Unrar package might contain proprietary code.

Unrar package might contain proprietary code.

[Clément Lassieur]

I had a look at the source of the recently commited "unrar" package, and
I could not find neither "copyright" lines nor pointers to the full
notice, except in unrarlib.h and unrarlib.c, which belong to a different
project.  IANAL, but according to GPLv2 and
https://www.gnu.org/licenses/gpl-howto.en.html, those things are
mandatory, COPYING is not enough.  So I think the "unrar" package
contains proprietary code.

Re: Unrar package might contain proprietary code.

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1602 bytes --]

On Wed, Mar 01, 2017 at 08:59:37PM +0100, Cl??ment Lassieur wrote:
     I had a look at the source of the recently commited "unrar" package, and
     I could not find neither "copyright" lines nor pointers to the full
     notice, except in unrarlib.h and unrarlib.c, which belong to a different
     project.  IANAL, but according to GPLv2 and
     https://www.gnu.org/licenses/gpl-howto.en.html, those things are
     mandatory, COPYING is not enough.  So I think the "unrar" package
     contains proprietary code.

I think you are mistaken.

Yes,  the package does not explicitly have headers in the way that GNU recommends.
But I do not see how such a recommendation is "mandatory". (It's mandatory for
gnu programs, but there are many non-gnu programs in Guix)

The placement of COPYING  - whilst normally not all that we would like - is
part performance of an intent  to licence the software.

Like you say, the authors have taken GPL code from another project and incorporated
it into unrar - that is only possible if the the resultant work is GPL compatible.

Also if you look at the site where it is hosted https://gna.org/projects/unrar you
will see that it says: License: GNU General Public License V2 or later.


So, whilst it has been poorly executed, I believe there is ample evidence that this 
program is licenced GPL.

J'


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Unrar package might contain proprietary code.

[Clément Lassieur]

> Yes,  the package does not explicitly have headers in the way that GNU recommends.
> But I do not see how such a recommendation is "mandatory". (It's mandatory for
> gnu programs, but there are many non-gnu programs in Guix)

This is what I was referring to:

    Whichever license you plan to use, the process involves adding two
    elements to each source file of your program: a copyright notice (such
    as “Copyright 1999 Terry Jones”), and a statement of copying permission,
    saying that the program is distributed under the terms of the GNU
    General Public License (or the Lesser GPL).

To me it is pretty clear.  And it is not only about GNU programs.

> Like you say, the authors have taken GPL code from another project and incorporated
> it into unrar - that is only possible if the the resultant work is GPL compatible.

Or if the resultant work is illegal?

> Also if you look at the site where it is hosted https://gna.org/projects/unrar you
> will see that it says: License: GNU General Public License V2 or later.

But the site could be mistaken too.

Re: Unrar package might contain proprietary code.

[Clément Lassieur]

>> Like you say, the authors have taken GPL code from another project and incorporated
>> it into unrar - that is only possible if the the resultant work is GPL compatible.
>
> Or if the resultant work is illegal?

Actually, unrarlib is dual-licensed, so it is possible to use it within
a proprietary program (see http://www.unrarlib.org/license.html).

But I'll trust you that COPYING is enough :)  Sorry for bothering you
then.

Clément

Re: Unrar package might contain proprietary code.

[Alex Vong]

[-- Attachment #1: Type: text/plain, Size: 1170 bytes --]

Clément Lassieur <clement@lassieur.org> writes:

>>> Like you say, the authors have taken GPL code from another project
>>> and incorporated
>>> it into unrar - that is only possible if the the resultant work is
>>> GPL compatible.
>>
>> Or if the resultant work is illegal?
>
> Actually, unrarlib is dual-licensed, so it is possible to use it within
> a proprietary program (see http://www.unrarlib.org/license.html).
>
> But I'll trust you that COPYING is enough :)  Sorry for bothering you
> then.
>
> Clément

I think Debian considered it to be non-free, see the package page[0] and
the copyright page[1].

However, 'unar'[2] can also extract rar files and is free
software[3]. It is on my TODO list. (But I am busy studying right now
and the program uses gnustep which is something I am not familiar with.)
John, if you like you can look into it.

[0]: https://packages.debian.org/sid/unrar
[1]: http://metadata.ftp-master.debian.org/changelogs/non-free/u/unrar-nonfree/unrar-nonfree_5.4.5-1_copyright
[2]: https://packages.debian.org/sid/unar
[3]: http://metadata.ftp-master.debian.org/changelogs/main/u/unar/unar_1.10.1-1_copyright

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: Unrar package might contain proprietary code.

