Bug 198830 (libmodelfile)
Summary: | Review Request: libmodelfile - library for accessing WorldForge model files | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Wart <wart> |
Component: | Package Review | Assignee: | Christopher Stone <chris.stone> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Package Reviews List <fedora-package-review> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | alriddoch, che666 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-09-21 05:53:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 163779, 198839 |
Description
Wart
2006-07-13 22:44:34 UTC
Some comments: *-devel is missing "Requires: pkgconfig" But ... I am having a problem with this package's licence. You spec says "GPL", the tarball contains a copy of the GPL's COPYING, but the sources say: * Permission is granted to anyone to use this software for any purpose, * including commercial applications, and to alter it and redistribute it * freely, subject to the following restrictions: * * 1. The origin of this software must not be misrepresented; you must not * claim that you wrote the original software. If you use this software * in a product, an acknowledgment in the product documentation would be * appreciated but is not required. * 2. Altered source versions must be plainly marked as such, and must not be * misrepresented as being the original software. * 3. This notice may not be removed or altered from any source distribution. In my understanding, §1 and §3 are non critical, but §2 could be read a imposing additional constraits, i.e. as violation of the GPL, which would render shipping this package under the GPL impossible. - rpmlint output: W: libmodelfile-devel no-documentation okay to ignore, I dont see any docs that should go in devel - package named according to package naming guidelines - spec filename matches base package %{name} - package meets packaging guidelines - license tag in spec file is open source compatible - license matches upstream license - licnese included in %doc - spec file written in American english - spec file is legible - source matches upstream 53ded1963cc863d0fabba4f0fb4ef2db libmodelfile-0.1.92.tar.gz - package successfully compiles and builds on x86_64 FC-5 - All build dependencies listed in BuildRequires - package does not contain locales - package properly uses %post/%postun ldconfig - package is not relocatable - package owns all directories it creates - package does not contain duplicate files - file permissions are set properly - package has proper %clean section - macro usage is consistant - package contains permissible content - package does not contain large documentation - files in %doc do not affect runtime - header files are in devel package - pkgconfig files are in devel package - libraries w/o suffix are in devel - devel require base package - package does not contain .la files - package is not a GUI needing a .desktop file - package does not own files or directories owned by other packages ==== MUST ==== - Add Requires: pkgconfig to devel package - make check should have %{?_smp_mflags} - Why are you using find to remove .la files? Why not just specifically state which ones you are removing? And you dont BR findutils but you sholdnt anyway because you shouldnt be using find. - I could not get source package from Source URL, I had to use: http://dl.sourceforge.net/sourceforge/worldforge/libmodelfile-0.1.92.tar.gz (not sure why) But Source0 should be updated accordingly - Summary contains "acessing" which is not an english word - Why is group System Environment/Libraries instead of Development/Libraries? - Have you tested this in FC4? If you plan to support FC4 please test, BuildRequires might be different (might need xorg-x11-devel or something) (In reply to comment #1) > But ... I am having a problem with this package's licence. > > You spec says "GPL", the tarball contains a copy of the GPL's COPYING, but the > sources say: > > * Permission is granted to anyone to use this software for any purpose, > * including commercial applications, and to alter it and redistribute it > * freely, subject to the following restrictions: > * > * 1. The origin of this software must not be misrepresented; you must not > * claim that you wrote the original software. If you use this software > * in a product, an acknowledgment in the product documentation would be > * appreciated but is not required. > * 2. Altered source versions must be plainly marked as such, and must not be > * misrepresented as being the original software. > * 3. This notice may not be removed or altered from any source distribution. > > In my understanding, §1 and §3 are non critical, but §2 could be read a imposing > additional constraits, i.e. as violation of the GPL, which would render shipping > this package under the GPL impossible. Yes, all sources carry this copyright header, right above the quoted text they say: /* Copyright (C) 2004 Alistair Riddoch <alriddoch> This goes for all sources, this is also the only name in the AUTHORS file, so luckily this seems a one man