|
Home > Archive > Debian Developers > September 2004 > non free IETF's RFC documents in .orig.tar.gz
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
non free IETF's RFC documents in .orig.tar.gz
|
|
| Anibal Monsalve Salazar 2004-08-29, 7:48 am |
| | |
| Graham Wilson 2004-08-29, 5:52 pm |
| On Sun, Aug 29, 2004 at 10:44:25PM +1000, Anibal Monsalve Salazar wrote:
> I'm going to remove all non free IETF RFC documents from a couple of
> packages in main.
>
> Should the non free IETF RFC documents be removed as well from the
> .orig.tar.gz?
Yes, you'll want to create a new upstream tarball without the RFC
documents.
--
gram
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Stephen Frost 2004-09-02, 6:55 pm |
| * Graham Wilson (bob@decoy.wox.org) wrote:
> On Sun, Aug 29, 2004 at 10:44:25PM +1000, Anibal Monsalve Salazar wrote:
>
> Yes, you'll want to create a new upstream tarball without the RFC
> documents.
Which is a terrible practice and shouldn't be done in general. The
.orig.tar.gz's really *should* be the same as the upstream tarball.
Convince upstream to remove them.
Stephen
| |
| Peter Eisentraut 2004-09-02, 6:55 pm |
| Am Montag, 30. August 2004 18:17 schrieb Stephen Frost:
> Which is a terrible practice and shouldn't be done in general. The
> .orig.tar.gz's really *should* be the same as the upstream tarball.
> Convince upstream to remove them.
How would you convince the upstream to do that? I am affected by this issue,
but I don't see how I could get the upstream to listen to this kind of issue.
If you consider their interests, removing the RFC only diminishes the overall
value of their package (minimally, but still) while seemingly gaining nothing
at all in return.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Stephen Frost 2004-09-02, 6:55 pm |
| * Peter Eisentraut (peter_e@gmx.net) wrote:
> Am Montag, 30. August 2004 18:17 schrieb Stephen Frost:
>
> How would you convince the upstream to do that? I am affected by this issue,
> but I don't see how I could get the upstream to listen to this kind of issue.
> If you consider their interests, removing the RFC only diminishes the overall
> value of their package (minimally, but still) while seemingly gaining nothing
> at all in return.
Point out the problem w/ including a non-free work in their overall
work. I wouldn't be the least suprised if many of the upstreams aren't
even aware of the rather restrictive license under which the RFCs are
distributed. You could ask that they include a link to the RFC instead.
You could mention that technically their package could end up in
non-free and not be part of Debian because of it. Certainly, the least
you could do is *ask* and *not* assume that they'd be against removing
it.
Stephen
| |
| Andreas Metzler 2004-09-02, 6:55 pm |
| On Mon, Aug 30, 2004 at 06:33:59PM +0200, Peter Eisentraut wrote:
> Am Montag, 30. August 2004 18:17 schrieb Stephen Frost:
>
> How would you convince the upstream to do that? I am affected by
> this issue, but I don't see how I could get the upstream to listen
> to this kind of issue. If you consider their interests, removing
> the RFC only diminishes the overall value of their package
> (minimally, but still) while seemingly gaining nothing at all in
> return.
The "added value" is really very minimal; RFCs can be easily found by
other means. Shipping them in the tarball usualy is just bloat.
Tell them that it makes your life as Debian maintainer difficult,
as it puts additional workload on you and that you will not be able to
ship the unchanged tarball, taking away the possibility to verify
md5sum/signature from your users.
cu andreas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Thomas Bushnell BSG 2004-09-02, 6:55 pm |
| Stephen Frost <sfrost@snowman.net> writes:
> Which is a terrible practice and shouldn't be done in general. The
> .orig.tar.gz's really *should* be the same as the upstream tarball.
> Convince upstream to remove them.
It is good to ask upstream, but I don't think we can require a DD to
convince upstream!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Russ Allbery 2004-09-02, 6:55 pm |
| Stephen Frost <sfrost@snowman.net> writes:
> Which is a terrible practice and shouldn't be done in general. The
> .orig.tar.gz's really *should* be the same as the upstream tarball.
> Convince upstream to remove them.
Is there some sort of document or guide or the like about this issue? I
maintain a software package that currently includes an RFC (RFC 1413) and
we package it for Debian already internally at Stanford and hopefully
eventually will have it in the main archive as well, since it's of more
general use. I'd be happy to deal with this proactively.
