unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Non-free data in Poppler test suite
@ 2022-06-28 21:19 Marius Bakke
  2022-06-28 21:29 ` Maxime Devos
                   ` (3 more replies)
  0 siblings, 4 replies; 10+ messages in thread
From: Marius Bakke @ 2022-06-28 21:19 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1575 bytes --]

Hello Guix,

I discovered a potential freedom issue with the Poppler test suite.
Specifically it includes a file with the CC BY-NC-ND (non-commercial)
license:

  https://gitlab.freedesktop.org/poppler/test/-/commit/920c89f8f43bdfe8966c8e397e7f67f5302e9435

It turns out the repository is filled with PDFs of unknown origins, that
are impossible to audit.

(this issue only exists on the "core-updates" branch)

Normally we'd remove such files with a 'snippet', but these files are
not actually shipped with Poppler itself: they are downloaded separately
and only used for running tests during the build process:

  https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/pdf.scm?h=core-updates&id=8c3e9da13a3c92a7db308db8c0d81cb474ad7799#n226

As such, these files are not accessible to end users of Guix short of
disabling substitutes and grepping the store.

So the million dollar question ... are these files okay to use for Guix?

In my (non-lawyer) opinion, I have faith that Poppler developers would
not distribute files that are not freely redistributable, and that this
counts as "non-functional data" per FSDG guidelines:

  https://www.gnu.org/distros/free-system-distribution-guidelines.html

However, we failed to reach a consensus on #guix[0].  What do others
around here think?  Should we play it safe and disable Poppler tests?
Raise the issue with FSF?  Something else?

[0]: https://logs.guix.gnu.org/guix/2022-06-28.log#195123

-- 
Thanks,
Marius
(And sorry for being gone for so long!  I'm back now, promise.)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-06-28 21:19 Non-free data in Poppler test suite Marius Bakke
@ 2022-06-28 21:29 ` Maxime Devos
  2022-07-01 12:57   ` Ludovic Courtès
  2022-06-29  8:04 ` zimoun
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 10+ messages in thread
From: Maxime Devos @ 2022-06-28 21:29 UTC (permalink / raw)
  To: Marius Bakke, guix-devel

[-- Attachment #1: Type: text/plain, Size: 1093 bytes --]

Marius Bakke schreef op di 28-06-2022 om 23:19 [+0200]:
> I discovered a potential freedom issue with the Poppler test suite.
> Specifically it includes a file with the CC BY-NC-ND (non-commercial)
> license:

Given that it what (some tests) are based on, this might count as
functional data and hence not covered by the ‘non-functional data’
exception of the FSDG.

OTOH, the FSDG isn't mentioned anywhere in the manual, but ‘software in
Guix is free’ is, so maybe the FSDG doesn't apply.  Though in past
discussions, the conclusion was that the FSDG applies to Guix, so maybe
the exceptions to the freeness policy just are in lack of
documentation.

(No point in rehashing old rationale, but I'd like to point out this
policy isn't actually documented anywhere in Guix.)

Only one way to know sure what the writers of that page meant I think
-- contact the FSF?

> However, we failed to reach a consensus on #guix[0].  What do others
> around here think?  Should we play it safe and disable Poppler tests?
>  Raise the issue with FSF? 

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-06-28 21:19 Non-free data in Poppler test suite Marius Bakke
  2022-06-28 21:29 ` Maxime Devos
@ 2022-06-29  8:04 ` zimoun
  2022-07-01 13:12 ` Ludovic Courtès
  2022-07-02  9:04 ` Liliana Marie Prikler
  3 siblings, 0 replies; 10+ messages in thread
From: zimoun @ 2022-06-29  8:04 UTC (permalink / raw)
  To: Marius Bakke, guix-devel

Hi Marius,

On Tue, 28 Jun 2022 at 23:19, Marius Bakke <marius@gnu.org> wrote:

> I discovered a potential freedom issue with the Poppler test suite.
> Specifically it includes a file with the CC BY-NC-ND (non-commercial)
> license:

BY-NC-ND in short:

        This license allows reusers to copy and distribute the material
        in any medium or format in unadapted form only, for
        noncommercial purposes only, and only so long as attribution is
        given to the creator.


>   https://gitlab.freedesktop.org/poppler/test/-/commit/920c89f8f43bdfe8966c8e397e7f67f5302e9435

And the PDF provided by this commit is the extraction of page 8 from

    https://arxiv.org/pdf/2204.06128.pdf

which is a document of 21 pages.  Therefore, is this distribution of an
extracted derivative allowed by BY-NC-ND in the first place?

Maybe it seems worth to ask to Poppler devs their opinion.


