6:37 a.m.
Hello,
I have some questions about how to proceed in the light of this reported
licensing bug:
https://bugzilla.redhat.com/show_bug.cgi?id=567854
There is an upstream bug corresponding to it here:
http://cups.org/str.php?L3509
The problem is that some of the source files in CUPS (all versions)
include the BSD-With-Advertising license text in their headers, whereas
CUPS as a whole is licensed as GPLv2 and LGPLv2 (but may link against
OpenSSL).
As noted in the Bugzilla bug report, the code cannot automatically be
relicensed to remove the advertising clause.
These files will be removed in a future version of CUPS (1.5.x), but the
current stable series will continue to ship them.
Here is the upstream response to STR #3509:
==>
Well, since we are the copyright holder we can say that the BSD license
in the SCSI backend sources is compatible, just as we say you can mix
CUPS with OpenSSL - the CUPS license is GPL2+LGPL2+exceptions.
In any case, since a) the SCSI backend is never used, b) we have removed
it from CUPS trunk, and c) Linux distributors can always remove the SCSI
backend from the list of legacy backends that are built and installed
with the current releases of CUPS, I'm going to just dupe this bug
against STR #3500.
<==
STR #3500 is the upstream bug report which caused these files to be
removed on the trunk for the reason that they are no longer needed.
What are these files? The scsi.c, scsi-irix.c and scsi-linux.c files
make up the 'scsi' CUPS backend, an executable which resides
in /usr/lib/cups/backend and which the CUPS scheduler spawns in order to
hand off jobs to SCSI printers. It links against libcups.so.2, which is
licensed as LGPLv2.
===
So, the questions are:
a) is this a problem?
and
b) if so is it sufficient for me to simply not ship the scsi backend in
the cups binary package, or does the source tarball need to be re-spun
for each new release to excise these BSD-licensed files?
Thanks,
Tim.
*/
11:19 a.m.
Hi, Tim,
In this case I think it's fine! Thanks so much for looking into this,
and especially for providing a great picture of the actual connections
between the binary files. I see this "backend/scsi" executable really
does come from only scsi.c and scsi-linux.c.
$ objdump -D -l cups-1.4.2/backend/scsi | grep cups-1.4.2 | sort
/home/julius/cups/cups-1.4.2/backend/scsi.c:110
[etc....]
/home/julius/cups/cups-1.4.2/backend/scsi-linux.c:112
[etc....]
Sorry I opened the bug! I opened the bug over at CUPS, and they
seemed to agree there was a problem, so that's why I opened it at
Fedora. But now I see that it's fine.
Shall I close the bug?
yours,
Julius
On Wed, Feb 24, 2010 at 4:37 AM, Tim Waugh <twaugh(a)redhat.com> wrote:
Hello,
I have some questions about how to proceed in the light of this reported
licensing bug:
https://bugzilla.redhat.com/show_bug.cgi?id=567854
There is an upstream bug corresponding to it here:
http://cups.org/str.php?L3509
The problem is that some of the source files in CUPS (all versions)
include the BSD-With-Advertising license text in their headers, whereas
CUPS as a whole is licensed as GPLv2 and LGPLv2 (but may link against
OpenSSL).
As noted in the Bugzilla bug report, the code cannot automatically be
relicensed to remove the advertising clause.
These files will be removed in a future version of CUPS (1.5.x), but the
current stable series will continue to ship them.
Here is the upstream response to STR #3509:
==>
Well, since we are the copyright holder we can say that the BSD license
in the SCSI backend sources is compatible, just as we say you can mix
CUPS with OpenSSL - the CUPS license is GPL2+LGPL2+exceptions.
In any case, since a) the SCSI backend is never used, b) we have removed
it from CUPS trunk, and c) Linux distributors can always remove the SCSI
backend from the list of legacy backends that are built and installed
with the current releases of CUPS, I'm going to just dupe this bug
against STR #3500.
<==
STR #3500 is the upstream bug report which caused these files to be
removed on the trunk for the reason that they are no longer needed.
What are these files? The scsi.c, scsi-irix.c and scsi-linux.c files
make up the 'scsi' CUPS backend, an executable which resides
in /usr/lib/cups/backend and which the CUPS scheduler spawns in order to
hand off jobs to SCSI printers. It links against libcups.so.2, which is
licensed as LGPLv2.
===
So, the questions are:
a) is this a problem?
and
b) if so is it sufficient for me to simply not ship the scsi backend in
the cups binary package, or does the source tarball need to be re-spun
for each new release to excise these BSD-licensed files?
Thanks,
Tim.
*/
_______________________________________________
legal mailing list
legal(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/legal
--
yours,
Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/logging.html
6:21 a.m.
On Wed, 2010-02-24 at 09:19 -0800, Julius Davies wrote:
In this case I think it's fine! Thanks so much for looking into
this,
and especially for providing a great picture of the actual connections
between the binary files. I see this "backend/scsi" executable really
does come from only scsi.c and scsi-linux.c.
$ objdump -D -l cups-1.4.2/backend/scsi | grep cups-1.4.2 | sort
/home/julius/cups/cups-1.4.2/backend/scsi.c:110
[etc....]
/home/julius/cups/cups-1.4.2/backend/scsi-linux.c:112
[etc....]
Well, and it dynamically links to libcups.so.2:
$ ldd /usr/lib/cups/backend/scsi | grep cups
libcups.so.2 => /usr/lib64/libcups.so.2 (0x00007f19e21dd000)
But that's OK?
Tim.
*/
10:03 a.m.
On Thu, Feb 25, 2010 at 4:21 AM, Tim Waugh <twaugh(a)redhat.com> wrote:
On Wed, 2010-02-24 at 09:19 -0800, Julius Davies wrote:
> In this case I think it's fine! Thanks so much for looking into this,
> and especially for providing a great picture of the actual connections
> between the binary files. I see this "backend/scsi" executable really
> does come from only scsi.c and scsi-linux.c.
>
> $ objdump -D -l cups-1.4.2/backend/scsi | grep cups-1.4.2 | sort
>
> /home/julius/cups/cups-1.4.2/backend/scsi.c:110
> [etc....]
> /home/julius/cups/cups-1.4.2/backend/scsi-linux.c:112
> [etc....]
Well, and it dynamically links to libcups.so.2:
$ ldd /usr/lib/cups/backend/scsi | grep cups
libcups.so.2 => /usr/lib64/libcups.so.2 (0x00007f19e21dd000)
But that's OK?
Tim.
*/
Yeah, that's fine if libcups.so.2 is LGPL.
--
yours,
Julius Davies
250-592-2284 (Home)
250-893-4579 (Mobile)
http://juliusdavies.ca/logging.html
5171
days inactive
5172
days old
3 comments
2 participants
participants (2)
-
Julius Davies -
Tim Waugh