[vox-tech] [OT] The AFPL (was: some PDF problems: screen and print rendering do not match)

Rick Moen rick at linuxmafia.com
Wed Aug 11 12:16:23 PDT 2004


Quoting Peter Jay Salzman (p at dirac.org):

> You were probably wondering why I railed against Debian legal.  It
> probably looked like it came form left field.   :)
> 
> I just learned a few days ago that the Linux Gamers' HOWTO and Debian
> Jigdo HOWTO were moved into doc-linux-nonfree because they're released
> under the OSL, and the OSL has been declared non-free by Debian.

I've been vaguely aware that the entire Debian-docs situation has been
going slightly nutso.  Unfortunately, I've been too busy to wade
hip-deep into debian-legal and try to argue -- as that can eat your life.

> When I asked for an explanation, the Debian LDP Maintainers pointed me
> to this web page:
> 
>    http://www.debian.org/legal/licenses/dls-007-osl
> 
> which looks about as official as anything can get!

And yet it's not.

A lot of people have been fooled by such things -- possibly including
the aforementioned Debian LDP maintainers.  Those pages are posted by (I
believe) Barak A. Perlmutter, and are HTML regurgitations of on-list posted
summaries by Jeremy Hankins (and perhaps others).  The summaries, in
turn, are agglutinations of the views of, well, _everyone and anyone_
who posted an opinion to debian-legal.  (Which gets me back to the
earlier point about featherless bipeds.)

So, you -- and the Debian LDP maintainers -- should be asking yourself:
At what point, and by what mechanism, did those become the official view
of the Debian Project and binding upon Debian developers?  The answer is:  
Never, and by no mechanism at all.  It's just a Web page.

At some point, you're likely to also come across
http://wiki.debian.net/index.cgi?DFSGLicences , maintained by Joachim
Breitner.  It has no official sanction whatsoever.  Again, just a Web
page.

You might want to point that out to the Debian LDP maintainers, and 
suggest that they re-read the Debian Constitution
(http://www.debian.org/devel/constitution), especially section 2:

   Each decision in the Project is made by one or more of the following:

   1. The Developers, by way of General Resolution or an election;
   2. The Project Leader;
   3. The Technical Committee and/or its Chairman;
   4. The individual Developer working on a particular task;
   5. Delegates appointed by the Project Leader for specific tasks.
   6. The Project Secretary;

See "debian-legal", let alone "some guy with write access to a /legal
directory on the Debian Web site" in that list?  I don't.  Can you find
a General Resolution, a decision of the Project Leader, or a decision by
one of his delegates, making its contents binding on developers?  I
can't.

It's just a Web page that states (note!) neither who created it nor what
if anything its authority is, creating the impression among many that it's,
in your words, "as official as anything can get".  Personally, I think
that's a little shady, given that -- to the best of my knowledge -- the
answers to those questions are "just some developer" and "no authority".



In fact, let's step back to the big picture, and do an overview of "who
makes decisions for Debian".  (I'm cribbing from a post I made on this 
same subject to the LDP's general-discussion mailing list.  Sorry about
length.)


Ultimately, the Debian Project consists of its 1000+ recognised                 
developers as a theoretical committee of the whole, but, starting in            
1998 they adopted a Debian Constitution
(http://www.debian.org/devel/constitution), now amended to version 1.3.
The Constitution provides that decisions shall be made by the Project
Leader (elected for one-year terms by the developers), a Project
Secretary (appointed for one-year terms by the Project Leader and the           
sitting Project Secretary), Delegates appointed by the Project Leader to        
be in charge of powers and decisions delegated by the Leader, a
Technical Committee, and developers themselves.  Developers may act
through General Resolutions voted on by all developers of record.
Supermajorities are required to override the Technical Committee or amend       
the Constitution; otherwise, a majority is sovereign on any matter.

Here's the official archive of General Resolutions approved and turned
down:  http://www.debian.org/vote/  Unofficially, one can also find them
in Debian Weekly News's archive.

Developers are supposed to be guided by the New Maintainer's Guide and          
the Debian Policy Manual (http://www.debian.org/doc/debian-policy/).
The latter's maintained by members of the Debian Policy mailing list,
charge with updating it for Technical Committee decisions, etc.  On
licensing, it says (section 2.2 et seq.):                                       
                                                                                
   Every package in main and non-US/main must comply with the DFSG              
   (Debian Free Software Guidelines).  [...]   [and]
   must meet all policy requirements presented in this manual.
   [...]

