Weekly Edition
Return to the Distributions page
| ||||||||||||||||||||||
Fedora's advice on GPL compliance
Giving out CDs/DVDs
--------------------
The Fedora Project Board wants our project to remain in
compliance with Free and Open Source Software licenses. We also
want to make sure our Ambassadors are properly following those
licenses when they distribute Fedora. By making sure we are
meeting our obligations under these licenses, we protect Fedora
and all its contributors, including you, our Ambassadors.
The Board asks you to do the following at events where
you hand out CDs or DVDs of Fedora:
1) Let people know that source code for everything on the
CDs/DVDs is available for download from fedoraproject.org.
Place at least a simple piece of paper on the table at the
booth, which states:
Source Code available on http://fedoraproject.org. Physical
media with source code available upon request.
2) Bring blank CDs, a computer with a CD burner, and a copy of
the SRPMS directory matching the Fedora release for which
you're handing out media.
Encourage anyone who asks for the source code to download it
from fedoraproject.org. If someone insists, burn them CDs
containing the source code. You will probably not need to do
this often, but this step is necessary to comply with the
licenses.
http://domsch.com/linux/fedora/fedora-8-livecd-srpms.txt
contains the list of SRPMS corresponding to the packages on
the Fedora 8 i686 and x86_64 Live images. Use whichever tools
you like to download and burn those to media.
Thank you for your attention to this matter, and thank you for
supporting Fedora!
Reasons Why This is Important
-----------------------------
The Fedora Project distributes its software under terms of each
of the licenses, including the GNU General Public License,
version 2. These licenses often have a requirement, such as in
GPLv2 paragraph 3, to make the "corresponding source code"
available to recipients of binary code. The Fedora Project
publishes the binaries, and source code, on the same web sites
for download. By that definition, the Fedora Project distributes
under paragraph 3(a). Refer also to:
http://fedoraproject.org/wiki/Legal/Distribution
When Ambassadors hand out CDs and DVDs at events, they need to be
able to give recipients the corresponding source code on physical
media. One way to do this is to produce (or be ready to burn
on-site) a few CDs with the source code, as downloaded from
fedoraproject.org. At events, you could post a sign such as:
Source Code available on http://fedoraproject.org. CDs with
source code available upon request.
Now, if someone at the show asks, you can encourage them to download the
code themselves (and become a contributor to Fedora). If they insist on
getting source code on physical media, then provide them with CDs with
the source code. This is an additional bit of work on the part of our
Ambassadors, but it protects both the Ambassadors, and the Fedora
Project, from any undue criticism and future obligation under these
licenses.
Matt Domsch has started a project on fedorahosted.org, called
'correspondingsource'. The goal of 'correspondingsource' is to
make it easy to get the Source RPMs for any binary bits that may
be on any Fedora media. This facility would allow the Fedora
Project to start relying upon GPLv2 paragraph 3(b). GPLv2
paragraph 3(b) requires us to make the source code available for
at least three (3) years (from the last date anyone hands out a CD/DVD -
so quite a long time). This capability is not in place today -
the code is in the Fedora Package Source Code Control
system (currently CVS), but we don't hang on to the built SRPMS
indefinitely, nor do we have a way to easily generate an ISO
image with SRPMS on it.
Matt would welcome help with this project, and the Board
encourages Fedora contributors to get involved to help ease any
burden on the community.
Signed,
The Fedora Project Board
Paul W. Frields, Chair
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
(Log in to post comments)
No good deed goes unpunished... Posted Mar 19, 2008 19:05 UTC (Wed) by linville (subscriber, #31482) [Link] It is sad to think that handing-out LiveCDs could result in a legal problem for anyone.
No good deed goes unpunished... Posted Mar 19, 2008 19:21 UTC (Wed) by armijn (subscriber, #3653) [Link] Why is this punishment? The GPL is pretty much agnostic with regards to commercial/non-commercial. If you distribute GPL licensed software (even by handing out live CDs), you have to adhere to the license, it's as simple as that.
No good deed goes unpunished... Posted Mar 19, 2008 21:03 UTC (Wed) by bignose (subscriber, #40) [Link] It's better than the alternative: that a redistributor of GPL work thinks the rules of the GPL don't apply to them. Congratulations to Fedora for demonstrating that we, who want others to play by our rules, must abide by them too.
Seems unnecessary Posted Mar 19, 2008 21:02 UTC (Wed) by jchrist (guest, #14782) [Link] From the GPL, paragraph 3:b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)The internet is a medium customarily used for software interchange, and pointing users to the web site would seem to fulfill the requirements of the license here. There is no requirement that the source and the executables be on the type of media---that wouldn't even make sense. Although I'd like to get source code stored on an eeprom! Perhaps this is directed more at perception than reality, though.
