Debian Bug report logs - #675762
RM: python-cdb -- RoM; licensing issues

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Bart Martens <bartm@debian.org>

Date: Sun, 3 Jun 2012 08:12:09 UTC

Severity: normal

Tags: squeeze

Done: Bart Martens <bartm@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 08:12:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Martens <bartm@debian.org>:
New Bug report received and forwarded. Copy sent to Debian FTP Master <ftpmaster@ftp-master.debian.org>. (Sun, 03 Jun 2012 08:12:11 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@debian.org>
To: submit@bugs.debian.org
Subject: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 08:10:09 +0000
Package: ftp.debian.org
Severity: normal

Please remove python-cdb from unstable, testing and stable.

The software "cdb" at http://cr.yp.to/cdb.html has this "information for
distributors":

 | You may distribute unmodified copies of the cdb package.  Packages that need to
 | read cdb files should incorporate the necessary portions of the cdb library
 | rather than relying on an external cdb library.

The software "python-cdb" contains a modified copy of part of the software
"cdb".  The files cdb-0.75/cdb.c and python-cdb-0.34/src/cdb.c are different.
The file python-cdb-0.34/src/cdb.c contains these lines:

 | /* Public domain. */
 | /* Adapted from DJB's original cdb-0.75 package */

So the software "python-cdb" must not be distributed, so must not be in Debian.

Regards,

Bart Martens




Information forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 13:15:02 GMT) Full text and rfc822 format available.

Message #8 received at 675762@bugs.debian.org (full text, mbox):

From: Jakub Wilk <jwilk@debian.org>
To: Bart Martens <bartm@debian.org>, 675762@bugs.debian.org
Subject: Re: Bug#675762: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 14:59:03 +0200
* Bart Martens <bartm@debian.org>, 2012-06-03, 08:10:
>Please remove python-cdb from unstable, testing and stable.

How about filing an RC bug first and than giving the maintainer time to 
react?

-- 
Jakub Wilk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 13:15:17 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Martens <bartm@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian FTP Master <ftpmaster@ftp-master.debian.org>. (Sun, 03 Jun 2012 13:15:19 GMT) Full text and rfc822 format available.

Message #13 received at 675762@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@debian.org>
To: 675762@bugs.debian.org
Subject: Re: Bug#675762: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 13:08:16 +0000
On Sun, Jun 03, 2012 at 02:59:03PM +0200, Jakub Wilk wrote:
> * Bart Martens <bartm@debian.org>, 2012-06-03, 08:10:
> >Please remove python-cdb from unstable, testing and stable.
> 
> How about filing an RC bug first and than giving the maintainer time
> to react?

The maintainer has "X-MIA: Status is removed" since 2010-03-04.  Also, this
license violation is not something that can be fixed in Debian because it is
the upstream maintainer of python-cdb violating the license of cdb.  So the
package python-cdb must be removed from Debian asap.

Regards,

Bart Martens




Information forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 13:33:03 GMT) Full text and rfc822 format available.

Message #16 received at 675762@bugs.debian.org (full text, mbox):

From: Jakub Wilk <jwilk@debian.org>
To: Bart Martens <bartm@debian.org>, 675762@bugs.debian.org
Subject: Re: Bug#675762: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 15:30:19 +0200
* Bart Martens <bartm@debian.org>, 2012-06-03, 13:08:
>>>Please remove python-cdb from unstable, testing and stable.
>>How about filing an RC bug first and than giving the maintainer time 
>>to react?
>The maintainer has "X-MIA: Status is removed" since 2010-03-04.

That's not an excuse.

>Also, this license violation is not something that can be fixed in 
>Debian because it is the upstream maintainer of python-cdb violating 
>the license of cdb.

Even assuming what you say assume about license violation is true (which 
I very doubt): have you ever heard about repacking upstream tarballs?

>So the package python-cdb must be removed from Debian asap.

Not true.

-- 
Jakub Wilk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 14:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Martens <bartm@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian FTP Master <ftpmaster@ftp-master.debian.org>. (Sun, 03 Jun 2012 14:06:04 GMT) Full text and rfc822 format available.

