Distributions
News and Editorials
LCA: Cooperative management of package copyright and licensing data
Kate Stewart is the manager of the PowerPC team at Freescale. As such, she has a basic customer service problem to solve: people who buy a board from Freescale would like to have some sort of operating system to run on it. That system, of course, will be Linux; satisfying this requirement means that Freescale must operate as a sort of Linux distributor. At her linux.conf.au talk, Kate talked about a new initiative aimed at helping distributors to ensure that they are compliant with the licenses of the software they are shipping.
Early GPL enforcement actions against companies like Cisco were, arguably,
misplaced: Cisco was just gluing its nameplate onto hardware (and
![[Kate Stewart]](https://static.lwn.net/images/conf/lca2010/KateStewart-sm.jpg)
software) supplied to it by far-eastern manufacturing operations. The
original GPL violation was committed by the
original manufacturers who incorporated GPL-licensed software and failed to
live up to the source distribution requirements. There
was a clear purpose behind targeting companies like Cisco, though: the
unpleasantness of dealing with GPL compliance problems was meant to get
them to require compliance from their suppliers, which were otherwise
harder to reach. Companies seem to have gotten the message; Kate noted
that the supply chain is now routinely requiring certification of license
compliance from suppliers. So Freescale needs to stay on top of license
compliance in order to be able to sell its products; your editor suspects
this may be a more powerful motivation than the mere need to avoid
copyright infringement.
One common worry related to license compliance, of course, is that somebody might have somehow included proprietary code into a freely-licensed package. More common, though, are simple license compatibility issues, such as the inclusion of a GPL-licensed file in an ostensibly BSD-licensed package. Finding this kind of problem requires the examination of every file distributed with a package - and there are a lot of packages with a great many files out there. It's a lot of work.
Freescale is certainly not the only Linux distributor, and it is not the only one facing this problem; anybody who is distributing software (free or otherwise) is (or at least should be) going through a similar process. That leads to a lot of duplicated work which really could be shared. At the first LinuxCon event in September 2009, a number of interested parties got together to try to figure out if there was a way that the license validation and compliance work could be carried out in a more community-oriented manner.
The problem may seem simple, but there are a lot of details to deal with, starting with the large number of ways of analyzing projects. At one end, commercial tools provided by companies like Black Duck and Palamida can automate the task of finding a number of common licensing problems. But there are also many homegrown tools and spreadsheets in use throughout the industry. The end result is predictable: lots of incompatible data, inconsistent work, and duplicated effort.
Given that, it's not surprising that this new (and, apparently, still unnamed) project is starting with an attempt to standardize the encoding of information about packages. This information comes at a number of levels:
- The identification of the project as a whole, including metadata on
the results of any analysis which has been done. Included here is a
formal name for the package, its published location, the stated
license (and any possible alternative licenses), how the package is
used (is it a standalone program or a library?), the copyright holders
and dates of copyright, etc.
- Package-specific facts: the version that was analyzed, hashes for each
of the included files, how the information about the package was
generated, and so on. There will also be the equivalent of a "signed
off by" tag whereby people doing analysis on a package would certify
their results.
- File-specific information for every file found in the package: its full path name, the type of the file, the license governing it, copyright information, and so on.
Once the process of standardizing the encoding of this information has been completed, the project can move on to the second phase, which is the creation of a common site to host information stored in that format. The idea here is to make it easy to look up and share information on specific packages, and to make any known problems publicly visible.
All of that, in turn, has a goal beyond the simple sharing of work: they would also like to improve the quality of the next generation of packages. By making public review of licensing information easier, it is hoped that problems will be found (and fixed) sooner. One gets the sense that companies like Freescale are getting tired of finding licensing issues in packages which are scheduled to ship in a few days. A related goal is to make package maintainers more aware of where their code is coming from. As licensing issues are found in a public review process, maintainers will, hopefully, begin to pay more attention and these issues will become less common.
The project is still in an early stage; there is a mailing list set up on the FOSSBazaar site, but not a whole lot else. The dreaded regular conference call will be established in the near future. The group hopes to create a proposed standard within the next few months; the Linux Foundation will be helping with legal review to ensure that all of the appropriate bases are covered. The current plan is to get the first version of the standard published in August, 2010.
During the question period, Andrew Bartlett expressed his dislike for the central database concept. Centrally-maintained information, he says, will soon go stale. It would be better to create a format for a license metadata file which could be maintained and shipped with the project itself; he said he would be glad to carry such information with the Samba distribution. That is an idea which will likely be carried back to the working group for consideration.
Licensing is an important component of the free software development process, and ensuring that our licenses are complied with is incumbent upon anybody engaged in software distribution. But all of the associated due diligence work really only has to be done once; like the development of the software itself, it can be managed in a community-oriented manner. The formalization and organization of the associated information is a logical first step toward bringing a community process to this important - if not necessarily fun - task.
New Releases
AV Linux 3.0R1 Released!
