Bug 892111 - zeromq is non-free (licensed under AFPL) file included
Summary: zeromq is non-free (licensed under AFPL) file included
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: zeromq
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Thomas Spura
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
 
Reported: 2013-01-05 09:00 UTC by mejiko
Modified: 2013-02-01 13:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-23 16:09:21 UTC


Attachments (Terms of Use)

Description mejiko 2013-01-05 09:00:54 UTC
Hello.

zeromq included non-free files

Source RPM is "zeromq-2.1.11-1.fc17.src.rpm"


Files and Licenses:

Files:

zeromq-2.1.11/foreign/xmlParser/*

License: AFPL and BSD

But BSD license apply is "project specific". (see "zeromq-2.1.11/foreign/xmlParser/*" datails.)

Its non-free.



Suggests:

1. Remove non-free file and rebuild.
2. replace to fedora-free code. (e.g libxml)
3. Remove to fedora repos.

Thanks.


Reference:

https://www.gnu.org/licenses/license-list.html#NonFreeSoftwareLicense
http://artifex.com/downloads/doc/Public.htm
https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Bad_Licenses

Comment 1 mejiko 2013-01-05 09:01:37 UTC
Blocking FE-Legal, This is license problem.

Comment 2 Thomas Spura 2013-01-05 14:43:11 UTC
Thanks for the bug report.

I can't find any reference, where this xmlparser is actually in use in the build log, e.g.:
http://kojipkgs.fedoraproject.org//packages/zeromq/2.2.0/3.fc19/data/logs/x86_64/build.log
http://kojipkgs.fedoraproject.org//packages/zeromq/2.1.11/1.fc17/data/logs/x86_64/build.log

Furthermore, these files are redistributed along zeromq ('redistributed' means bundled in the tar ball and provided for downloading on fedora infrastructure in this case.). As I see it, this is allowed as zeromq is allowed to use it under the terms of BSD, so I don't need to remove it from the tar ball before uploading it, isn't it?

I'd suggest removing them in %prep and then not using them (as we already do now AFAIK).

I wait for a final decision by FE-Legal before either:
* removing them in %prep and still ship it in the uploaded tar ball.
* removing them before uploading and request rel-eng to remove all tar balls, which contain those files from fedora infrastructure.

Comment 3 Tom "spot" Callaway 2013-01-07 18:34:02 UTC
I agree with Thomas. If these files are unused, they can be removed in %prep, we do not need to make a new tarball. Additionally, RH Legal confirms that we can safely treat these files as being under BSD.

Comment 4 Fedora Update System 2013-01-14 08:54:56 UTC
zeromq-2.2.0-4.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.fc17

Comment 5 Fedora Update System 2013-01-14 08:55:08 UTC
zeromq-2.2.0-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.el6

Comment 6 Fedora Update System 2013-01-14 08:55:19 UTC
zeromq-2.2.0-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.fc18

Comment 7 Fedora Update System 2013-01-14 09:06:10 UTC
zeromq-2.2.0-4.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.el5

Comment 8 Fedora Update System 2013-01-14 09:06:20 UTC
zeromq-2.2.0-4.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/zeromq-2.2.0-4.fc16

Comment 9 Thomas Spura 2013-01-14 09:59:00 UTC
zeromq3 is not affected by this as it does not ship "foreign/xmlParser/".

Comment 10 Fedora Update System 2013-01-15 02:21:14 UTC
Package zeromq-2.2.0-4.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing zeromq-2.2.0-4.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0794/zeromq-2.2.0-4.fc16
then log in and leave karma (feedback).

Comment 11 Fedora Update System 2013-01-23 16:09:25 UTC
zeromq-2.2.0-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2013-01-23 16:28:25 UTC
zeromq-2.2.0-4.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2013-02-01 13:18:53 UTC
zeromq-2.2.0-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.