Message #21 received at 675762@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@debian.org>
To: Jakub Wilk <jwilk@debian.org>
Cc: 675762@bugs.debian.org
Subject: Re: Bug#675762: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 14:03:42 +0000
On Sun, Jun 03, 2012 at 03:30:19PM +0200, Jakub Wilk wrote:
> * Bart Martens <bartm@debian.org>, 2012-06-03, 13:08:
> >>>Please remove python-cdb from unstable, testing and stable.
> >>How about filing an RC bug first and than giving the maintainer
> >>time to react?
> >The maintainer has "X-MIA: Status is removed" since 2010-03-04.
> 
> That's not an excuse.

I'm not saying that "X-MIA: Status is removed" is an excuse to remove the
package.  But it does explain why "giving the maintainer time to react" is not
an option in this case.

> 
> >Also, this license violation is not something that can be fixed in
> >Debian because it is the upstream maintainer of python-cdb
> >violating the license of cdb.
> 
> Even assuming what you say assume about license violation is true
> (which I very doubt):

I'm confident that what I wrote is true.  Can you explain your doubt ?

> have you ever heard about repacking upstream
> tarballs?

Yes.

> 
> >So the package python-cdb must be removed from Debian asap.
> 
> Not true.

Can you explain that ?

Regards,

Bart Martens




Information forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 15:15:07 GMT) Full text and rfc822 format available.

Message #24 received at 675762@bugs.debian.org (full text, mbox):

From: Jakub Wilk <jwilk@debian.org>
To: Bart Martens <bartm@debian.org>, 675762@bugs.debian.org
Subject: Re: Bug#675762: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 17:13:09 +0200
[To clarify: I don't object to the removal (which might be a good idea 
anyway, given how neglected the package is), but to the style the 
request was made.]

* Bart Martens <bartm@debian.org>, 2012-06-03, 14:03:
>>>>>Please remove python-cdb from unstable, testing and stable.
>>>>How about filing an RC bug first and than giving the maintainer time 
>>>>to react?
>>>The maintainer has "X-MIA: Status is removed" since 2010-03-04.
>>That's not an excuse.
>
>I'm not saying that "X-MIA: Status is removed" is an excuse to remove 
>the package. But it does explain why "giving the maintainer time to 
>react" is not an option in this case.

AFAIUI "removed" only means the guy is not a DD anymore. That doesn't 
prevent him from maintaining his packages. But okay, let's assume for 
the moment he's hopelessly MIA (which is most likely true). Let's make 
s/maintainer/upstream maintainer, or a prospective adopter, or a random 
DD, or even DJB/ then.

>>>Also, this license violation is not something that can be fixed in 
>>>Debian because it is the upstream maintainer of python-cdb violating 
>>>the license of cdb.
>>Even assuming what you say assume about license violation is true 
>>(which I very doubt):
>I'm confident that what I wrote is true.  Can you explain your doubt ?

Things like:

- "/* Public domain. */" comments in the source;
- "python-cdb is free software, as is cdb itself. [...] modifications to 
D. J. Bernstein's public domain cdb implementation are similarly 
released to the public domain." in debian/copyright;
- "The official cdb library code is public domain: the individual source 
files are marked as such, and are also available in the public domain 
djbdns package." in the wikipedia article

might not be a very strong evidence, but at least should raise your 
doubt.

>>>So the package python-cdb must be removed from Debian asap.
>>Not true.
>Can you explain that ?

If we removed a package every time someone finds an alleged license 
violation, there wouldn't be much Debian left.

-- 
Jakub Wilk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian FTP Master <ftpmaster@ftp-master.debian.org>:
Bug#675762; Package ftp.debian.org. (Sun, 03 Jun 2012 15:33:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Martens <bartm@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian FTP Master <ftpmaster@ftp-master.debian.org>. (Sun, 03 Jun 2012 15:33:12 GMT) Full text and rfc822 format available.

Message #29 received at 675762@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@debian.org>
To: Jakub Wilk <jwilk@debian.org>
Cc: 675762@bugs.debian.org
Subject: Re: Bug#675762: RM: python-cdb -- RoQA; license violation
Date: Sun, 3 Jun 2012 15:30:07 +0000
On Sun, Jun 03, 2012 at 05:13:09PM +0200, Jakub Wilk wrote:
> [To clarify: I don't object to the removal (which might be a good
> idea anyway, given how neglected the package is), but to the style
> the request was made.]

Thanks for clarifying that you don't object to the removal.  Let's take the
debate about style and other aspects elsewhere.

Regards,

Bart Martens




Bug 675762 cloned as bug 676640 Request was from Luca Falavigna <dktrkranz@debian.org> to control@bugs.debian.org. (Fri, 08 Jun 2012 13:15:29 GMT) Full text and rfc822 format available.

