pipe
My impression is that there is a need for a more in depth license review....
8 from 10 programs I checked are not listed correctly.
Jörg
Now you are prodding me a bit too hard. I maintain multimedia:libs and I know that those libs mostly libcdio are used in the backend of most, if not all media players.
Dave, Per this bugzilla libcdio has been a problem for about 4 years https://bugzilla.gnome.org/show_bug.cgi?id=413705 Comment 26 says they moved it into a "ugly" directory but left it in. https://bugzilla.gnome.org/show_bug.cgi?id=413705#c26 I have no other knowledge. I just decided to do a little googling. Greg -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Greg Freemyer <greg.freemyer@gmail.com> wrote:
Per this bugzilla libcdio has been a problem for about 4 years
Thank you! This is exactly the information I was pointing to before and it seems to have the right time stamps also. The license problem has been discovered by Sun legal in Autumn 2006 and Spring 2007 was the time when we had the first working replacement code that was based on software with no license problems and that in addition removes the security related issued from libcdio. The replacement code is in libgstcdda2wav.so and it is based on calling "cdda2wav" via three pipes, so the need for being root is encapsuled inside the carefully audited cddawav code. Cdda2wav has been enhanced by a new option "-interactive" to permit to remotely control cdda2wav from libgstcdda2wav.so. Libcdio has not just a single problem, it is full of problems. Let me mention all problems that I am currently aware of: - It is under GPLv2 but it is usually called from LGPL code. If you belive in the idiosyncratic GPL interpretation from the FSF, this is a license combination that is impossible. Note that as libcdio is published by the FSF, there is a high risk of being sued... - It includes code from cdda2wav that is under "GPLv2 only" and that was relicensed without permission. This is a clear Copyright violation. - It combines code from various other projects that never has been developed for a library, so it is a piece of muck...from a software engineering perspective. - It's function is based on a Linux security bug. This security bug has been introduced around Spring 2004 by an inexperienced hacker that enhanced the "sg" driver without understanding how it prevented security related problems before. Before the change, you had to be root in order to be able to open the device node and then could send commands as normal user. After that change, any user could open the device and any user could send any SCSI command to any SCSI device. Instead of fixing the security problem, Linus Torvalds just made the security hole less wide open and limited the SCSI commands that could be send that way. This hacky way of dealing with a serious bug unfortunately introduced a Linux self incompatibility of the underlying interface and many problems arised in Linux from people who do not understand the results of that change. Libcdio thus requires the application that calls libcdio to have root privileges if is runs on a OS without that security issues. This however would usually result in being forced to run an X11 application as root which is seen as a serious security problem that should never happen. - After it became obvious in Spring 2001, that cdparanoia reached the end of it's development cyle, I decided to create "libparanoia" from the relevant parts of the code in April 2002 and Heiko Eißfeld and I integrated libparanoia calls into cdda2wav. The original code from cdparanoia did only work on Linux and it compiled only using GCC as it depends on non-standard language extensions from GCC. I took the code from cdparanoia and made it highly portable, converted it into clean C-code so it compiles with any C-compiler and I converted the interfaces to create a clean library interface. In February 2006, I kindly asked Monty (the original code author) for a less restrictive license than GPLv2 and I got the permission to convert my version of the code to LGPL-2.1 After the code in libparanoia was a clean library with a clean and permissive license and after many small bugs have been fixed in the code by me, some other prople decided to do a similar work - but they did not make the code portable, they did not remove the GCC specific code and they did not change the calling conventions, so their code is not reentrant and their code will not work with the Apple linker.... They called their "lib" libcdparanoia and this non-portable code (still under GPLv2) is used by libcdio instead of the libparanoia I created. So be careful when talking about libparanoia as there is a serious risk to confuse two very different results from the original cdrparanoia code.
Comment 26 says they moved it into a "ugly" directory but left it in.
https://bugzilla.gnome.org/show_bug.cgi?id=413705#c26
I have no other knowledge. I just decided to do a little googling.
The comment you refer to, is based on a missunderstanding. You don't have a solution for the underlying problems, see e.g. my explanations on libparanoia from above. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hello, on Samstag, 5. Februar 2011, Nicolaus Millin wrote:
- http://www.vorkon.de/vkd/vkd-vorkon-yipi/OS_RPM_licenses.txt An alphabetical list of the 28.000+ packets with their licenses.