project. Ask him to make up his mind, or put a clear copyright notice somewhere that the code is dual licensed under both the GPL and the license in the code. Sorry about the clash. This is the first and only package I have distributed which is not under the GPL, so I screwed up. The wording was intended to be GPL compatable, but still allow essentially unrestricted commercial use. I will re-word the copyright statement in the code, and release a new version without any reference to the GPL. After re-reading the thread, I am no longer exactly clear what is wrong with clause 2. Can someone suggest a minimal wording for requiring that source changes are marked as such, while keeping compatable with the wordier requirements in the GPL? Updated to address MUSTFIX items from comment #2: http://www.kobold.org/~wart/fedora/libmodelfile-0.1.92-2.src.rpm http://www.kobold.org/~wart/fedora/libmodelfile.spec (In reply to comment #2) > ==== MUST ==== > - I could not get source package from Source URL, I had to use: > http://dl.sourceforge.net/sourceforge/worldforge/libmodelfile-0.1.92.tar.gz > (not sure why) But Source0 should be updated accordingly I've had mixed results using the various different forms of SF download URLs. It all depends on which mirror you happen to hit when you download the file. > - Have you tested this in FC4? If you plan to support FC4 please test, > BuildRequires might be different (might need xorg-x11-devel or something) I don't plan to support FC4 or FC5 for any of the WorldForge packages. By mail Wart wrote: "Hi Ralf, Hans, In the review for libmodelfile (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198830), you mention that the package's license conflicts with the included GPL license. The upstream author is willing to make the necessary changes, but has asked for clarification via bugzilla because he (nor I) are able to see exactly where the conflict arises. Ralf, you mention that section 2 of the source file licenses conflict with the GPL, but when I read section 2a of the GPL, I don't see this as a conflict. Could either of you follow up in the BZ report and clarify where exactly the conflict is, and what needs to be done to resolve it? Even though the package has already been FE_APPROVE'd, I'd rather not import it until this has been sorted out. Thanks! --Wart" I see your point, I guess they are compatible then Ralf, do you agree? Still it would be better /clearer / 100% sure if the copyright header could be changed to: /* Copyright (C) 2004 Alistair Riddoch <alriddoch> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * Or (at your option) you can redistribute it and/or modify * it under the terms below instead of the terms of the GNU GPL: * * Permission is granted to anyone to use this software for any purpose, * including commercial applications, and to alter it and redistribute it * freely, subject to the following restrictions: * * 1. The origin of this software must not be misrepresented; you must not * claim that you wrote the original software. If you use this software * in a product, an acknowledgment in the product documentation would be * appreciated but is not required. * 2. Altered source versions must be plainly marked as such, and must not be * misrepresented as being the original software. * 3. This notice may not be removed or altered from any source distribution. Another alternative would be to remove the GPL text from the tarbal. The current problem isn't as much the copyright header / the license in the copyright header, as it is that the tarbal contains the GPL text in the COPYING file, but makes no other reference to the GPL, making the status of the software a bit unclear. (In reply to comment #8) > In the review for libmodelfile > (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198830), you > mention that the package's license conflicts with the included GPL license. > > The upstream author is willing to make the necessary changes, but has > asked for clarification via bugzilla because he (nor I) are able to see > exactly where the conflict arises. Ralf, you mention that section 2 of > the source file licenses conflict with the GPL, but when I read section > 2a of the GPL, I don't see this as a conflict. > > I see your point, I guess they are compatible then Ralf, do you agree? Well, the author's sources apply a license which is not the GPL. He licenses them under a different license model => His sources are not GPL'ed. Judging if his work can be shipped under a "GPL umbrella" probably would require a lawyer. As I originally said, I see a potential incompatibility between the GPL and paragraph 2 of his license: "2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software." Ok, so here's what I'm going to do: Since both the GPL and the other license text are both fedora-acceptable, I'm going to list the License in the spec file as "Distributable" for now. Once a new set of sources are released that contain a single licensing text, then I'll change the License tag appropriately. Imported and built. Thanks for the review! |