Bug reassigned from package 'ftp.debian.org' to 'release.debian.org'. Request was from Luca Falavigna <dktrkranz@debian.org> to control@bugs.debian.org. (Fri, 08 Jun 2012 13:15:30 GMT) Full text and rfc822 format available.

Changed Bug title to 'RM: python-cdb/0.34-0.1' from 'RM: python-cdb -- RoQA; license violation' Request was from Luca Falavigna <dktrkranz@debian.org> to control@bugs.debian.org. (Fri, 08 Jun 2012 13:15:30 GMT) Full text and rfc822 format available.

Added tag(s) squeeze. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 08 Jun 2012 18:06:04 GMT) Full text and rfc822 format available.

Changed Bug title to 'RM: python-cdb -- RoM; licensing issues' from 'RM: python-cdb/0.34-0.1' Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 08 Jun 2012 18:06:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#675762; Package release.debian.org. (Fri, 27 Jul 2012 20:15:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Rune Tendal Kock <rune.kock@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 27 Jul 2012 20:15:09 GMT) Full text and rfc822 format available.

Message #44 received at 675762@bugs.debian.org (full text, mbox):

From: Rune Tendal Kock <rune.kock@gmail.com>
To: 675762@bugs.debian.org
Subject: I don't see the license violation here
Date: Fri, 27 Jul 2012 22:11:59 +0200
Most of the files in DJB's original tarball are marked "public
domain".  There seems no doubt to me that DJB has in that way given
permission to do anything to the files.

Were anyone else to write "You may distribute unmodified copies of the
cdb package", it would be natural to assume that they intend that you
may not distribute modified copies.  But DJB is a man who is
exceptionally careful with his wordings in such cases.  He writes
EXACTLY what he means.  And as he does not actually forbid
distribution of modified copies, he has not contradicted his public
domain comments.



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#675762; Package release.debian.org. (Fri, 27 Jul 2012 21:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bart Martens <bartm@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 27 Jul 2012 21:00:03 GMT) Full text and rfc822 format available.

Message #49 received at 675762@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@debian.org>
To: Rune Tendal Kock <rune.kock@gmail.com>, 675762@bugs.debian.org
Subject: Re: Bug#675762: I don't see the license violation here
Date: Fri, 27 Jul 2012 20:56:40 +0000
On Fri, Jul 27, 2012 at 10:11:59PM +0200, Rune Tendal Kock wrote:
> Most of the files in DJB's original tarball are marked "public
> domain".  There seems no doubt to me that DJB has in that way given
> permission to do anything to the files.

The text is clearly "You may distribute unmodified copies of the cdb package",
not "you may do anything to the files".

> 
> Were anyone else to write "You may distribute unmodified copies of the
> cdb package", it would be natural to assume that they intend that you
> may not distribute modified copies.  But DJB is a man who is
> exceptionally careful with his wordings in such cases.  He writes
> EXACTLY what he means.

Then you confirm that he meant exactly "distribute unmodified copies".

>  And as he does not actually forbid
> distribution of modified copies,

The text "You may distribute unmodified copies of the cdb package" clearly
allows to distribute unmodified copies, not modified copies.

> he has not contradicted his public
> domain comments.

"Public domain" is not always unconditional.  In this case the restriction
"unmodified" applies.

Regards,

Bart Martens



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#675762; Package release.debian.org. (Fri, 27 Jul 2012 21:12:26 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 27 Jul 2012 21:12:26 GMT) Full text and rfc822 format available.

Message #54 received at 675762@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Bart Martens <bartm@debian.org>, 675762@bugs.debian.org
Cc: Rune Tendal Kock <rune.kock@gmail.com>
Subject: Re: Bug#675762: I don't see the license violation here
Date: Fri, 27 Jul 2012 23:08:42 +0200
[Message part 1 (text/plain, inline)]
On Fri, Jul 27, 2012 at 20:56:40 +0000, Bart Martens wrote:

> "Public domain" is not always unconditional.  In this case the restriction
> "unmodified" applies.
> 
So I'm not familiar with this particular package, but "public domain"
has a specific meaning, which is contradictory with having any sort of
copyright license restrictions, AFAIK.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#675762; Package release.debian.org. (Fri, 27 Jul 2012 22:42:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 27 Jul 2012 22:42:06 GMT) Full text and rfc822 format available.

