Bug 892111 - zeromq is non-free (licensed under AFPL) file included
zeromq is non-free (licensed under AFPL) file included
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: zeromq (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Thomas Spura
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-Legal
  Show dependency treegraph
 
Reported: 2013-01-05 04:00 EST by mejiko
Modified: 2013-02-01 08:18 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-23 11:09:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description mejiko 2013-01-05 04:00:54 EST
Hello.

zeromq included non-free files

Source RPM is "zeromq-2.1.11-1.fc17.src.rpm"


Files and Licenses:

Files:

zeromq-2.1.11/foreign/xmlParser/*

License: AFPL and BSD

But BSD license apply is "project specific". (see "zeromq-2.1.11/foreign/xmlParser/*" datails.)

Its non-free.



Suggests:

1. Remove non-free file and rebuild.
2. replace to fedora-free code. (e.g libxml)
3. Remove to fedora repos.

Thanks.


Reference:

https://www.gnu.org/licenses/license-list.html#NonFreeSoftwareLicense
http://artifex.com/downloads/doc/Public.htm
https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Bad_Licenses
Comment 1 mejiko 2013-01-05 04:01:37 EST
Blocking FE-Legal, This is license problem.
Comment 2 Thomas Spura 2013-01-05 09:43:11 EST
Thanks for the bug report.

I can't find any reference, where this xmlparser is actually in use in the build log, e.g.:
http://kojipkgs.fedoraproject.org//packages/zeromq/2.2.0/3.fc19/data/logs/x86_64/build.log
http://kojipkgs.fedoraproject.org//packages/zeromq/2.1.11/1.fc17/data/logs/x86_64/build.log

Furthermore, these files are redistributed along zeromq ('redistributed' means bundled in the tar ball and provided for downloading on fedora infrastructure in this case.). As I see it, this is allowed as zeromq is allowed to use it under the terms of BSD, so I don't need to remove it from the tar ball before uploading it, isn't it?

I'd suggest removing them in %prep and then not using them (as we already do now AFAIK).

I wait for a final decision by FE-Legal before either:
* removing them in %prep and still ship it in the uploaded tar ball.
* removing them before uploading and request rel-eng to remove all tar balls, which contain those files from fedora infrastructure.
Comment 3 Tom "spot" Callaway 2013-01-07 13:34:02 EST
I agree with Thomas. If these files are unused, they can be removed in %prep, we do not need to make a new tarball. Additionally, RH Legal confirms that we can safely treat these files as being under BSD.
Comment 4 Fedora Update System 2013-01-14 03:54:56 EST
zeromq-2.2.0-4.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.fc17
Comment 5 Fedora Update System 2013-01-14 03:55:08 EST
zeromq-2.2.0-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.el6
Comment 6 Fedora Update System 2013-01-14 03:55:19 EST
zeromq-2.2.0-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.fc18
Comment 7 Fedora Update System 2013-01-14 04:06:10 EST
zeromq-2.2.0-4.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.el5
Comment 8 Fedora Update System 2013-01-14 04:06:20 EST
zeromq-2.2.0-4.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.fc16
Comment 9 Thomas Spura 2013-01-14 04:59:00 EST
zeromq3 is not affected by this as it does not ship "foreign/xmlParser/".
Comment 10 Fedora Update System 2013-01-14 21:21:14 EST
Package zeromq-2.2.0-4.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing zeromq-2.2.0-4.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0794/zeromq-2.2.0-4.fc16
then log in and leave karma (feedback).
Comment 11 Fedora Update System 2013-01-23 11:09:25 EST
zeromq-2.2.0-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2013-01-23 11:28:25 EST
zeromq-2.2.0-4.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2013-02-01 08:18:53 EST
zeromq-2.2.0-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.