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 846 bytes --]

On Thu, Mar 02, 2017 at 09:45:50AM +0800, Alex Vong wrote:
> Clément Lassieur <clement@lassieur.org> writes:
> 
> >>> Like you say, the authors have taken GPL code from another project
> >>> and incorporated
> >>> it into unrar - that is only possible if the the resultant work is
> >>> GPL compatible.
> >>
> >> Or if the resultant work is illegal?
> >
> > Actually, unrarlib is dual-licensed, so it is possible to use it within
> > a proprietary program (see http://www.unrarlib.org/license.html).
> >
> > But I'll trust you that COPYING is enough :)  Sorry for bothering you
> > then.
> >
> > Clément
> 
> I think Debian considered it to be non-free, see the package page[0] and
> the copyright page[1].

> [0]: https://packages.debian.org/sid/unrar

I think this is a different program with the same name and purpose.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Unrar package might contain proprietary code.

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1144 bytes --]

I don't have any strong opinions here.  But if somebody feels that we really cannot
have this program in Guix, then go ahead and revert it.

In the meantime I will try to contact the authors and ask for clarification.  However
since the project has been inactive for the last 13 years, I don't hold too much 
hope of getting a reply.

J'

On Wed, Mar 01, 2017 at 10:19:59PM +0100, Cl??ment Lassieur wrote:
     >> Like you say, the authors have taken GPL code from another project and incorporated
     >> it into unrar - that is only possible if the the resultant work is GPL compatible.
     >
     > Or if the resultant work is illegal?
     
     Actually, unrarlib is dual-licensed, so it is possible to use it within
     a proprietary program (see http://www.unrarlib.org/license.html).
     
     But I'll trust you that COPYING is enough :)  Sorry for bothering you
     then.
     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Unrar package might contain proprietary code.

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1681 bytes --]

Also pertinent:

This program is listed in https://directory.fsf.org/wiki/Unrar-free

J'

On Thu, Mar 02, 2017 at 06:54:24AM +0100, John Darrington wrote:
     I don't have any strong opinions here.  But if somebody feels that we really cannot
     have this program in Guix, then go ahead and revert it.
     
     In the meantime I will try to contact the authors and ask for clarification.  However
     since the project has been inactive for the last 13 years, I don't hold too much 
     hope of getting a reply.
     
     J'
     
     On Wed, Mar 01, 2017 at 10:19:59PM +0100, Cl??ment Lassieur wrote:
          >> Like you say, the authors have taken GPL code from another project and incorporated
          >> it into unrar - that is only possible if the the resultant work is GPL compatible.
          >
          > Or if the resultant work is illegal?
          
          Actually, unrarlib is dual-licensed, so it is possible to use it within
          a proprietary program (see http://www.unrarlib.org/license.html).
          
          But I'll trust you that COPYING is enough :)  Sorry for bothering you
          then.
          
     
     -- 
     Avoid eavesdropping.  Send strong encrypted email.
     PGP Public key ID: 1024D/2DE827B3 
     fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
     See http://sks-keyservers.net or any PGP keyserver for public key.
     



-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Unrar package might contain proprietary code.

[Alex Vong]

[-- Attachment #1: Type: text/plain, Size: 1694 bytes --]

John Darrington <john@darrington.wattle.id.au> writes:

> Also pertinent:
>
> This program is listed in https://directory.fsf.org/wiki/Unrar-free
>
As Leo has pointed out, I have mistoken it as another program. So it
should be fine!

> J'
>
> On Thu, Mar 02, 2017 at 06:54:24AM +0100, John Darrington wrote:
>      I don't have any strong opinions here.  But if somebody feels
> that we really cannot
>      have this program in Guix, then go ahead and revert it.
>      
>      In the meantime I will try to contact the authors and ask for
> clarification.  However
>      since the project has been inactive for the last 13 years, I
> don't hold too much
>      hope of getting a reply.
>      
>      J'
>      
>      On Wed, Mar 01, 2017 at 10:19:59PM +0100, Cl??ment Lassieur wrote:
>           >> Like you say, the authors have taken GPL code from
>           >> another project and incorporated
>           >> it into unrar - that is only possible if the the
>           >> resultant work is GPL compatible.
>           >
>           > Or if the resultant work is illegal?
>           
>           Actually, unrarlib is dual-licensed, so it is possible to
> use it within
>           a proprietary program (see http://www.unrarlib.org/license.html).
>           
>           But I'll trust you that COPYING is enough :)  Sorry for bothering you
>           then.
>           
>      
>      -- 
>      Avoid eavesdropping.  Send strong encrypted email.
>      PGP Public key ID: 1024D/2DE827B3 
>      fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
>      See http://sks-keyservers.net or any PGP keyserver for public key.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: Unrar package might contain proprietary code.

[Ricardo Wurmus]

John Darrington <john@darrington.wattle.id.au> writes:

> I don't have any strong opinions here.  But if somebody feels that we really cannot
> have this program in Guix, then go ahead and revert it.
>
> In the meantime I will try to contact the authors and ask for clarification.  However
> since the project has been inactive for the last 13 years, I don't hold too much
> hope of getting a reply.

This appears to be free software (unlike the official unrar programme).
I don’t think we need to remove it from Guix.

~~ Ricardo