Message #59 received at 675762@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Rune Tendal Kock <rune.kock@gmail.com>
Cc: 675762@bugs.debian.org
Subject: Re: Bug#675762: I don't see the license violation here
Date: Fri, 27 Jul 2012 15:39:45 -0700
Rune Tendal Kock <rune.kock@gmail.com> writes:

> Most of the files in DJB's original tarball are marked "public domain".
> There seems no doubt to me that DJB has in that way given permission to
> do anything to the files.

http://cr.yp.to/distributors.html

2009.07.21: I hereby place the cdb package (in particular,
cdb-0.75.tar.gz, with MD5 checksum 81fed54d0bde51b147dd6c20cdb92d51) into
the public domain. The package is no longer copyrighted.

So yes, agreed.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#675762; Package release.debian.org. (Fri, 27 Jul 2012 23:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 27 Jul 2012 23:21:03 GMT) Full text and rfc822 format available.

Message #64 received at 675762@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Bart Martens <bartm@debian.org>
Cc: 675762@bugs.debian.org, Rune Tendal Kock <rune.kock@gmail.com>
Subject: Re: Bug#675762: I don't see the license violation here
Date: Fri, 27 Jul 2012 16:17:21 -0700
Bart Martens <bartm@debian.org> writes:
> On Fri, Jul 27, 2012 at 10:11:59PM +0200, Rune Tendal Kock wrote:

>> Most of the files in DJB's original tarball are marked "public domain".
>> There seems no doubt to me that DJB has in that way given permission to
>> do anything to the files.

> The text is clearly "You may distribute unmodified copies of the cdb
> package", not "you may do anything to the files".

I similarly don't agree with Rune's analysis, but djb later changed the
license in a separate statement on his web site (he did it for nearly all
of his projects), which clearly does state that all the files are now
public domain.  So there's no need to parse that statement; it's
thankfully been superseded.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>



Reply sent to Bart Martens <bartm@debian.org>:
You have taken responsibility. (Sat, 28 Jul 2012 08:45:06 GMT) Full text and rfc822 format available.

Notification sent to Bart Martens <bartm@debian.org>:
Bug acknowledged by developer. (Sat, 28 Jul 2012 08:45:06 GMT) Full text and rfc822 format available.

Message #69 received at 675762-done@bugs.debian.org (full text, mbox):

From: Bart Martens <bartm@debian.org>
To: 675762-done@bugs.debian.org
Subject: RM: python-cdb -- RoM; licensing issues
Date: Sat, 28 Jul 2012 08:41:17 +0000
On Fri, Jul 27, 2012 at 04:17:21PM -0700, Russ Allbery wrote:
> I similarly don't agree with Rune's analysis, but djb later changed the
> license in a separate statement on his web site (he did it for nearly all
> of his projects), which clearly does state that all the files are now
> public domain.  So there's no need to parse that statement; it's
> thankfully been superseded.

I find the following on the website and in the tarball :

http://cr.yp.to/distributors.html

  |  2009.07.21: I hereby place the cdb package (in particular, cdb-0.75.tar.gz,
  |  with MD5 checksum 81fed54d0bde51b147dd6c20cdb92d51) into the public domain. The
  |  package is no longer copyrighted.

http://cr.yp.to/cdb.html

  |  Information for distributors
  |  You may distribute unmodified copies of the cdb package.

cdb-0.75/README:

  |  cdb 0.75, beta.
  |  20000219
  |  Copyright 2000
  |  D. J. Bernstein
  |  
  |  cdb home page: http://cr.yp.to/cdb.html
  |  Installation instructions: http://cr.yp.to/cdb/install.html

grep -riI public cdb-0.75

  |  cdb-0.75/cdb.h:/* Public domain. */
  |  cdb-0.75/cdb.c:/* Public domain. */
  |  cdb-0.75/cdb_make.h:/* Public domain. */
  |  cdb-0.75/cdb_hash.c:/* Public domain. */
  |  cdb-0.75/cdb_make.c:/* Public domain. */

md5sum cdb-0.75.tar.gz 
81fed54d0bde51b147dd6c20cdb92d51  cdb-0.75.tar.gz

At this point I think that it is reasonable to assume that the software has
been copyrighted in the past (20000219) and that D. J. Bernstein has had the
intention on 2009.07.21 to make it unconditionally public domain.

I'm closing this bug now.

Regards,

Bart Martens



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 26 Aug 2012 07:28:25 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 05:46:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.