Bug 198830 (libmodelfile)

Summary: Review Request: libmodelfile - library for accessing WorldForge model files
Product: [Fedora] Fedora Reporter: Wart <wart>
Component: Package ReviewAssignee: Christopher Stone <chris.stone>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Package Reviews List <fedora-package-review>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: alriddoch, che666
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-21 05:53:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 163779, 198839    

Description Wart 2006-07-13 22:44:34 UTC
Spec URL: http://www.kobold.org/~wart/fedora/libmodelfile.spec
SRPM URL: http://www.kobold.org/~wart/fedora/libmodelfile-0.1.92-1.src.rpm
Description: 
This library is a collection of small clean C libraries for loading 3D
models of various file formats. So far the range of model formats is limited to what is needed by WorldForge client applications.

Comment 1 Ralf Corsepius 2006-07-14 04:18:12 UTC
Some comments:

*-devel is missing "Requires: pkgconfig"

But ... I am having a problem with this package's licence.

You spec says "GPL", the tarball contains a copy of the GPL's COPYING, but the
sources say:

 * Permission is granted to anyone to use this software for any purpose,
 * including commercial applications, and to alter it and redistribute it
 * freely, subject to the following restrictions:
 *
 * 1. The origin of this software must not be misrepresented; you must not
 *    claim that you wrote the original software. If you use this software
 *    in a product, an acknowledgment in the product documentation would be
 *    appreciated but is not required.
 * 2. Altered source versions must be plainly marked as such, and must not be
 *    misrepresented as being the original software.
 * 3. This notice may not be removed or altered from any source distribution.

In my understanding, §1 and §3 are non critical, but §2 could be read a imposing
additional constraits, i.e. as violation of the GPL, which would render shipping
this package under the GPL impossible.

Comment 2 Christopher Stone 2006-07-14 06:58:31 UTC
- rpmlint output:
W: libmodelfile-devel no-documentation

okay to ignore, I dont see any docs that should go in devel

- package named according to package naming guidelines
- spec filename matches base package %{name}
- package meets packaging guidelines
- license tag in spec file is open source compatible
- license matches upstream license
- licnese included in %doc
- spec file written in American english
- spec file is legible
- source matches upstream
53ded1963cc863d0fabba4f0fb4ef2db  libmodelfile-0.1.92.tar.gz
- package successfully compiles and builds on x86_64 FC-5
- All build dependencies listed in BuildRequires
- package does not contain locales
- package properly uses %post/%postun ldconfig
- package is not relocatable
- package owns all directories it creates
- package does not contain duplicate files
- file permissions are set properly
- package has proper %clean section
- macro usage is consistant
- package contains permissible content
- package does not contain large documentation
- files in %doc do not affect runtime
- header files are in devel package
- pkgconfig files are in devel package
- libraries w/o suffix are in devel
- devel require base package
- package does not contain .la files
- package is not a GUI needing a .desktop file
- package does not own files or directories owned by other packages


==== MUST ====
- Add Requires: pkgconfig to devel package
- make check should have %{?_smp_mflags}
- Why are you using find to remove .la files?  Why not just specifically state
which ones you are removing?  And you dont BR findutils but you sholdnt anyway
because you shouldnt be using find.
- I could not get source package from Source URL, I had to use:
http://dl.sourceforge.net/sourceforge/worldforge/libmodelfile-0.1.92.tar.gz
(not sure why) But Source0 should be updated accordingly
- Summary contains "acessing" which is not an english word
- Why is group System Environment/Libraries instead of Development/Libraries?
- Have you tested this in FC4? If you plan to support FC4 please test,
BuildRequires might be different (might need xorg-x11-devel or something)

Comment 3 Hans de Goede 2006-07-19 07:52:49 UTC
(In reply to comment #1)
> But ... I am having a problem with this package's licence.
> 
> You spec says "GPL", the tarball contains a copy of the GPL's COPYING, but the
> sources say:
> 
>  * Permission is granted to anyone to use this software for any purpose,
>  * including commercial applications, and to alter it and redistribute it
>  * freely, subject to the following restrictions:
>  *
>  * 1. The origin of this software must not be misrepresented; you must not
>  *    claim that you wrote the original software. If you use this software
>  *    in a product, an acknowledgment in the product documentation would be
>  *    appreciated but is not required.
>  * 2. Altered source versions must be plainly marked as such, and must not be
>  *    misrepresented as being the original software.
>  * 3. This notice may not be removed or altered from any source distribution.
> 
> In my understanding, §1 and §3 are non critical, but §2 could be read a imposing
> additional constraits, i.e. as violation of the GPL, which would render shipping
> this package under the GPL impossible.


