| 1 |
On Fri, Sep 8, 2017 at 6:09 AM, Ulrich Mueller <ulm@g.o> wrote: |
| 2 |
> |
| 3 |
> Quoting from "all-rights-reserved": |
| 4 |
> |
| 5 |
> | This package has an explicit "all rights reserved" clause, or comes |
| 6 |
> | without any license, or only with a disclaimer. This means that you |
| 7 |
> | have only the rights that are granted to you by law. If you have |
| 8 |
> | lawfully acquired a copy of the program (e.g., by buying it or by |
| 9 |
> | downloading it from the author's site) then in many legislations you |
| 10 |
> | are allowed to compile it, run it, make a backup, and to patch it as |
| 11 |
> | necessary, without permission from the copyright holder. |
| 12 |
> |
| 13 |
> Note that it explicitly says "downloading from the author's site". |
| 14 |
|
| 15 |
It also explicitly says "e.g." This means that this is merely one way |
| 16 |
of lawfully acquiring a copy of the program, and that other ways may |
| 17 |
exist. It sounds pedantic but this is the whole reason that "e.g." |
| 18 |
exists as opposed to "i.e." and courts certainly would read the policy |
| 19 |
in this way because lawyers distinguish between the two all the time. |
| 20 |
|
| 21 |
> I still think that we should handle this in a restrictive way, and |
| 22 |
> permit only sites where we can be reasonably certain that they |
| 23 |
> distribute the software with the copyright holder's approval. |
| 24 |
|
| 25 |
Sure, that's you opinion, and I have a different opinion, and kentnl |
| 26 |
has another opinion. |
| 27 |
|
| 28 |
This is why we have processes to turn those opinions into documented |
| 29 |
policies so that we can be consistent. Failing to do this can cause |
| 30 |
all kinds of problems. Suppose we remove this package. Suppose we |
| 31 |
don't remove some other package with the same problem. In the absence |
| 32 |
of a written policy one way or another somebody could cite your |
| 33 |
statement as a concession. |
| 34 |
|
| 35 |
> |
| 36 |
> Why not follow kentnl's suggestion? If you don't want to figure out |
| 37 |
> what the connection between the author and the download site is, then |
| 38 |
> make the ebuild fetch restricted, and have the user download the |
| 39 |
> file manually. I'd also suggest to put only the file's basename in |
| 40 |
> SRC_URI then. |
| 41 |
> |
| 42 |
|
| 43 |
It would be inconvenient for the user. That's why we don't |
| 44 |
fetch-restrict every package in the tree, even though doing so would |
| 45 |
lower our risk of getting sued. Maybe the Linux foundation |
| 46 |
redistributes something it shouldn't. I doubt it, but it could |
| 47 |
happen. If we fetch-restricted the kernel then we'd be covered if |
| 48 |
another SCO comes along. But, that would be ridiculous. We don't |
| 49 |
even do that with things like libcss which are higher risk. |
| 50 |
|
| 51 |
-- |
| 52 |
Rich |
Archives