Seems unnecessary Posted Mar 19, 2008 21:37 UTC (Wed) by mdomsch (subscriber, #5920) [Link] Feel free to take this up with the FSF. GPLv3 clarifies this point, GPLv2 is murky. But that's only part of the problem. The real problem with paragraph 3b is the 3-year clock that restarts every time someone hands out a DVD on behalf of the Project. If 8 years from now, someone who is a Fedora Ambassador and had a pile of leftover PPC DVDs gives them to Goodwill, is Fedora still on the hook to provide source to Goodwill on request in 11 years? Our legal advice believes so. With no way to 'time out' the continual restart of the 3-year clock, there's no way to 'time out' the end of a 3b) obligation.
Seems unnecessary Posted Mar 20, 2008 14:57 UTC (Thu) by rjbell4 (guest, #35764) [Link] I think the person responsible would be the one performing the distribution. That is, in the example you mention, I suspect it would be the Fedora Ambassador handing out the DVDs, not the Fedora Project itself.
Seems unnecessary Posted Mar 20, 2008 16:28 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link] Legally yes but since Ambassadors are promoting the project, the project has some moral responsibility to cover for their contributors.
Think about people from "other side"! Posted Mar 21, 2008 9:07 UTC (Fri) by khim (subscriber, #9252) [Link] The real problem with paragraph 3b is the 3-year clock that restarts every time someone hands out a DVD on behalf of the Project. And this restart is very, VERY, VERY good. If 8 years from now, someone who is a Fedora Ambassador and had a pile of leftover PPC DVDs gives them to Goodwill, is Fedora still on the hook to provide source to Goodwill on request in 11 years? Stop. Answer simple question: why the hell Goodwill will even need this pile of obsolete binary packages in first place? Probably because their old systems are not supported by new, state-of-the-art distributions. But what if some error will be found in old packages after two years of use? What then? At that point packages are 10 years old - and probably noone have sources for them! Not even the RedHat (the story started with problems of keeping these sources around)! So now Goodwill is well and truly screwed... Conclusion: the exact reason for inconvinience IS reason to demand sources in this way. If noone from RedHat keeps binaries around - no need to keep sources around. Bud when you decide that binaries must be gone, they should be gone. Destroyed. Burned. Crushed. Then 3 years later you'll be clear of the obligations (and if some employer will give out odd old package without company consent you can claim ignorance). Don't give people false hope - that's worse then nothing!
I don't get it Posted Mar 19, 2008 22:13 UTC (Wed) by pr1268 (subscriber, #24648) [Link] I don't completely understand what all this is about:
Thanks for any clarifications! 1 I did find source .iso and .torrent files for both Fedora 7 and 8 on some randomly-chosen FTP mirror. But that was about six mouse-clicks away (on a non-Fedora site). 2 Disclosure: I'm a satisfied Slackware user. My comments aren't meant to insult or demean the Fedora Project, or its software product, but instead to perhaps invoke discussion on why Fedora feels it must go through such pains to comply with the strictest interpretation of GPL 3b. In fact, I respect and admire Fedora for thoroughly analyzing the situation and developing a plan of action. I'll go admonish myself for the "bloat" comment, and then I'll research how many DVDs the latest release of Debian is up to. :-)
I don't get it Posted Mar 20, 2008 0:31 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link] 1) I don't see the relevance of a purchase of a ancient version of Red Hat Linux here but yes, whoever you made the purchase from has to provide you the source code if a copy was not given at the time of purchase. 2) Fedora is pretty consistent in providing source code. In fact, Fedora does not even have a non-free repository. You can find the complete source code in all complete Fedora mirrors and the mirror list is indeed provided from the download page. You don't get direct links since that page is already pretty crowded and people who want source code can easily find it. Sure, it a couple more clicks but not a big deal and is a different ball game from distribution of source code in media. 3)The number of times anybody would ask for source code makes it cheaper to provide a copy on demand compared to provide source code every single time. 4)Fedora has about 10,000 packages in the repository currently and the complete binaries and source code won't fit into a single DVD. Not even just the binaries would fit into a single DVD. This really doesnt have much to do with bloat. Consider the case of a Fedora Live CD which is probably the more popular means of getting Fedora in events compared to regular DVD's and you can see why it wouldn't be possible to fit both binaries and source in a single disk.
