[Pkg-mono-devel] Moonlight Package Licensing
Jo Shields
directhex at apebox.org
Sat Apr 25 20:41:27 UTC 2009
Why am I only hearing about licensing concerns regarding a package I
maintain when reading about it on a personal attack website? I'd usually
think that a package's maintainer should be included in such
discussions, assuming you're interested in their input.
Please remember that debian-legal is an advice forum, and in no way has
a formal role regarding license compliance - that role belongs to
ftp-master.
>Firstly, there seems to be some inaccuracies on the Project's
>Debianwiki page
>(http://wiki.debian.org/Teams/DebianMonoGroup/Moonlight).
This page isn't guaranteed to be up to date or accurate - it was used
largely for discussion and collaboration whilst the package was being
prepared. The Debian Mono Group uses wiki pages for collaboration a fair
bit.
>The Moonlight licensing is described as consisting of MIT/X11, Ms-PL,
>and LGPL2.0-only; yet there are Cairo components in the source tree
>which are licensed under the dual licenses of the Mozilla Public
>License and the LGPLv2.1-only. There is no real conflict here (to my
>understanding), however, offering this code under any of the MIT/X11,
>Ms-PL, or LGPL2.0-only licenses relies upon the fact that the *MPL*
>permits "re-licensing" under more restrictive terms (the LGPLv2.1
>licensing of the Cairo code serves no purpose towards this end -- you
>can't re-license LGPLv2.1-only software except as GPL). The project
>page, as well as all of the appropriate sources' COPYING files, should
>reflect the nature of this re-licensing (the moonlight-mozilla-plugin
>provides the text of the Mozilla Public License but does not indicate
>the license's role in the package).
The license has zero role in the package - but rules state that licenses
need to be disclosed in debian/copyright for ALL source in a given
source tarball, whether that code is used in final binary packages or
not. The embedded copies of cairo and pixman are NOT used in the binary
packages. Nor is any Ms-PL source.
Moonlight 1.0 is a combination made by compiling LGPL2, GPL2 (ffmpeg),
and MIT/X11 together. The result is unambiguously GPL2. However, dumb as
it may seem, debian/copyright doesn't reveal a package's final compiled
binary license (only the source tree).
>Also in the same section, the Ms-PL is characterized as "a DFSG-free
>GPL3-compatible license from Microsoft which is essentially MIT with
>patent grants".
>
>The GPL3 compatibility claim contradicts the description given on
>GNU.org (http://www.gnu.org/philosophy/license-list.html) wherein it is
>stated, "This is a free software license; it has a copyleft that is not
>strong, but incompatible with the GNU GPL".
The description of Ms-PL from the FSF changed between when that wiki
page was written and now, with no obvious discussion involved. At the
time the page was written, it was marked as GPL3-compatible.
>I would neither contradict nor corroborate the DFSG-free claim for the
>Ms-PL, but note that there is no mention of the Ms-PL on Debianwiki's
>DFSG Licenses page (http://wiki.debian.org/DFSGLicenses). If I have
>missed wherein the discussion occurred over the compatibility of the
>Ms-PL with the Debian Free Software Guidelines, I should welcome the
>opportunity to read it.
I believe the first Ms-PL licensed source code in the archive was
IronPython - please refer to its packager and possibly the appropriate
ftpmaster (and the ITP bug, and so on) to read about it.
>More importantly, it seems rather inescapable that a Debian binary
>package is a collective work of the software that is included in that
>package. The licensing of that collective work must not conflict with
>the terms and conditions of the individual licenses of components of
>that package. The question is thus raised, what is the licensing for
>the Debian binary package of Moonlight?
GPL2. See above.
>As a final comment, and one more hypothetical in nature, the Ms-PL
>makes no distinction between derived and collective works and offers no
>exemption for "mere aggregation" (as does the General Public License).
>In lieu of such an exception, we are left with relying upon the
>interpretation of the courts as to what constitutes a derived or
>collected work of joint authorship under copyright law. Should a
>Ms-PL-licensed package be included with a Debian distribution, it may
>very well be argued that the entire distribution (a collective work)
>must be offered under licensing which "complies with" the Ms-PL -- any
>inclusion of code for which there is no patent grant could be construed
>as infringement of the copyrights of Ms-PLed code's author.
How likely does that REALLY seem to you? codeplex.com contains a lot of
Ms-PL source, and a lot of other licenses (including some non-Free
licenses). How likely does it seem that a "mere aggregation" like a code
website is actually licensing everything under one of its constituent
licenses, by accident? See also: Hanlon's Razor.
Regards.
--Jo Shields
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-mono-devel/attachments/20090425/bd209e86/attachment.pgp>
More information about the Pkg-mono-devel
mailing list