   Every package in contrib and non-US/contrib must comply with the
   DFSG.   [...]  [and]  must meet all policy requirements presented in
   this manual.
   [...]

   When in doubt about a copyright, send mail to
   debian-legal at lists.debian.org. Be prepared to provide us with the
   copyright statement.

So, the answer to my question (and yours) appears to be that any                
material being considered for inclusion in one of the Debian collections        
will be scrutinised for DFSG-freeness by the individual package                 
maintainer responsible for it, and he alone gets to decide that
question, but is encouraged to seek advice from the membership of
debian-legal if he's in doubt.

Accordingly, I doubt there's such thing as a definitive list of
DFSG-free licences; I have to wonder about the authority of any that are        
claimed to exist.


As a matter of process, if a maintainer makes an erroneous                
judgement call, anyone else can (and does!) file a bug report (in the           
public Bug Tracking System, http://bugs.debian.org/) against the package        
for Policy non-compliance, and any Debian developer can then take action        
to fix the bug.  E.g., if the maintainer is being truculent (or ignoring        
the problem), one of his peers could conceivably do an NMU, a                   
non-maintainer upload, to fix the problem.                                      
                                                                                
I suppose any intractible dispute would get escalated to the Technical          
Committee.                                                                      
                                                                                
It seems to work fairly well.  I once noticed a licensing conflict within       
the Securing Debian Manual, and politely raised it as a question on             
debian-legal.  Developer Brandon Robinson confirmed my analysis and             
suggested I file a bug in the BTS.  I did, and the maintainer fixed it          
in about a day.       



> If I were to argue with their four points, it would be along the lines
> of:
 
[snip analysis of those points]

You might further add that their assumption that a Web page is the
"decision of debian-legal", or that a "decision of debian-legal" would
have any force whatsoever, even if it did exist -- is simply false.

> You make some very good arguments, and I agree with you completely.  The
> key issue is: "there are details and ramifications".  Exactly where that
> boundary lies between free and non-free is really what the whole thing
> is about.

Fortunately, despite individual "I don't like that licence" peeves,
there's broad consensus at pretty much exactly where the OSD draws the
line.  Even though:

> Theo de Raadt would probably say that the GPL has freedom issues.

There's always been an honourable dissent within our camp that holds
that the GPL and other copyleft licences don't grant enough freedom to
developers for their taste.  Thus the OpenBSD Foundation's decision to
jettison and recode from scratch all GPLed code in Björn Grönvall's
ossh fork-and-update of Ylönen's SSH v. 1.2.12 (the last free version of
the latter package), when they created OpenSSH based on Grönvall's
codebase.

Only certain... um... characters (***cough*** Brett Glass ***cough***)
purporting to be BSD types suggest that copyleft licensing isn't merely 
not their cup of tea, but actually proprietary.  I've heard Brian
Behlendorf, for example, say that he doesn't like the GPL and doesn't
consider it free enough for his code, but he still backs the OSD.

On the other hand, if it _is_ true that Theo holds the view you
indicate, I figure I can live with that.  ;->

> We would say there are freedom issues with the advertising clause in
> older BSD style licenses.

Er....

The issues with 4-clause BSD are (1) GPL-incompatibility (annoying to
many, but not the BSD coder's problem) and (1) vexing accumulation of
credits over time that by the time of 4.4BSD had reached ludicrous
proportions in (e.g.) print ads.

There aren't really "freedom issues".

> Ballmer calling the GPL a "viral license" gets laughed at.  And
> rightfully so.  But objectively, I can see how an opponent to OSS can
> make that unflattering (and in Ballmer's case, ironic) claim.

No, that term is polemical and distortive, because it connotes the
suggestion that the licence "infects" other codebases, which is a flat
impossibility by the plain language of copyright law.  The most that can
happen is that a derivative work might not be lawfully redistributable, 
as violating the GPL codebase owner's copyright.  There is absolutely 
no mechanism whatsoever that the other codebase can come forcibly under
GPL terms, against the owner's wishes.

The (frequent) suggestion to the contrary reflects either gross
ignorance of copyright law or propagandistic intent in defiance of the
facts.

> I still feel pretty self conscious about the irony of the Debian Jigdo
> HOWTO being non-free, so I'm a little tender on this issue.

I'd be glad to help you wield a cluebat in the Debian LDP maintainers'
direction.  I'm just not sure how.

-- 
Cheers,                        My pid is Inigo Montoya.  You kill -9    
Rick Moen                      my parent process.  Prepare to vi.
rick at linuxmafia.com


More information about the vox-tech mailing list