Is this a joke? Posted Mar 21, 2008 9:17 UTC (Fri) by khim (subscriber, #9252) [Link] Consider the case of a Fedora Live CD which is probably the more popular means of getting Fedora in events compared to regular DVD's and you can see why it wouldn't be possible to fit both binaries and source in a single disk. We are talking about DVD-ROM's here, not DVD-R's, right? 8.9GB DVD-ROM is marginally more expensive then 4.7GB DVD-ROM, so there are plenty of space to put sources. Situation with DVD-R is totally different: dual-layer DVD-R indeed are 10 times more expensive to produce then single-layer DVD-R. But with DVD-ROM's it's not the same story: you only need two stamps instead of one and marginal cost is the same in both cases! So if Fedora is distribution with less-then-4GB public DVD ISO's (and they were doing this last time I've checked) they can easily fit sources to 8.9GB DVD-ROM!
Is this a joke? Posted Mar 22, 2008 20:25 UTC (Sat) by rahulsundaram (subscriber, #21946) [Link] There is a significant difference between the cost of CD vs DVD media and especially CD vs DVD writers in many regions. Read what you are replying to more carefully. I was referring to "Live CD" and not DVD. There is no way to fit complete binaries and sources into a single live cd.
I don't get it Posted Mar 20, 2008 2:12 UTC (Thu) by mdomsch (subscriber, #5920) [Link] 1) they're distributing under 3a) when you get both simultaneously. With this, the publisher's obligation is complete. 3) Exactly because of the added cost, we made this recommendation. We could double our production and shipping costs to produce CD/DVDs with source code as well as the binary media, but we know that at shows and events, most people are interested in getting the binary media, and wouldn't want the source code media. We would wind up throwing away a lot of source code media, so, we incurred added expense, and have created more waste, for no tangible gain. If in practice our Ambassadors are overwhelmed with requests for source code media at events, we can reconsider this approach.
I don't get it Posted Mar 20, 2008 23:29 UTC (Thu) by JoeBuck (subscriber, #2330) [Link] They either need to supply the source or the written offer. I suggest that Fedora just make the "written offer" process very easy; say, a HOW_TO_GET_SOURCE_CODE file in the top level directory of the CD.
I don't get it Posted Mar 21, 2008 0:17 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link] Written offer under 3b) has the problem Matt Domsch already cited which is a 3 year time period for which you have to maintain the equivalent source packages. When exactly the clock starts ticking for the 3 year time period is fuzzy and is a considerable risk if adversely interpreted. Fedora Project having to retain all the binary and source packages for every update it has every released (since different spins have different package sets and package versions) which is a pretty huge amount of storage space considering the release and update cycle. A comprehensive solution is being worked out on that problem as indicated in the announcement. https://fedorahosted.org/correspondingsource/
Fedora's advice on GPL compliance Posted Mar 21, 2008 12:49 UTC (Fri) by Lennie (subscriber, #49641) [Link] Why not just put it on the front of the CD/cover in bold & red print: Source code available on the website or on request. Would that not be simple and enough ?
Fedora's advice on GPL compliance Posted Mar 21, 2008 16:48 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link] Probably but then Ambassadors should be aware that they need to carry the sources if asked. That is what this announcement is all about.
Fedora's advice on GPL compliance Posted Mar 22, 2008 13:01 UTC (Sat) by mbottrell (guest, #43008) [Link] Really?! What a load of tripe. Almost all commercial entities that ship with GPL components (binary) make note to the fact that the OSS code can be downloaded from their website. 'Ambassadors' are merely 'sales-persons' in an OSS world. If I buy product X from a commercial retailer, if I really want the source, I go to the website, it shouldn't need to be any different with Linux distributions. If this is what the FSF has got to, they really do have their heads up their butts. Should I expect that GPLv4 will mean that I'll only be able to give binary distributions to my friends (Windows converts to Linux for the first time) a source CD (which they will never use), and ensure I have a stuffed parrot on my shoulder whilst singing 'Mull of Kintyre'? The availability of source code is just that... it's 'available' The Internet is a perfect medium to deliver it. For the small percentage that will actually request it, they can download it. It's time the FSF come out of their ivory towers and start actually mixing with people in the bazaar.
Fedora's advice on GPL compliance Posted Mar 22, 2008 20:29 UTC (Sat) by rahulsundaram (subscriber, #21946) [Link] Note that we are talking about GPLv2 and internet was not a medium that was accessible to as many people as it is now. GPLv3 has different requirements but there is still a lot of GPLv2 only licensed software in Fedora and that will continue for quite sometime so Fedora as a project needs to satisfy the requirements of the license.
|
||||||||||||||||||||||