|

»

Looking for +info about the license of a new package: Ossec

View: New views

12 Messages — Rating Filter: Alert me

	Looking for +info about the license of a new package: Ossec by Jose Antonio Quevedo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi all, i'm beginning to package Ossec for Debian and i've thought it would be a good idea to know from experienced people what kind of consequences will bring the legal text. This package uses some packages like openssl and others, i've heard this is a little problematic and i'd like to know more. The license can be founded here: http://www.ossec.net/main/license/ What can you tell me about it? I'll thank any information about this. Greetings -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
	Re: Looking for +info about the license of a new package: Ossec by Paul Wise-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sat, Oct 24, 2009 at 4:17 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > What can you tell me about it? One thing of note is that there is no GPL exception for OpenSSL. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Looking for +info about the license of a new package: Ossec by Jose Antonio Quevedo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Sorry, The last license looks like not being the complete license. Attached is the real and complete license, the LICENSE file included in source code. 2009/10/24 Paul Wise <pabs@...> On Sat, Oct 24, 2009 at 4:17 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > What can you tell me about it? One thing of note is that there is no GPL exception for OpenSSL. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~ LICENSE (49K) Download Attachment
	Re: Looking for +info about the license of a new package: Ossec by Paul Wise-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sat, Oct 24, 2009 at 5:15 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > Sorry, > > The last license looks like not being the complete license. > > Attached is the real and complete license, the LICENSE file included in > source code. This is exactly the same license as the website. It is just GNU GPLv3 with clarifications about their interpretation of the phrase "derivative works", which may or may not apply in a court. Same comment applies about OpenSSL. Unless they amend the license, Debian cannot distribute their software as long as it links to or uses code from OpenSSL: http://lists.debian.org/debian-legal/2007/11/threads.html#00244 http://www.fsf.org/licensing/licenses#OpenSSL -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Looking for +info about the license of a new package: Ossec by Jose Antonio Quevedo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Ok, it will never be included in main repository with this source code, but, does it mean debian will not distribute this package in any way? will it not even be included in contrib or non-free repository? 2009/10/25 Paul Wise <pabs@...> On Sat, Oct 24, 2009 at 5:15 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > Sorry, > > The last license looks like not being the complete license. > > Attached is the real and complete license, the LICENSE file included in > source code. This is exactly the same license as the website. It is just GNU GPLv3 with clarifications about their interpretation of the phrase "derivative works", which may or may not apply in a court. Same comment applies about OpenSSL. Unless they amend the license, Debian cannot distribute their software as long as it links to or uses code from OpenSSL: http://lists.debian.org/debian-legal/2007/11/threads.html#00244 http://www.fsf.org/licensing/licenses#OpenSSL -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
	Re: Looking for +info about the license of a new package: Ossec by Paul Wise-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, Nov 1, 2009 at 5:58 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > Ok, it will never be included in main repository with this source code, but, > does it mean debian will not distribute this package in any way? will it not > even be included in contrib or non-free repository? Stuff that is not distributable cannot be included in contrib/non-free. Ways it could enter Debian include: Upstream adds the OpenSSL exception to their license grant and releases a new version. Someone ports it to an SSL library that has a license that is compatible with the ossec license (such as GnuTLS). Some kind of ossec-src style package that builds contains a copy of the source code in the .deb and builds ossec during the installation of the .deb. This is likely to be rejected by the ftpmasters though. Until one of these happens it cannot be distributed by Debian. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Looking for +info about the license of a new package: Ossec by Jose Antonio Quevedo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Two more questions: About repositories: Where will the package be placed in each one of that possibilities? About the third possibility: how the package have to be done to be accepted by the ftpmaster? why could ftpmaster reject it? thanks for your answers, it's being really helpful. 2009/11/1 Paul Wise <pabs@...> On Sun, Nov 1, 2009 at 5:58 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > Ok, it will never be included in main repository with this source code, but, > does it mean debian will not distribute this package in any way? will it not > even be included in contrib or non-free repository? Stuff that is not distributable cannot be included in contrib/non-free. Ways it could enter Debian include: Upstream adds the OpenSSL exception to their license grant and releases a new version. Someone ports it to an SSL library that has a license that is compatible with the ossec license (such as GnuTLS). Some kind of ossec-src style package that builds contains a copy of the source code in the .deb and builds ossec during the installation of the .deb. This is likely to be rejected by the ftpmasters though. Until one of these happens it cannot be distributed by Debian. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