Are all RFCs non-free? Only some after a particular date or with
particular statements in them? I'm assuming the issue is that no explicit
right to modification is granted in the RFC itself?
Is there a recommended metric for how long a document needs to be before
one should be concerned with the license on the document when including it
in the upstream tarball? (For example, some software packages include
Usenet posts or e-mail exchanges about the history of the package, or
various documents about the design or future plans that don't have any
explicit license.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Thomas Bushnell BSG 2004-09-02, 6:55 pm |
| Russ Allbery <rra@stanford.edu> writes:
> Are all RFCs non-free? Only some after a particular date or with
> particular statements in them? I'm assuming the issue is that no explicit
> right to modification is granted in the RFC itself?
Nearly all of them are non-free because they do not permit
modification, on the mistaken theory that this is necessary for
standards documents.
It's not an oversight....the RFC editors have made a careful and
deliberate (even if incorrect) decision.
There may be exceptions for particular RFCs, of course, but this is
the general rule, and IIRC, it is rigidly applied in the case of
internet standards RFCs.
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Stephen Frost 2004-09-02, 6:55 pm |
| * Russ Allbery (rra@stanford.edu) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
>
> Is there some sort of document or guide or the like about this issue? I
> maintain a software package that currently includes an RFC (RFC 1413) and
> we package it for Debian already internally at Stanford and hopefully
> eventually will have it in the main archive as well, since it's of more
> general use. I'd be happy to deal with this proactively.
Glad to hear it.
> Are all RFCs non-free? Only some after a particular date or with
> particular statements in them? I'm assuming the issue is that no explicit
> right to modification is granted in the RFC itself?
It's the statements in them, yes. Saying all RFCs isn't really
accurate, though alot of them use this license:
-------------------------------------------------------------
9. Full Copyright Statement
Copyright (C) The Internet Society (1998). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-------------------------------------------------------------
I didn't do more than a cursory check, but 30 out of 32 RFCs in the
OpenLDAP package include this "The Internet Society" copyright statement
and they look reasonably similar. The other two don't have copyright
statements but do say: "Distribution of this memo is unlimited."
AIUI, in both cases the work is not considered DFSG-free.
> Is there a recommended metric for how long a document needs to be before
> one should be concerned with the license on the document when including it
> in the upstream tarball? (For example, some software packages include
> Usenet posts or e-mail exchanges about the history of the package, or
> various documents about the design or future plans that don't have any
> explicit license.)
This is difficult to judge. I don't know of any recommended metrics
beyond attempting to gauge risk. Is it likely the Usenet post or e-mail
author would sue SPI for considering those works DFSG-free and treating
them as such? Not very likely given the source and that they wouldn't
be likely to win, imv. Of course, there's only two ways to CYA for
sure- contact the author and get a statement, or remove the work.
Personally, I actually did this for OpenLDAP and went through all of the
files and received clarification from current OpenLDAP upstream, as well
as some of the individual authors, regarding the works. I havn't
specifically asked them to remove the RFCs yet, but it's certainly
something I'm planning on doing, along w/ the libnss-ldap upstream.
Been kind of busy lately. 
A few notes- I am not a lawyer and this is not intended to be legal
advice. If you're really concerned about what you're distributing,
contact your lawyer.
Thanks,
Stephen
| |
| Thomas Bushnell BSG 2004-09-02, 6:55 pm |
| Stephen Frost <sfrost@snowman.net> writes:
> I didn't do more than a cursory check, but 30 out of 32 RFCs in the
> OpenLDAP package include this "The Internet Society" copyright statement
> and they look reasonably similar. The other two don't have copyright
> statements but do say: "Distribution of this memo is unlimited."
That phrase isn't actually a copyright license; it's a declaration
that the RFC isn't classified. Because the Internet protocols were
originally done under the aegis of the Defense Advanced Research
Projects Agency, it was necessary to mark such things as not
classified, and that's done with the phrase in question.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Stephen Frost 2004-09-02, 6:55 pm |
| * Thomas Bushnell BSG (tb@becket.net) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
>
> That phrase isn't actually a copyright license; it's a declaration
> that the RFC isn't classified. Because the Internet protocols were
> originally done under the aegis of the Defense Advanced Research
> Projects Agency, it was necessary to mark such things as not
> classified, and that's done with the phrase in question.