The first revision of AV Linux 3.0 is available. "On the heels of AV Linux 3.0, version 3.0R1 (R1=Revision 1) has been released. I, better than anyone perhaps realize the inconvenience of a new version so quickly, it is my hope that this is the best move in the long run to provide a stable base that has a broader possible range of installation and can be better maintained with updated packages over the course of a longer "shelf life". This fixes many of the installation issues created by 3.0 as well as streamlining and drastically reducing the ISO size down to just over a Gigabyte. My sincere thanks to the AV Linux users who were guinea pigs and helped to test and provide feedback on 3.0R1 before it's release."
openSUSE releases the openSUSE Build Service Beta 2
openSUSE has released the second beta of the openSUSE Build Service (OBS). "This release is now feature complete and also the API should be final by now. Biggest changes since beta 1 are: * Switch to Ruby on Rails 2.3.5 * The branch call is doing full copies of packages now, not just _link files anymore * Repository status + dirty flag is calculated and displayed in the web interface (and with osc 0.125) * many bugfixes esp. in api and webui * Workers can get auto configured via SLP."
Open Xange 2010
The Xange team has announced the release of Open Xange 2010: the very best of Xange, only with OSS - Open Source Software. Xange is a Fedora remix with KDE.Pardus Linux 2009.1 arrives - Update (The H)
The H covers the release of Pardus Linux 2009.1. "The Pardus developers have announced the release of Pardus Linux 2009.1. Pardus is a Turkish distribution sponsored by The National Research Institute of Electronics and Cryptology (UEKAE) and includes several unique features: PiSi (Packages Installed Successfully, as Intended), an efficient and small package management system for installing and managing software implemented using Python, and COMAR, their own COnfiguration MAnageR that includes the Mudar init system for Pardus."
Puredyne 9.10 released
Puredyne 9.10 is out. "Puredyne is a GNU/Linux live distribution aimed at creative people, looking for tools outside the standard. It provides the best experimental creative applications alongside a solid set of graphic, audio and video tools in a fast, minimal package. For everything from sound art to innovative filmmaking." Changes in this release appear to include 64-bit support and the "broth" mechanism designed to make it easy to create derivative distributions.
Ubuntu 'Lucid' Alpha 2 released
The second alpha of the Ubuntu 10.04 "Lucid Lynx" release is available for testing. There's a number of changes in this alpha, including the removal of Hal, a 2.6.32 kernel, and no less than three versions of the proprietary NVIDIA drivers. See this page for a detailed view of the changes planned for 10.04 as a whole.
Distribution News
Mandriva Linux
Noteworthy changes in Mandriva Cooker
Frederik Himpe covers some recent changes in Mandriva's development Cooker. "GNOME has been upgraded to the new development release 2.29.5. The Cheese webcam application has been split into different libraries, making it easier for other applications to integrate webcam functionality (like avatar choosers in instant messaging applications). Epiphany now uses an infobar to ask the user for saving website username and password and stores them in the GNOME keyring."
Ubuntu family
Minutes from the Ubuntu Technical Board meeting
Click below for the minutes from the January 12, 2010 meeting of the Ubuntu Technical Board.Developer Membership Board election results
The Ubuntu development team has elected the members of the Developer Membership Board. Click below for the results.
Distribution Newsletters
DistroWatch Weekly, Issue 337
The DistroWatch Weekly for January 18, 2010 is out. "With most major distributions in the early stages of preparation for their next stable releases, it seems like a good time to take a look at some of the lesser-known projects. This week we examine Jibbed 5.0.1, a NetBSD-based live CD that boots into an Xfce desktop and includes a number of desktop applications. In the news section, a new community remix of Fedora with media codecs and improved hardware support makes its first appearance, Mandriva updates its development branch with the latest testing builds of GNOME and KDE, the Dreamlinux user community expresses fears over the future of the project, and Arch Linux developers defend the "Arch way" in an interview at OSNews. Also in this week's issue, Jesse Smith explains why free software is sometimes perceived as inferior compared to proprietary applications. Finally, don't miss the statistics section which takes another look at online sales of free operating systems. Happy reading!"
Fedora Weekly News 209
The Fedora Weekly News for January 17, 2010 is out. "This issue starts with announcements from the project, including availability of Open Xange 2010, a Fedora + KDE distro, a change in cmake macro usage, and some feature update pings for Fedora 13. In Ambassador news, details on the FAmSCo chair, vice-chair named. In Quality Assurance news, lots of detail from this past week's QA Team meetings, plus details on an X.org testing request, desktop validation update, and an updated gnome-shell available for testing.In Translation news, a request for submission branches for Anaconda, notice that virt-viewer has been added and is available for translations, and a new coordinator of the Brazilian Portuguese translation team. In Art/Design Team news, notice of the approval of the new Design Spin for Fedora, and updates to the Fedora 13 theming and graphics. This week issue wraps up with the latest security advisories for Fedora 11 and 12. We hope you enjoy Fedora Weekly News 209!"
openSUSE Weekly News/106
This issue of the openSUSE Weekly News covers * openSUSE News: OBS supports new branch and merge handling, * Unixmen/srlinuxx: Five useful extensions for Openoffice, * Jussi Kekkonen (Tm_T): KDE Software Compilation 4.4 RC1 Codename "Cornelius" released, * Sirko Kemter: Building an openSUSE Art-Team, * TuxRadar: The best Linux desktop search tools, and more.Ubuntu Weekly Newsletter #176
The Ubuntu Weekly Newsletter for January 16, 2010 is out. "In this issue we cover: Ubuntu 10.4 Lucid Lynx Alpha 2, Ubuntu Developer Week, Ubuntu User Day, new Ubuntu Women leadership, and Free Culture Showcase."
Page editor: Rebecca Sobol
Next page:
Development>>