Hello,
I have some questions about how to proceed in the light of this reported licensing bug: https://bugzilla.redhat.com/show_bug.cgi?id=567854
There is an upstream bug corresponding to it here: http://cups.org/str.php?L3509
The problem is that some of the source files in CUPS (all versions) include the BSD-With-Advertising license text in their headers, whereas CUPS as a whole is licensed as GPLv2 and LGPLv2 (but may link against OpenSSL).
As noted in the Bugzilla bug report, the code cannot automatically be relicensed to remove the advertising clause.
These files will be removed in a future version of CUPS (1.5.x), but the current stable series will continue to ship them.
Here is the upstream response to STR #3509:
==> Well, since we are the copyright holder we can say that the BSD license in the SCSI backend sources is compatible, just as we say you can mix CUPS with OpenSSL - the CUPS license is GPL2+LGPL2+exceptions.
In any case, since a) the SCSI backend is never used, b) we have removed it from CUPS trunk, and c) Linux distributors can always remove the SCSI backend from the list of legacy backends that are built and installed with the current releases of CUPS, I'm going to just dupe this bug against STR #3500. <==
STR #3500 is the upstream bug report which caused these files to be removed on the trunk for the reason that they are no longer needed.
What are these files? The scsi.c, scsi-irix.c and scsi-linux.c files make up the 'scsi' CUPS backend, an executable which resides in /usr/lib/cups/backend and which the CUPS scheduler spawns in order to hand off jobs to SCSI printers. It links against libcups.so.2, which is licensed as LGPLv2.
===
So, the questions are:
a) is this a problem?
and
b) if so is it sufficient for me to simply not ship the scsi backend in the cups binary package, or does the source tarball need to be re-spun for each new release to excise these BSD-licensed files?
Thanks, Tim. */
Hi, Tim,
In this case I think it's fine! Thanks so much for looking into this, and especially for providing a great picture of the actual connections between the binary files. I see this "backend/scsi" executable really does come from only scsi.c and scsi-linux.c.
$ objdump -D -l cups-1.4.2/backend/scsi | grep cups-1.4.2 | sort
/home/julius/cups/cups-1.4.2/backend/scsi.c:110 [etc....] /home/julius/cups/cups-1.4.2/backend/scsi-linux.c:112 [etc....]
Sorry I opened the bug! I opened the bug over at CUPS, and they seemed to agree there was a problem, so that's why I opened it at Fedora. But now I see that it's fine.
Shall I close the bug?
yours,
Julius
On Wed, Feb 24, 2010 at 4:37 AM, Tim Waugh twaugh@redhat.com wrote:
Hello,
I have some questions about how to proceed in the light of this reported licensing bug: https://bugzilla.redhat.com/show_bug.cgi?id=567854
There is an upstream bug corresponding to it here: http://cups.org/str.php?L3509
The problem is that some of the source files in CUPS (all versions) include the BSD-With-Advertising license text in their headers, whereas CUPS as a whole is licensed as GPLv2 and LGPLv2 (but may link against OpenSSL).
As noted in the Bugzilla bug report, the code cannot automatically be relicensed to remove the advertising clause.
These files will be removed in a future version of CUPS (1.5.x), but the current stable series will continue to ship them.
Here is the upstream response to STR #3509:
==> Well, since we are the copyright holder we can say that the BSD license in the SCSI backend sources is compatible, just as we say you can mix CUPS with OpenSSL - the CUPS license is GPL2+LGPL2+exceptions.
In any case, since a) the SCSI backend is never used, b) we have removed it from CUPS trunk, and c) Linux distributors can always remove the SCSI backend from the list of legacy backends that are built and installed with the current releases of CUPS, I'm going to just dupe this bug against STR #3500. <==
STR #3500 is the upstream bug report which caused these files to be removed on the trunk for the reason that they are no longer needed.
What are these files? The scsi.c, scsi-irix.c and scsi-linux.c files make up the 'scsi' CUPS backend, an executable which resides in /usr/lib/cups/backend and which the CUPS scheduler spawns in order to hand off jobs to SCSI printers. It links against libcups.so.2, which is licensed as LGPLv2.
===
So, the questions are:
a) is this a problem?
and
b) if so is it sufficient for me to simply not ship the scsi backend in the cups binary package, or does the source tarball need to be re-spun for each new release to excise these BSD-licensed files?
Thanks, Tim. */
legal mailing list legal@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/legal
On Wed, 2010-02-24 at 09:19 -0800, Julius Davies wrote:
In this case I think it's fine! Thanks so much for looking into this, and especially for providing a great picture of the actual connections between the binary files. I see this "backend/scsi" executable really does come from only scsi.c and scsi-linux.c.
$ objdump -D -l cups-1.4.2/backend/scsi | grep cups-1.4.2 | sort
/home/julius/cups/cups-1.4.2/backend/scsi.c:110 [etc....] /home/julius/cups/cups-1.4.2/backend/scsi-linux.c:112 [etc....]
Well, and it dynamically links to libcups.so.2:
$ ldd /usr/lib/cups/backend/scsi | grep cups libcups.so.2 => /usr/lib64/libcups.so.2 (0x00007f19e21dd000)
But that's OK?
Tim. */
On Thu, Feb 25, 2010 at 4:21 AM, Tim Waugh twaugh@redhat.com wrote:
On Wed, 2010-02-24 at 09:19 -0800, Julius Davies wrote:
In this case I think it's fine! Thanks so much for looking into this, and especially for providing a great picture of the actual connections between the binary files. I see this "backend/scsi" executable really does come from only scsi.c and scsi-linux.c.
$ objdump -D -l cups-1.4.2/backend/scsi | grep cups-1.4.2 | sort
/home/julius/cups/cups-1.4.2/backend/scsi.c:110 [etc....] /home/julius/cups/cups-1.4.2/backend/scsi-linux.c:112 [etc....]
Well, and it dynamically links to libcups.so.2:
$ ldd /usr/lib/cups/backend/scsi | grep cups libcups.so.2 => /usr/lib64/libcups.so.2 (0x00007f19e21dd000)
But that's OK?
Tim. */
Yeah, that's fine if libcups.so.2 is LGPL.
-
Julius Davies -
Tim Waugh