Ah, alright, well, my initial comment of 'no copyright statement' is
correct then. If the RFC was actually written by the US Gov't it's
possible that it's actually in the public domain.. Even so though,
probably be best to not distribute such unless we're sure.
Stephen
| |
| Thomas Bushnell BSG 2004-09-02, 6:55 pm |
| Stephen Frost <sfrost@snowman.net> writes:
>
> Ah, alright, well, my initial comment of 'no copyright statement' is
> correct then. If the RFC was actually written by the US Gov't it's
> possible that it's actually in the public domain.. Even so though,
> probably be best to not distribute such unless we're sure.
Case by case here. And the Internet Society is against modification,
whether it's actually legally permitted or not, so it may be hard to
get a straight answer.
But, since RFCs are available elsewhere always, it's easier to just
not distribute them. We get the stupid thing of having N different
packages in debian that all put RFC 822 in /usr/share/doc.
Pointless.
In my opinion, we should have a Policy statement that prohibits
putting RFCs in /usr/share/doc, and we can have an rfc package that
includes the ones that we can distribute and that people want.
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Russ Allbery 2004-09-02, 6:55 pm |
| Thomas Bushnell BSG <tb@becket.net> writes:
> But, since RFCs are available elsewhere always, it's easier to just not
> distribute them. We get the stupid thing of having N different packages
> in debian that all put RFC 822 in /usr/share/doc. Pointless.
> In my opinion, we should have a Policy statement that prohibits putting
> RFCs in /usr/share/doc, and we can have an rfc package that includes the
> ones that we can distribute and that people want.
Sure. Not installing RFCs is easy. What's harder is omitting them from
the upstream .orig.tar.gz files, as that isn't particularly "natural" to
do using the common packaging tools and techniques.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Thomas Bushnell BSG 2004-09-02, 6:55 pm |
| Russ Allbery <rra@stanford.edu> writes:
> Thomas Bushnell BSG <tb@becket.net> writes:
>
>
>
> Sure. Not installing RFCs is easy. What's harder is omitting them from
> the upstream .orig.tar.gz files, as that isn't particularly "natural" to
> do using the common packaging tools and techniques.
Right indeed; I was confusing two separate issues. (And there are
already the relevant doc-rfc* packages.)
So the answer is: the RFCs with the standard Internet Society
copyright are non-free, because they prohibit modification. Other
RFCs might or might not be; it's a case-by-case thing. And the
"distribution is unlimited" notice means "this is not classified", and
doesn't really address copyright. Particular cases should be
discussed on debian-legal as usual.
The .orig.tar.gz file *must* be entirely DFSG free; one way is to
create a new tarball with ".dfsg" after the version number (as is now
done with the X source).
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| John Hasler 2004-09-02, 6:55 pm |
| Stephen Frost writes:
> Ah, alright, well, my initial comment of 'no copyright statement' is
> correct then. If the RFC was actually written by the US Gov't it's
> possible that it's actually in the public domain..
If the work was written by the US Government it is certainly (effectively)
in the public domain. It is also in the public domain if it was published
before March 1 1989 without a copyright notice.
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Thomas Bushnell BSG 2004-09-02, 6:55 pm |
| John Hasler <john@dhh.gt.org> writes:
> Stephen Frost writes:
>
> If the work was written by the US Government it is certainly (effectively)
> in the public domain. It is also in the public domain if it was published
> before March 1 1989 without a copyright notice.
Yeah, but there are lots of things which are joint research projects
and the non-US-Government piece owns copyright. And, in fact, DARPA
is responsible for many such projects.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Frank Küster 2004-09-02, 6:55 pm |
| Stephen Frost <sfrost@snowman.net> schrieb:
> * Graham Wilson (bob@decoy.wox.org) wrote:
>
> Which is a terrible practice and shouldn't be done in general. The
> .orig.tar.gz's really *should* be the same as the upstream tarball.
> Convince upstream to remove them.
I agree, but there may be circumstances where this isn't
feasible. Besides an unwilling upstream, one example is that upstream is
just preparing a new major release, and has essentially stopped
development of the current stable release.=20
This is the case with teTeX - 3.0 will come out approximately when sarge
is released (i.e. when it's ready ;-)), and there won't be any changes
to the 2.0.2.orig.tar.gz from upstream. This is why we have a 2.0.2b in
unstable, and hopefully in sarge soon.
Regards, Frank
--=20
Frank K=FCster, Biozentrum der Univ. Basel
Abt. Biophysikalische Chemie
|
|
|
|
|