all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Unrar package might contain proprietary code.
@ 2017-03-01 19:59 Clément Lassieur
  2017-03-01 20:20 ` John Darrington
  0 siblings, 1 reply; 10+ messages in thread
From: Clément Lassieur @ 2017-03-01 19:59 UTC (permalink / raw)
  To: guix-devel; +Cc: John Darrington

I had a look at the source of the recently commited "unrar" package, and
I could not find neither "copyright" lines nor pointers to the full
notice, except in unrarlib.h and unrarlib.c, which belong to a different
project.  IANAL, but according to GPLv2 and
https://www.gnu.org/licenses/gpl-howto.en.html, those things are
mandatory, COPYING is not enough.  So I think the "unrar" package
contains proprietary code.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-01 19:59 Unrar package might contain proprietary code Clément Lassieur
@ 2017-03-01 20:20 ` John Darrington
  2017-03-01 20:39   ` Clément Lassieur
  0 siblings, 1 reply; 10+ messages in thread
From: John Darrington @ 2017-03-01 20:20 UTC (permalink / raw)
  To: Cl??ment Lassieur; +Cc: guix-devel, John Darrington

[-- Attachment #1: Type: text/plain, Size: 1602 bytes --]

On Wed, Mar 01, 2017 at 08:59:37PM +0100, Cl??ment Lassieur wrote:
     I had a look at the source of the recently commited "unrar" package, and
     I could not find neither "copyright" lines nor pointers to the full
     notice, except in unrarlib.h and unrarlib.c, which belong to a different
     project.  IANAL, but according to GPLv2 and
     https://www.gnu.org/licenses/gpl-howto.en.html, those things are
     mandatory, COPYING is not enough.  So I think the "unrar" package
     contains proprietary code.

I think you are mistaken.

Yes,  the package does not explicitly have headers in the way that GNU recommends.
But I do not see how such a recommendation is "mandatory". (It's mandatory for
gnu programs, but there are many non-gnu programs in Guix)

The placement of COPYING  - whilst normally not all that we would like - is
part performance of an intent  to licence the software.

Like you say, the authors have taken GPL code from another project and incorporated
it into unrar - that is only possible if the the resultant work is GPL compatible.

Also if you look at the site where it is hosted https://gna.org/projects/unrar you
will see that it says: License: GNU General Public License V2 or later.


So, whilst it has been poorly executed, I believe there is ample evidence that this 
program is licenced GPL.

J'


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-01 20:20 ` John Darrington
@ 2017-03-01 20:39   ` Clément Lassieur
  2017-03-01 21:19     ` Clément Lassieur
  0 siblings, 1 reply; 10+ messages in thread
From: Clément Lassieur @ 2017-03-01 20:39 UTC (permalink / raw)
  To: John Darrington; +Cc: guix-devel, John Darrington

> Yes,  the package does not explicitly have headers in the way that GNU recommends.
> But I do not see how such a recommendation is "mandatory". (It's mandatory for
> gnu programs, but there are many non-gnu programs in Guix)

This is what I was referring to:

    Whichever license you plan to use, the process involves adding two
    elements to each source file of your program: a copyright notice (such
    as “Copyright 1999 Terry Jones”), and a statement of copying permission,
    saying that the program is distributed under the terms of the GNU
    General Public License (or the Lesser GPL).

To me it is pretty clear.  And it is not only about GNU programs.

> Like you say, the authors have taken GPL code from another project and incorporated
> it into unrar - that is only possible if the the resultant work is GPL compatible.

Or if the resultant work is illegal?

> Also if you look at the site where it is hosted https://gna.org/projects/unrar you
> will see that it says: License: GNU General Public License V2 or later.

But the site could be mistaken too.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-01 20:39   ` Clément Lassieur
@ 2017-03-01 21:19     ` Clément Lassieur
  2017-03-02  1:45       ` Alex Vong
  2017-03-02  5:54       ` John Darrington
  0 siblings, 2 replies; 10+ messages in thread
From: Clément Lassieur @ 2017-03-01 21:19 UTC (permalink / raw)
  To: John Darrington; +Cc: guix-devel, John Darrington

>> Like you say, the authors have taken GPL code from another project and incorporated
>> it into unrar - that is only possible if the the resultant work is GPL compatible.
>
> Or if the resultant work is illegal?

Actually, unrarlib is dual-licensed, so it is possible to use it within
a proprietary program (see http://www.unrarlib.org/license.html).

But I'll trust you that COPYING is enough :)  Sorry for bothering you
then.