Yes, all sources carry this copyright header, right above the quoted text they say:
/* Copyright (C) 2004 Alistair Riddoch <alriddoch>

This goes for all sources, this is also the only name in the AUTHORS file, so
luckily this seems a one man project. Ask him to make up his mind, or put a
clear copyright notice somewhere that the code is dual licensed under both the
GPL and the license in the code.


Comment 4 Alistair Riddoch 2006-08-24 15:19:22 UTC
Sorry about the clash. This is the first and only package I have distributed
which is not under the GPL, so I screwed up. The wording was intended to be GPL
compatable, but still allow essentially unrestricted commercial use. I will
re-word the copyright statement in the code, and release a new version without
any reference to the GPL.


Comment 5 Alistair Riddoch 2006-08-24 15:53:24 UTC
After re-reading the thread, I am no longer exactly clear what is wrong with
clause 2. Can someone suggest a minimal wording for requiring that source
changes are marked as such, while keeping compatable with the wordier
requirements in the GPL?

Comment 7 Wart 2006-08-28 21:44:28 UTC
(In reply to comment #2)

> ==== MUST ====

> - I could not get source package from Source URL, I had to use:
> http://dl.sourceforge.net/sourceforge/worldforge/libmodelfile-0.1.92.tar.gz
> (not sure why) But Source0 should be updated accordingly

I've had mixed results using the various different forms of SF download URLs.
It all depends on which mirror you happen to hit when you download the file.

> - Have you tested this in FC4? If you plan to support FC4 please test,
> BuildRequires might be different (might need xorg-x11-devel or something)

I don't plan to support FC4 or FC5 for any of the WorldForge packages.

Comment 8 Hans de Goede 2006-09-20 19:40:41 UTC
By mail Wart wrote:
"Hi Ralf, Hans,

In the review for libmodelfile
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198830), you
mention that the package's license conflicts with the included GPL license.

The upstream author is willing to make the necessary changes, but has
asked for clarification via bugzilla because he (nor I) are able to see
exactly where the conflict arises.  Ralf, you mention that section 2 of
the source file licenses conflict with the GPL, but when I read section
2a of the GPL, I don't see this as a conflict.

Could either of you follow up in the BZ report and clarify where exactly
the conflict is, and what needs to be done to resolve it?  Even though
the package has already been FE_APPROVE'd, I'd rather not import it
until this has been sorted out.

Thanks!

--Wart"


I see your point, I guess they are compatible then Ralf, do you agree? Still it
would be better /clearer / 100% sure if the copyright header could be changed to:

/* Copyright (C) 2004 Alistair Riddoch <alriddoch>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or   
 * (at your option) any later version.
 *
 * Or (at your option) you can redistribute it and/or modify
 * it under the terms below instead of the terms of the GNU GPL:
 *
 * Permission is granted to anyone to use this software for any purpose,
 * including commercial applications, and to alter it and redistribute it
 * freely, subject to the following restrictions:
 *
 * 1. The origin of this software must not be misrepresented; you must not
 *    claim that you wrote the original software. If you use this software
 *    in a product, an acknowledgment in the product documentation would be
 *    appreciated but is not required.
 * 2. Altered source versions must be plainly marked as such, and must not be
 *    misrepresented as being the original software.
 * 3. This notice may not be removed or altered from any source distribution.

Another alternative would be to remove the GPL text from the tarbal. The current
problem isn't as much the copyright header / the license in the copyright
header, as it is that the tarbal contains the GPL text in the COPYING file, but
makes no other reference to the GPL, making the status of the software a bit
unclear.


Comment 9 Ralf Corsepius 2006-09-21 01:15:02 UTC
(In reply to comment #8)

> In the review for libmodelfile
> (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198830), you
> mention that the package's license conflicts with the included GPL license.
> 
> The upstream author is willing to make the necessary changes, but has
> asked for clarification via bugzilla because he (nor I) are able to see
> exactly where the conflict arises.  Ralf, you mention that section 2 of
> the source file licenses conflict with the GPL, but when I read section
> 2a of the GPL, I don't see this as a conflict.
>
> I see your point, I guess they are compatible then Ralf, do you agree? 

Well, the author's sources apply a license which is not the GPL. He licenses
them under a different license model => His sources are not GPL'ed.

Judging if his work can be shipped under a "GPL umbrella" probably would require
a lawyer. As I originally said, I see a potential incompatibility between the
GPL and paragraph 2 of his license:
"2. Altered source versions must be plainly marked as such, and must not be
 misrepresented as being the original software."


Comment 10 Wart 2006-09-21 01:29:03 UTC
Ok, so here's what I'm going to do:

Since both the GPL and the other license text are both fedora-acceptable, I'm
going to list the License in the spec file as "Distributable" for now.  Once a
new set of sources are released that contain a single licensing text, then I'll
change the License tag appropriately.

Comment 11 Wart 2006-09-21 05:53:35 UTC
Imported and built.  Thanks for the review!