	Re: Looking for +info about the license of a new package: Ossec by Paul Wise-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, Nov 1, 2009 at 10:58 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > About repositories: > Where will the package be placed in each one of that possibilities? For the first two, probably main. > About the third possibility: > how the package have to be done to be accepted by the ftpmaster? why could > ftpmaster reject it? I think the third possibility just falls under the category of "insane", which the Debian ftpmasters tend not to like :) Anyway, the reject FAQ is here: http://ftp-master.debian.org/REJECT-FAQ.html I strongly suggest that you exhaust the first two options before visiting the third one. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Looking for +info about the license of a new package: Ossec by Jose Antonio Quevedo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message About the first path: The license [1] is showing this text: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)." isn't it enough? how should be the text that this license needs to show to satisfy the first possibility? [1] http://www.ossec.net/main/license/ 2009/11/1 Paul Wise <pabs@...> On Sun, Nov 1, 2009 at 10:58 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > About repositories: > Where will the package be placed in each one of that possibilities? For the first two, probably main. > About the third possibility: > how the package have to be done to be accepted by the ftpmaster? why could > ftpmaster reject it? I think the third possibility just falls under the category of "insane", which the Debian ftpmasters tend not to like :) Anyway, the reject FAQ is here: http://ftp-master.debian.org/REJECT-FAQ.html I strongly suggest that you exhaust the first two options before visiting the third one. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
	Re: Looking for +info about the license of a new package: Ossec by Jose Antonio Quevedo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message About the first path: The license [1] is showing this text: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)." isn't it enough? how should be the text that this license needs to show to satisfy the first possibility? [1] http://www.ossec.net/main/license/ 2009/11/1 Paul Wise <pabs@...> On Sun, Nov 1, 2009 at 10:58 PM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > About repositories: > Where will the package be placed in each one of that possibilities? For the first two, probably main. > About the third possibility: > how the package have to be done to be accepted by the ftpmaster? why could > ftpmaster reject it? I think the third possibility just falls under the category of "insane", which the Debian ftpmasters tend not to like :) Anyway, the reject FAQ is here: http://ftp-master.debian.org/REJECT-FAQ.html I strongly suggest that you exhaust the first two options before visiting the third one. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... -- Jose Antonio Quevedo Muñoz Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA -- Ever tried. Ever failed. No matter. Try again. Fail again. Fail better. ~ Samuel Beckett ~
	Re: Looking for +info about the license of a new package: Ossec by Paul Wise-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 3, 2009 at 4:34 AM, Jose Antonio Quevedo <joseantonio.quevedo@...> wrote: > isn't it enough? how should be the text that this license needs to show to > satisfy the first possibility? If you had read the links I provided you would see that it is not enough and what upstream needs to do to add an exception for OpenSSL - see especially the 3rd link below. http://ftp-master.debian.org/REJECT-FAQ.html http://www.openssl.org/support/faq.html#LEGAL2 http://www.gnome.org/~markmc/openssl-and-the-gpl.html Examples of the OpenSSL exception in use in Debian can be found here: http://www.google.com/search?q=site%3Apackages.debian.org+inurl%3Acopyright+openssl+exception -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Looking for +info about the license of a new package: Ossec by Joe Smith-10 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jose Antonio Quevedo wrote: >[snip] > >The license can be founded here: >http://www.ossec.net/main/license/ > >What can you tell me about it? > I find the the fact that they belive including the program in a propritary installer executable creates a derivitive work worrysome. Normally that is considered mere aggregation, and only rquires that they make the source available. Then there is the worry that they feel that any program that executes their code is a derivative work. I've seen plenty of propritary programs that include GPL'd programs in the background interacting with them soley through the limited interfaces the program provides on the command line. AFAIK the FSF has always considered that acceptable. This allows things like proprietary GUIs to be built around GPL'd programs. An execlent example would be a propritary IDE built around GDB, GCC, and GNU Make. That would be considered acceptable, and standard procedure would be to include the GPL''d programs in the same installer executable. Further the if-it-executes-this-code-it-is-a-derived-work interpretationimpacts not just propritary software, but free software that wished to utilize the program. It is especially troublesome since it prevents a gui wrapper that is free, but has a GPL incompatible license from being permitted. Now this is all assuming that a court is willing to accept Ossec's interpretation, and not use the more traditional interpretation, but since it is usually better to fall on the side of caution, this is a good assumption to make. -- To UNSUBSCRIBE, email to debian-legal-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...