Clément

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-01 21:19     ` Clément Lassieur
@ 2017-03-02  1:45       ` Alex Vong
  2017-03-02  1:49         ` Leo Famulari
  2017-03-02  5:54       ` John Darrington
  1 sibling, 1 reply; 10+ messages in thread
From: Alex Vong @ 2017-03-02  1:45 UTC (permalink / raw)
  To: Clément Lassieur; +Cc: guix-devel, John Darrington

[-- Attachment #1: Type: text/plain, Size: 1170 bytes --]

Clément Lassieur <clement@lassieur.org> writes:

>>> Like you say, the authors have taken GPL code from another project
>>> and incorporated
>>> it into unrar - that is only possible if the the resultant work is
>>> GPL compatible.
>>
>> Or if the resultant work is illegal?
>
> Actually, unrarlib is dual-licensed, so it is possible to use it within
> a proprietary program (see http://www.unrarlib.org/license.html).
>
> But I'll trust you that COPYING is enough :)  Sorry for bothering you
> then.
>
> Clément

I think Debian considered it to be non-free, see the package page[0] and
the copyright page[1].

However, 'unar'[2] can also extract rar files and is free
software[3]. It is on my TODO list. (But I am busy studying right now
and the program uses gnustep which is something I am not familiar with.)
John, if you like you can look into it.

[0]: https://packages.debian.org/sid/unrar
[1]: http://metadata.ftp-master.debian.org/changelogs/non-free/u/unrar-nonfree/unrar-nonfree_5.4.5-1_copyright
[2]: https://packages.debian.org/sid/unar
[3]: http://metadata.ftp-master.debian.org/changelogs/main/u/unar/unar_1.10.1-1_copyright

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-02  1:45       ` Alex Vong
@ 2017-03-02  1:49         ` Leo Famulari
  0 siblings, 0 replies; 10+ messages in thread
From: Leo Famulari @ 2017-03-02  1:49 UTC (permalink / raw)
  To: Alex Vong; +Cc: guix-devel, John Darrington, Clément Lassieur

[-- Attachment #1: Type: text/plain, Size: 846 bytes --]

On Thu, Mar 02, 2017 at 09:45:50AM +0800, Alex Vong wrote:
> Clément Lassieur <clement@lassieur.org> writes:
> 
> >>> Like you say, the authors have taken GPL code from another project
> >>> and incorporated
> >>> it into unrar - that is only possible if the the resultant work is
> >>> GPL compatible.
> >>
> >> Or if the resultant work is illegal?
> >
> > Actually, unrarlib is dual-licensed, so it is possible to use it within
> > a proprietary program (see http://www.unrarlib.org/license.html).
> >
> > But I'll trust you that COPYING is enough :)  Sorry for bothering you
> > then.
> >
> > Clément
> 
> I think Debian considered it to be non-free, see the package page[0] and
> the copyright page[1].

> [0]: https://packages.debian.org/sid/unrar

I think this is a different program with the same name and purpose.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-01 21:19     ` Clément Lassieur
  2017-03-02  1:45       ` Alex Vong
@ 2017-03-02  5:54       ` John Darrington
  2017-03-02  6:13         ` John Darrington
  2017-03-02 12:51         ` Ricardo Wurmus
  1 sibling, 2 replies; 10+ messages in thread
From: John Darrington @ 2017-03-02  5:54 UTC (permalink / raw)
  To: Cl??ment Lassieur; +Cc: guix-devel, John Darrington

[-- Attachment #1: Type: text/plain, Size: 1144 bytes --]

I don't have any strong opinions here.  But if somebody feels that we really cannot
have this program in Guix, then go ahead and revert it.

In the meantime I will try to contact the authors and ask for clarification.  However
since the project has been inactive for the last 13 years, I don't hold too much 
hope of getting a reply.

J'

On Wed, Mar 01, 2017 at 10:19:59PM +0100, Cl??ment Lassieur wrote:
     >> Like you say, the authors have taken GPL code from another project and incorporated
     >> it into unrar - that is only possible if the the resultant work is GPL compatible.
     >
     > Or if the resultant work is illegal?
     
     Actually, unrarlib is dual-licensed, so it is possible to use it within
     a proprietary program (see http://www.unrarlib.org/license.html).
     
     But I'll trust you that COPYING is enough :)  Sorry for bothering you
     then.
     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-02  5:54       ` John Darrington
@ 2017-03-02  6:13         ` John Darrington
  2017-03-02 10:56           ` Alex Vong
  2017-03-02 12:51         ` Ricardo Wurmus
  1 sibling, 1 reply; 10+ messages in thread
From: John Darrington @ 2017-03-02  6:13 UTC (permalink / raw)
  To: John Darrington; +Cc: guix-devel, John Darrington, Cl??ment Lassieur

[-- Attachment #1: Type: text/plain, Size: 1681 bytes --]

Also pertinent:

This program is listed in https://directory.fsf.org/wiki/Unrar-free

J'

On Thu, Mar 02, 2017 at 06:54:24AM +0100, John Darrington wrote:
     I don't have any strong opinions here.  But if somebody feels that we really cannot
     have this program in Guix, then go ahead and revert it.
     