Cheers,
simon

PS: I recommend the reading of https://arxiv.org/pdf/2204.06128.pdf :-)


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-06-28 21:29 ` Maxime Devos
@ 2022-07-01 12:57   ` Ludovic Courtès
  2022-07-19 12:43     ` Maxime Devos
  0 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2022-07-01 12:57 UTC (permalink / raw)
  To: Maxime Devos; +Cc: Marius Bakke, guix-devel

Maxime Devos <maximedevos@telenet.be> skribis:

> OTOH, the FSDG isn't mentioned anywhere in the manual, but ‘software in
> Guix is free’ is, so maybe the FSDG doesn't apply.  Though in past
> discussions, the conclusion was that the FSDG applies to Guix, so maybe
> the exceptions to the freeness policy just are in lack of
> documentation.

Nitpick: it’s not that “the FSDG applies to Guix” but rather the Guix
project chooses to follow the FSDG (info "(guix) Software Freedom").

Ludo’.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-06-28 21:19 Non-free data in Poppler test suite Marius Bakke
  2022-06-28 21:29 ` Maxime Devos
  2022-06-29  8:04 ` zimoun
@ 2022-07-01 13:12 ` Ludovic Courtès
  2022-07-01 19:22   ` Mark H Weaver
  2022-07-02 14:12   ` Tobias Geerinckx-Rice
  2022-07-02  9:04 ` Liliana Marie Prikler
  3 siblings, 2 replies; 10+ messages in thread
From: Ludovic Courtès @ 2022-07-01 13:12 UTC (permalink / raw)
  To: Marius Bakke; +Cc: guix-devel

Hi!

Marius Bakke <marius@gnu.org> skribis:

> So the million dollar question ... are these files okay to use for Guix?
>
> In my (non-lawyer) opinion, I have faith that Poppler developers would
> not distribute files that are not freely redistributable, and that this
> counts as "non-functional data" per FSDG guidelines:
>
>   https://www.gnu.org/distros/free-system-distribution-guidelines.html
>
> However, we failed to reach a consensus on #guix[0].  What do others
> around here think?  Should we play it safe and disable Poppler tests?
> Raise the issue with FSF?  Something else?

IANAL, but… I would argue that these PDFs are “non-functional” in the
sense that they do not have any impact on the functionality of Poppler.

It may also be that this qualifies as fair use (AIUI, we’re talking
about pages extracted from larger PDF files, right?).

What does Debian do?  :-)

Ludo’.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-07-01 13:12 ` Ludovic Courtès
@ 2022-07-01 19:22   ` Mark H Weaver
  2022-07-06  0:39     ` Marius Bakke
  2022-07-02 14:12   ` Tobias Geerinckx-Rice
  1 sibling, 1 reply; 10+ messages in thread
From: Mark H Weaver @ 2022-07-01 19:22 UTC (permalink / raw)
  To: Ludovic Courtès, Marius Bakke; +Cc: guix-devel

Hi Ludovic and Marius,

Ludovic Courtès <ludo@gnu.org> writes:

> Marius Bakke <marius@gnu.org> skribis:
>
>> So the million dollar question ... are these files okay to use for Guix?
>>
>> In my (non-lawyer) opinion, I have faith that Poppler developers would
>> not distribute files that are not freely redistributable, and that this
>> counts as "non-functional data" per FSDG guidelines:
>>
>>   https://www.gnu.org/distros/free-system-distribution-guidelines.html
>>
>> However, we failed to reach a consensus on #guix[0].  What do others
>> around here think?  Should we play it safe and disable Poppler tests?
>> Raise the issue with FSF?  Something else?
>
> IANAL, but… I would argue that these PDFs are “non-functional” in the
> sense that they do not have any impact on the functionality of Poppler.

I'm inclined to agree that the PDFs in Poppler's test suite are
"non-functional" for purposes of the FSDG.  However, even for
non-functional works, the FSDG requires that the license must allow
copying and redistribution, both for commercial and non-commercial
purposes.  Here's the relevant text from the FSDG:

  Non-functional Data

  Data that isn't functional, that doesn't do a practical job, is more
  of an adornment to the system's software than a part of it.  Thus, we
  don't insist on the free license criteria for non-functional data.  It
  can be included in a free system distribution as long as its license
  gives you permission to copy and redistribute, both for commercial and
  non-commercial purposes.  For example, [...]

  <https://www.gnu.org/distros/free-system-distribution-guidelines.html>

IANAL, but it seems fairly clear to me that the CC BY-NC-ND license does
*not* permit copying and redistribution for commercial purposes.
Specifically, section 4 paragraph 2 says:

  You may not exercise any of the rights granted to You in Section 3
 above in any manner that is primarily intended for or directed toward
 commercial advantage or private monetary compensation.

  <https://www.creativecommons.org/licenses/by-nc-nd/2.0/legalcode>

Note that section 3 is where permission to copy and redistribute is
granted.