I just run some statistics on them, and the most popular licenses (used by at least 100 packages) are: (total: 28688 packages) 3969 GPLv2+ 3620 GPL 1960 GPL v2 or later 1423 LGPLv2.1+ 788 LGPL 745 GPLv2 738 BSD 687 MIT 639 GNU General Public License (GPL) 627 GPLv2+ ; LGPLv2.1+ 626 LGPL v2.1 or later 444 GPLv2+ or Ruby 436 MIT License (or similar) 390 BSD3c 318 BSD3c(or similar) 286 BSD 3-Clause 265 BSD License 248 LGPLv2.1 244 GPL+ or Artistic 241 Perl License 216 GPLv3+ 204 GPLv3 193 GPL v2 only 192 Apache Software License .. 191 GNU General Public License version 2 or later (GPL v2 or later) 186 The Apache Software License 183 LGPLv3 183 GPL v2 178 GNU General Public License version 2 (GPL v2) 170 Artistic 163 Apache Software License 159 BSD3 157 X11/MIT 144 Other uncritical OpenSource License 132 Artistic License 130 LGPLv2.0+ 115 GNU GPL v2 109 The PHP License, version 3.01 105 Public Domain, Freeware You can generate the full list (about 1000 lines) yourself easily: cut -d\| -f3 < OS_RPM_licenses.txt |sort | uniq -c |sort -nr As you can see, some licenses are listed more than once with slightly different names (for example "GPLv2+" and "GPL v2 and later"). You can also see that some license tags are quite unspecific ("GPL" without version note). In theory they are all worth bugreports, but 3620 packages marked as "GPL" mean lots of work and the bugzilla screening team will probably kill you if you don't assign the bugreports directly to the packager ;-) Options are: a) send a mail to opensuse-packaging and ask all packagers to fix the license tags with the next package update (should probably happen after 11.4 is branched). b) do it yourself and send a SR with the changed spec file to the packager c) BOFH method: create a whitelist or blacklist of licenses and let rpmlint fail the build for unclear license strings like just "GPL". Needless to say that this should be done after 11.4 is branched, otherwise we'd have to delay the release ;-) @jw: My initial question to you was "should the naming scheme as shown on http://license.opensuse.org/?w=1 be the preferred version for the License: tag?" - but now I see that you have both "GPLv2+" and "GPL 2.0 or later" in this list. What about showing only the preferred variant of the license string there? ;-) BTW: it would be nice to make the URLs offered in the license details (after clicking the "Analyze" button) clickable... Regards, Christian Boltz --
[SuSE vs. SUSE] A good question. Maybe the friend of ... had a company which needed urgently some money? Sorry, I can't follow you there. Do you mean there's a company that sells capital U's? [> Thorsten Kukuk and Rasmus Plewe] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/05/2011 07:19 PM, Christian Boltz wrote:
c) BOFH method: create a whitelist or blacklist of licenses and let rpmlint fail the build for unclear license strings like just "GPL". Needless to say that this should be done after 11.4 is branched, otherwise we'd have to delay the release ;-)
Most probably the most efficient method. The license field used to change from eg. "GPLv2 or later" to GPLv2+ when a package hit factory pre 11.3 time. I noticed this and now I simply change every spec file I work on like that. I don't touch any other license's field only GPL and LGPL, I do the same thing with tabs in the first part of the spec file, they also change to spaces, I used to use tabs now I use spaces, otherwise if I view the diff between devel and factory, it's difficult to read when there are tabs against spaces. AFAIK there's no such license as GPL anyway so rpmlint should fail on it. Dave P -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Saturday, February 05, 2011 07:13:50 pm Dave Plater wrote:
AFAIK there's no such license as GPL anyway so rpmlint should fail on it.
GPL without version string, doesn't differ from GPLvX+ (GPL version X or later). As in software, and I suspect, as in law, it should refer to the latest valid version. (How good idea is to give someone else power to decide what is happening with your software is another topic. GPL versions are introduced to allow people to refer to particular set of rules, not some unknown future version, so those that use GPLvX+ exclude earlier, but still accept something that can develop in direction they don't like.) -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/06/2011 05:21 AM, Rajko M. wrote:
On Saturday, February 05, 2011 07:13:50 pm Dave Plater wrote:
AFAIK there's no such license as GPL anyway so rpmlint should fail on it.
GPL without version string, doesn't differ from GPLvX+ (GPL version X or later). As in software, and I suspect, as in law, it should refer to the latest valid version.
(How good idea is to give someone else power to decide what is happening with your software is another topic.
GPL versions are introduced to allow people to refer to particular set of rules, not some unknown future version, so those that use GPLvX+ exclude earlier, but still accept something that can develop in direction they don't like.)