     In the meantime I will try to contact the authors and ask for clarification.  However
     since the project has been inactive for the last 13 years, I don't hold too much 
     hope of getting a reply.
     
     J'
     
     On Wed, Mar 01, 2017 at 10:19:59PM +0100, Cl??ment Lassieur wrote:
          >> Like you say, the authors have taken GPL code from another project and incorporated
          >> it into unrar - that is only possible if the the resultant work is GPL compatible.
          >
          > Or if the resultant work is illegal?
          
          Actually, unrarlib is dual-licensed, so it is possible to use it within
          a proprietary program (see http://www.unrarlib.org/license.html).
          
          But I'll trust you that COPYING is enough :)  Sorry for bothering you
          then.
          
     
     -- 
     Avoid eavesdropping.  Send strong encrypted email.
     PGP Public key ID: 1024D/2DE827B3 
     fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
     See http://sks-keyservers.net or any PGP keyserver for public key.
     



-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-02  6:13         ` John Darrington
@ 2017-03-02 10:56           ` Alex Vong
  0 siblings, 0 replies; 10+ messages in thread
From: Alex Vong @ 2017-03-02 10:56 UTC (permalink / raw)
  To: John Darrington; +Cc: guix-devel, Cl??ment Lassieur, John Darrington

[-- Attachment #1: Type: text/plain, Size: 1694 bytes --]

John Darrington <john@darrington.wattle.id.au> writes:

> Also pertinent:
>
> This program is listed in https://directory.fsf.org/wiki/Unrar-free
>
As Leo has pointed out, I have mistoken it as another program. So it
should be fine!

> J'
>
> On Thu, Mar 02, 2017 at 06:54:24AM +0100, John Darrington wrote:
>      I don't have any strong opinions here.  But if somebody feels
> that we really cannot
>      have this program in Guix, then go ahead and revert it.
>      
>      In the meantime I will try to contact the authors and ask for
> clarification.  However
>      since the project has been inactive for the last 13 years, I
> don't hold too much
>      hope of getting a reply.
>      
>      J'
>      
>      On Wed, Mar 01, 2017 at 10:19:59PM +0100, Cl??ment Lassieur wrote:
>           >> Like you say, the authors have taken GPL code from
>           >> another project and incorporated
>           >> it into unrar - that is only possible if the the
>           >> resultant work is GPL compatible.
>           >
>           > Or if the resultant work is illegal?
>           
>           Actually, unrarlib is dual-licensed, so it is possible to
> use it within
>           a proprietary program (see http://www.unrarlib.org/license.html).
>           
>           But I'll trust you that COPYING is enough :)  Sorry for bothering you
>           then.
>           
>      
>      -- 
>      Avoid eavesdropping.  Send strong encrypted email.
>      PGP Public key ID: 1024D/2DE827B3 
>      fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
>      See http://sks-keyservers.net or any PGP keyserver for public key.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Unrar package might contain proprietary code.
  2017-03-02  5:54       ` John Darrington
  2017-03-02  6:13         ` John Darrington
@ 2017-03-02 12:51         ` Ricardo Wurmus
  1 sibling, 0 replies; 10+ messages in thread
From: Ricardo Wurmus @ 2017-03-02 12:51 UTC (permalink / raw)
  To: John Darrington; +Cc: guix-devel, John Darrington, Cl??ment Lassieur


John Darrington <john@darrington.wattle.id.au> writes:

> I don't have any strong opinions here.  But if somebody feels that we really cannot
> have this program in Guix, then go ahead and revert it.
>
> In the meantime I will try to contact the authors and ask for clarification.  However
> since the project has been inactive for the last 13 years, I don't hold too much
> hope of getting a reply.

This appears to be free software (unlike the official unrar programme).
I don’t think we need to remove it from Guix.

~~ Ricardo

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2017-03-02 12:51 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-01 19:59 Unrar package might contain proprietary code Clément Lassieur
2017-03-01 20:20 ` John Darrington
2017-03-01 20:39   ` Clément Lassieur
2017-03-01 21:19     ` Clément Lassieur
2017-03-02  1:45       ` Alex Vong
2017-03-02  1:49         ` Leo Famulari
2017-03-02  5:54       ` John Darrington
2017-03-02  6:13         ` John Darrington
2017-03-02 10:56           ` Alex Vong
2017-03-02 12:51         ` Ricardo Wurmus

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.