Therefore, I think that in order to comply with the FSDG, we should use
a snippet to remove any files covered by the CC BY-NC-ND license.

What do you think?

Thank you, Marius, for bringing this to our attention.

     Regards,
       Mark

-- 
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-06-28 21:19 Non-free data in Poppler test suite Marius Bakke
                   ` (2 preceding siblings ...)
  2022-07-01 13:12 ` Ludovic Courtès
@ 2022-07-02  9:04 ` Liliana Marie Prikler
  3 siblings, 0 replies; 10+ messages in thread
From: Liliana Marie Prikler @ 2022-07-02  9:04 UTC (permalink / raw)
  To: Marius Bakke, guix-devel

Am Dienstag, dem 28.06.2022 um 23:19 +0200 schrieb Marius Bakke:
> Hello Guix,
> 
> I discovered a potential freedom issue with the Poppler test suite.
> [...]
> So the million dollar question ... are these files okay to use for
> Guix?
> 
> In my (non-lawyer) opinion, I have faith that Poppler developers would
> not distribute files that are not freely redistributable, and that this
> counts as "non-functional data" per FSDG guidelines:
Looking around the repository some more, I think there might actually
have been some neglect w.r.t. how we typically recommend licensing
information ought to be conveyed.  I've raised two issues upstream, 
[1] for data as reported here, [2] for code.  Let's see how poppler
devs reply.

Cheers

[1] https://gitlab.freedesktop.org/poppler/test/-/issues/1
[2] https://gitlab.freedesktop.org/poppler/test/-/issues/2


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-07-01 13:12 ` Ludovic Courtès
  2022-07-01 19:22   ` Mark H Weaver
@ 2022-07-02 14:12   ` Tobias Geerinckx-Rice
  1 sibling, 0 replies; 10+ messages in thread
From: Tobias Geerinckx-Rice @ 2022-07-02 14:12 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Marius Bakke, guix-devel

Hi,

Mark's reply addresses everything that would worry me from an FSDG 
perspective and more -- thanks Mark!

On 2022-07-01 15:12, Ludovic Courtès wrote:
> It may also be that this qualifies as fair use (AIUI, we’re talking
> about pages extracted from larger PDF files, right?).

...but from a copyright perspective, no, this does not fly at all I'm 
afraid.

Kind regards,

T G-R

Sent from a Web browser.  Excuse or enjoy my brevity.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-07-01 19:22   ` Mark H Weaver
@ 2022-07-06  0:39     ` Marius Bakke
  0 siblings, 0 replies; 10+ messages in thread
From: Marius Bakke @ 2022-07-06  0:39 UTC (permalink / raw)
  To: Mark H Weaver, Ludovic Courtès; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 708 bytes --]

Mark H Weaver <mhw@netris.org> skriver:

> Therefore, I think that in order to comply with the FSDG, we should use
> a snippet to remove any files covered by the CC BY-NC-ND license.

The test suite is shipped separately from the Poppler source code, and
contains many seemingly unauditable PDF files.  I don't think removing
all PDFs without a clear license and adjusting the test suite
accordingly is tenable, so I went ahead and removed the whole origin:

  https://git.savannah.gnu.org/cgit/guix.git/commit/?h=core-updates&id=72cb5a3a648a3853a772b8b1a2cd26206627fb0d

I also raised a ticket with licensing@fsf with ID [gnu.org #1851409].

Thanks for the feedback, everyone.

-- 
Marius

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Non-free data in Poppler test suite
  2022-07-01 12:57   ` Ludovic Courtès
@ 2022-07-19 12:43     ` Maxime Devos
  0 siblings, 0 replies; 10+ messages in thread
From: Maxime Devos @ 2022-07-19 12:43 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Marius Bakke, guix-devel

Ludovic Courtès schreef op vr 01-07-2022 om 14:57 [+0200]:
> Nitpick: it’s not that “the FSDG applies to Guix” but rather the Guix
> project chooses to follow the FSDG (info "(guix) Software Freedom").

OOps, I searched for 'FSDG' but not for 'free software distribution
guidelines' ...

Greetings,
Maxime.


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2022-07-19 12:49 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-28 21:19 Non-free data in Poppler test suite Marius Bakke
2022-06-28 21:29 ` Maxime Devos
2022-07-01 12:57   ` Ludovic Courtès
2022-07-19 12:43     ` Maxime Devos
2022-06-29  8:04 ` zimoun
2022-07-01 13:12 ` Ludovic Courtès
2022-07-01 19:22   ` Mark H Weaver
2022-07-06  0:39     ` Marius Bakke
2022-07-02 14:12   ` Tobias Geerinckx-Rice
2022-07-02  9:04 ` Liliana Marie Prikler

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).