The problem is that openSUSE have strict rules for the license field which have to be adhered to for packages in the main distribution and unsuspecting budding packagers may run up against them by putting the wrong information in the license field after using the spec file as an example. An rpmlint check such as this would save time for legal review and also catch any older packages, that are incorrectly licensed when they are updated. It would be nice if it was "ok" to put a plain ambiguous "GPL" in the license field, I think that "MIT" is most probably the easiest in this respect. I perceive that the (L)GPL continually evolves in an attempt to allow opensource developers to create work and at the same time benefit if their work is recognised by the sharks of this world, that make such licensing necessary. MIT on the other hand is for those that are qualifying in some academic field and the work they are developing is their thesis. IMHO these are the only necessary opensource licenses. The others, except for the WTFPL which is for developers who are sick of all this licensing *@#&%, are either throwbacks from the past or attempts to have one foot in the commercial world and one foot in opensource. Dave P Damned gmail smtp server is down although there's nothing on the web site reverting to webafrica.org.za -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le 06/02/2011 09:45, Dave Plater a écrit :
The problem is that openSUSE have strict rules for the license field
I didn't even know about licence.opensuse.org :-(, it's a great page for our use.
which have to be adhered to for packages in the main distribution and unsuspecting budding packagers may run up against them by putting the wrong information in the license field after using the spec file as an example.
do you have a wiki page (or any other widely accessable page explaining that?) reducing the amount of licence is a goal everybody should share :-) even if it's not to be reached anytime soon :-(
except for the WTFPL which is for developers who are sick of all this licensing *@#&%, are either throwbacks from the past or attempts to have one foot in the commercial world and one foot in opensource.
we don't have to underestimate the licence problem. Licence is what makes the free software/open source world free, if not, do you think the multibillion cash vailable on MS side wont have cut our work down? However, making opensource software for a living is pretty difficult so we have to understand all the ways any of us uses to try to achieve this. The work on licences is only done for that. jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/06/2011 11:17 AM, jdd wrote:
Le 06/02/2011 09:45, Dave Plater a écrit :
The problem is that openSUSE have strict rules for the license field
I didn't even know about licence.opensuse.org :-(, it's a great page for our use.
which have to be adhered to for packages in the main distribution and unsuspecting budding packagers may run up against them by putting the wrong information in the license field after using the spec file as an example.
do you have a wiki page (or any other widely accessable page explaining that?)
I thought you were busy with the license one, I have a nomail account for davejplater@gmail.com and can fallback on webafrica.org.za when gmail's smtp fails like this morning. The only contributing to wiki pages I have time for is adding missing information and being fluent in english in many different languages :-) (My late wife was french, I've worked with germans before and I had a lot of greek, portugese indian and various arab flavour customers ) I sometimes make the statements clearer. My contribution to openSUSE is getting gray hair from worrying too much about packages.
reducing the amount of licence is a goal everybody should share :-) even if it's not to be reached anytime soon :-(
except for the WTFPL which is for developers who are sick of all this licensing *@#&%, are either throwbacks from the past or attempts to have one foot in the commercial world and one foot in opensource.
we don't have to underestimate the licence problem. Licence is what makes the free software/open source world free, if not, do you think the multibillion cash vailable on MS side wont have cut our work down?
However, making opensource software for a living is pretty difficult so we have to understand all the ways any of us uses to try to achieve this.
The work on licences is only done for that.
That's what the GPL is for, backed by an organisation that is populated by people that believe in a common cause and (well they should be dethroned if they do) not in it for ego or financial gain. I used to run an entity called the "harbour music club" for the encouragement and furthering of young up and coming musicians. I stepped in when the founder ( a well respected marine biologist and a musician) was no longer able to keep going and I used to print posters send emails to + 180 people and organise schedules etc. by myself and out of my own pocket in my days of wealth. This is what I expect of an organization such as the FSF.
jdd
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le 06/02/2011 14:21, Dave Plater a écrit :
On 02/06/2011 11:17 AM, jdd wrote:
do you have a wiki page (or any other widely accessable page explaining that?)
The only contributing to wiki pages I have time for is adding missing I didn't speak of you having to make a page, but somebody else could already have done. I mean a page that explains what is required for openSUSE (like you did in the mail)
information and being fluent in english in many different languages :-)
I'm not as good as you are, far from it !
That's what the GPL is for, backed by an organisation that is populated by people that believe in a common cause and (well they should be dethroned if they do) not in it for ego or financial gain.
the copyleft part of GPL is very strong, and I can understand some people can't afford to use it (let alone because they work for a salary in the IT world and vhave to acknowledge they employer. I lready had several encounters with RMS and like him very much, but I don't always agreed with him. still my own opinion have little importance, suffice to see the number of used licences to imagine they are much too numerous... jdd -- http://www.dodin.net http://pizzanetti.fr -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 02/06/2011 04:09 PM, jdd wrote:
information and being fluent in english in many different languages :-)
Being fluent in english in many different languages is a long standing joke. English itself may have more dialects than something like chinese or indian, they are just sparsely documented. Dave P. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
"Rajko M." <rmatov101@charter.net> wrote:
On Saturday, February 05, 2011 07:13:50 pm Dave Plater wrote:
AFAIK there's no such license as GPL anyway so rpmlint should fail on it.
