Bug 1713604 - Review Request: onvifviewer - Network camera viewer
Summary: Review Request: onvifviewer - Network camera viewer
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
 
Reported: 2019-05-24 08:49 UTC by Casper Meijn
Modified: 2020-08-25 19:33 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---


Attachments (Terms of Use)

Description Casper Meijn 2019-05-24 08:49:03 UTC
Spec URL: https://copr-be.cloud.fedoraproject.org/results/caspermeijn/ONVIFViewer/fedora-rawhide-x86_64/00915058-onvifviewer/onvifviewer.spec
SRPM URL: https://copr-be.cloud.fedoraproject.org/results/caspermeijn/ONVIFViewer/fedora-rawhide-x86_64/00915058-onvifviewer/onvifviewer-0.10-1.fc31.src.rpm
Description: The goal of this project is to replace the proprietary app that was needed to 
configure and view my IP camera. The ONVIF protocol can be used to view and 
configure many types of camera's and is a open standard that can be implemented 
using standard SOAP libraries. Using Qt5 for the back-end and Kirigami UI 
framework makes this application a cross-platform solution.
Fedora Account System Username: caspermeijn


There are two things that I am not sure of:
* The source files related to the ONVIF protocol may be distributed, but not modified. Is this allowed in the source package? Does this need to be stated in the spec file? Does this change the license of the binary (and with that the License field)?
* The tests in the package require a X server. Is this possible during a rpmbuild? Is it useful to run these tests?
Thanks in advance.

Comment 1 Robert-André Mauchin 🐧 2019-06-06 14:38:59 UTC
 - Not needed:

rm -rf %{buildroot}

>The tests in the package require a X server. Is this possible during a rpmbuild? Is it useful to run these tests?

You could try running them with xvfb-run, not sure it will work.

> The source files related to the ONVIF protocol may be distributed, but not modified. Is this allowed in the source package? Does this need to be stated in the spec file? Does this change the license of the binary (and with that the License field)?

I'm not sure, asking FE-Legal opinion on this

Comment 2 Tom "spot" Callaway 2019-06-06 16:08:20 UTC
Ugh, this is complicated. I'm going to have to discuss this internally. Please hold on doing anything with this package for the time being.

Comment 3 Casper Meijn 2019-08-24 20:21:05 UTC
Can I do anything for this or do I just have to wait?

Comment 4 Robert-André Mauchin 🐧 2020-08-25 15:51:52 UTC
I sent a mail to Legal to see if they can give a definitive opinion.

Comment 5 Ben Cotton 2020-08-25 17:36:35 UTC
> * The source files related to the ONVIF protocol may be distributed, but not modified. 

Can you clarify which files you're talking about? Looking through the GitLab repo, I only see GPL and CC 0 licenses in use.

Comment 6 Casper Meijn 2020-08-25 18:10:05 UTC
It is about the files in 3rdparty/wsdl directory. These files are come from different domains/companies and therefore they have different licenses, but in my non-legal view they are similar. I could compile a list of these licenses if that is useful. Following is an example of these licenses from 3rdparty/wsdl/www.onvif.org/ver10/device/wsdl/devicemgmt.wsdl:

> Copyright (c) 2008-2017 by ONVIF: Open Network Video Interface Forum. All rights reserved.
> 
> Recipients of this document may copy, distribute, publish, or display this document so long as this copyright notice, license and disclaimer are retained with all copies of the document. No license is granted to modify this document.
> 
> THIS DOCUMENT IS PROVIDED "AS IS," AND THE CORPORATION AND ITS MEMBERS AND THEIR AFFILIATES, MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THIS DOCUMENT ARE SUITABLE FOR ANY PURPOSE; OR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
> IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT, WHETHER OR NOT (1) THE CORPORATION, MEMBERS OR THEIR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (2) SUCH DAMAGES WERE REASONABLY FORESEEABLE, AND ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT.  THE FOREGOING DISCLAIMER AND LIMITATION ON LIABILITY DO NOT APPLY TO, INVALIDATE, OR LIMIT REPRESENTATIONS AND WARRANTIES MADE BY THE MEMBERS AND THEIR RESPECTIVE AFFILIATES TO THE CORPORATION AND OTHER MEMBERS IN CERTAIN WRITTEN POLICIES OF THE CORPORATION.

Comment 7 Ben Cotton 2020-08-25 18:36:03 UTC
Thanks! I'll follow up with Legal and see if I can figure out what the specific issue is.

Comment 8 Bryan Sutula 2020-08-25 18:39:33 UTC
"Open Source" licenses need the permission to modify the work and create derivative works.  That's why these types of licenses aren't considered "open source".

Just a thought...as you review the specific files and licenses, if these "non-open-source" licenses apply only to documents, could you simply remove the document files from the package?

Comment 9 Casper Meijn 2020-08-25 18:45:21 UTC
(In reply to Bryan Sutula from comment #8)
> "Open Source" licenses need the permission to modify the work and create
> derivative works.  That's why these types of licenses aren't considered
> "open source".
> 
> Just a thought...as you review the specific files and licenses, if these
> "non-open-source" licenses apply only to documents, could you simply remove
> the document files from the package?

The WSDL files are used to generate code for parsing and creating ONVIF messages, so they can't be removed from the package.

Comment 10 Robert-André Mauchin 🐧 2020-08-25 19:08:11 UTC
>The issue here (at least the only one I'm aware of) was that the
>package contains WSDL files that are nominally under a license that
>does not meet Fedora's policy on acceptable licenses.
>
>The default conclusion here should be that the package is not
>acceptable for Fedora. However, if you or anyone else would like to
>provide an explanation of how these files are used in this package,
>that might support a different conclusion. I do not really have the
>bandwidth to look into this myself.
>
>Richard

>The WSDL files are used to generate code for parsing and creating ONVIF 
>messages, so they can't be removed from the package.

Does the WSDL files end up up in the binary package or are they only needed at build time? Try to answer Richard's message on the legal ML.

Comment 11 Casper Meijn 2020-08-25 19:33:35 UTC
(In reply to Robert-André Mauchin 🐧 from comment #10) 
> Does the WSDL files end up up in the binary package or are they only needed
> at build time? Try to answer Richard's message on the legal ML.

The WSDL files are the interface specification and they are only used for the RPC interface to the ONVIF camera. This information is required to implement the ONVIF protocol correctly. The function names and structures in the WSDL will be used to generate RPC interface code. The WSDL files itself is not included in the binary, but they are used to generate code that is going into the binary.


Note You need to log in before you can comment on or make changes to this bug.