1 |
On Fri, Sep 8, 2017 at 6:09 AM, Ulrich Mueller <ulm@g.o> wrote: |
2 |
> |
3 |
> Quoting from "all-rights-reserved": |
4 |
> |
5 |
> | This package has an explicit "all rights reserved" clause, or comes |
6 |
> | without any license, or only with a disclaimer. This means that you |
7 |
> | have only the rights that are granted to you by law. If you have |
8 |
> | lawfully acquired a copy of the program (e.g., by buying it or by |
9 |
> | downloading it from the author's site) then in many legislations you |
10 |
> | are allowed to compile it, run it, make a backup, and to patch it as |
11 |
> | necessary, without permission from the copyright holder. |
12 |
> |
13 |
> Note that it explicitly says "downloading from the author's site". |
14 |
|
15 |
It also explicitly says "e.g." This means that this is merely one way |
16 |
of lawfully acquiring a copy of the program, and that other ways may |
17 |
exist. It sounds pedantic but this is the whole reason that "e.g." |
18 |
exists as opposed to "i.e." and courts certainly would read the policy |
19 |
in this way because lawyers distinguish between the two all the time. |
20 |
|
21 |
> I still think that we should handle this in a restrictive way, and |
22 |
> permit only sites where we can be reasonably certain that they |
23 |
> distribute the software with the copyright holder's approval. |
24 |
|
25 |
Sure, that's you opinion, and I have a different opinion, and kentnl |
26 |
has another opinion. |
27 |
|
28 |
This is why we have processes to turn those opinions into documented |
29 |
policies so that we can be consistent. Failing to do this can cause |
30 |
all kinds of problems. Suppose we remove this package. Suppose we |
31 |
don't remove some other package with the same problem. In the absence |
32 |
of a written policy one way or another somebody could cite your |
33 |
statement as a concession. |
34 |
|
35 |
> |
36 |
> Why not follow kentnl's suggestion? If you don't want to figure out |
37 |
> what the connection between the author and the download site is, then |
38 |
> make the ebuild fetch restricted, and have the user download the |
39 |
> file manually. I'd also suggest to put only the file's basename in |
40 |
> SRC_URI then. |
41 |
> |
42 |
|
43 |
It would be inconvenient for the user. That's why we don't |
44 |
fetch-restrict every package in the tree, even though doing so would |
45 |
lower our risk of getting sued. Maybe the Linux foundation |
46 |
redistributes something it shouldn't. I doubt it, but it could |
47 |
happen. If we fetch-restricted the kernel then we'd be covered if |
48 |
another SCO comes along. But, that would be ridiculous. We don't |
49 |
even do that with things like libcss which are higher risk. |
50 |
|
51 |
-- |
52 |
Rich |