GPL without version string, doesn't differ from GPLvX+ (GPL version X or later). As in software, and I suspect, as in law, it should refer to the latest valid version.
There is no law that controls GPL names.... Most software that is GPL based uses GPLv2 and for this reason, it is common to call GPLv2 GPL. On the other side, GPLv3 is incompatible to GPLv2 and for this reason I doubt that it would make sense to call GPLv3 GPL. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Feb 05, 11 18:19:59 +0100, Christian Boltz wrote:
@jw: My initial question to you was "should the naming scheme as shown on http://license.opensuse.org/?w=1 be the preferred version for the License: tag?" - but now I see that you have both "GPLv2+" and "GPL 2.0 or later" in this list. Yes. licenses.o.o should distinguish between a canonical name, and an alias.
BTW: it would be nice to make the URLs offered in the license details (after clicking the "Analyze" button) clickable...
It does for X11 MIT, but does not for most of the others. ... it needs some love... I'd need a volunteer to help me with this. The framework is a hand-coded HTML generator. This should be replaced by something maintainable, too. cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hello, on Montag, 7. Februar 2011, Juergen Weigert wrote:
On Feb 05, 11 18:19:59 +0100, Christian Boltz wrote:
@jw: My initial question to you was "should the naming scheme as shown on http://license.opensuse.org/?w=1 be the preferred version for the License: tag?" - but now I see that you have both "GPLv2+" and "GPL 2.0 or later" in this list.
Yes. licenses.o.o should distinguish between a canonical name, and an alias.
AFAIK there are already some aliases defined - so this means someone would "only" need to cleanup the (I guess) database to point to a common canonical name. I tend to ask you to do this yourself because errors in this area could have a big legal impact. (Maybe I can help you by asking "is foo and bar the same?", but I'm not going to answer that question myself.)
BTW: it would be nice to make the URLs offered in the license details (after clicking the "Analyze" button) clickable...
It does for X11 MIT, but does not for most of the others. ... it needs some love... I'd need a volunteer to help me with this. The framework is a hand-coded HTML generator. This should be replaced by something maintainable, too.
This leads to the questions - which programming language? - is the source in a public SVN/git/whatever repo? (including a database dump to allow testing)? - bonus question: do "hand-coded HTML generator" and "something maintainable" really conflict? ;-) (probably depends on the coding style...) Note that these are only questions, no promises ;-)) Regards, Christian Boltz -- [how to name installation sources / repositories / catalogs / channels]
I add mine, +1 for repository. If you are looking for something new, try "(software) directory". Or to be even more innovative: Make this a configure option in YaST. [>> James Ogley, > Karl Eichwalter & Robert Schiele in opensuse-factory] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hmm, should we open another thread somewhere? This one appears to be quite burned down ... On Feb 07, 11 21:25:18 +0100, Christian Boltz wrote:
the License: tag?" - but now I see that you have both "GPLv2+" and "GPL 2.0 or later" in this list.
Yes. licenses.o.o should distinguish between a canonical name, and an alias.
AFAIK there are already some aliases defined - so this means someone would "only" need to cleanup the (I guess) database to point to a common canonical name.
Yes, we apparently flag too many names as canonical names. http://svn.berlios.de/viewvc/opensuse/trunk/infrastructure/license.o.o/data/... is guilty.
I tend to ask you to do this yourself because errors in this area could have a big legal impact. (Maybe I can help you by asking "is foo and bar the same?", but I'm not going to answer that question myself.)
Send me in patches with suggestions.
This leads to the questions - which programming language? Perl, what else would you use for 'hard coding' stuff? :-)
- is the source in a public SVN/git/whatever repo? (including a database dump to allow testing)?
https://jnweiger@svn.berlios.de/svnroot/repos/opensuse/trunk/infrastructure/... see https://developer.berlios.de/svn/?group_id=11389
- bonus question: do "hand-coded HTML generator" and "something maintainable" really conflict? ;-) (probably depends on the coding style...) Not for me, I know my own style -- see yourself :-)
Note that these are only questions, no promises ;-)) Thanks for your help! :-)))
cheers, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) SuSE. Supporting Linux since 1992. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (13)
-
Christian Boltz -
Dave Plater -
Dave Plater -
Frederic Crozat -
Greg Freemyer -
jdd -
Joerg.Schilling@fokus.fraunhofer.de -
Juergen Weigert -
Mike -
Nicolaus Millin -
Rajko M. -
Sid Boyce -
Stefan Seyfried