[Fedora-legal-list] Re: Legal Problem: md5 implementation

Tom "spot" Callaway tcallawa at redhat.com
Tue Sep 18 14:29:39 UTC 2007

On Tue, 2007-09-18 at 10:24 -0400, Tom Lane wrote:
> "Tom \"spot\" Callaway" <tcallawa at redhat.com> writes:
> > On Mon, 2007-09-17 at 18:02 -0400, Tom Lane wrote:
> >> Not sure I see the point of the sort of patch you seem to envision.
> >> If we are shipping SRPMs containing upstream tarballs that contain
> >> BSD+ad code, haven't we got an issue anyway?
> > BSD + advertising is Free, but GPL incompatible. It only becomes a
> > problem when BSD+ad code is directly compiled into GPL/LGPL licensed
> > code. So, its fine to have a standalone BSD+ad package, but it is
> > definitely not fine for a GPL licensed software package to have BSD
> > +advertising code inside it.
> I concur that they're not compatible.  What I don't follow is why this
> argument doesn't prevent us from shipping the upstream tarball at all.
> A patch might make the binary "clean" in some ill-defined sense, but
> it doesn't fix the sources.  And ultimately the point of the GPL is to
> have access to the source code and be able to do what you want with it.
> ISTM the only answer is to pressure upstream to fix their issue.

You're welcome to interpret it that way. Upstream has a problem. We
(Fedora) have inherited that problem. If upstream chooses not (for
whatever reason) to fix it in their sources, Fedora would need to fix it
in our sources, or not ship the package at all.

Red Hat Legal has consistently advised us that we are meeting the burden
of resolving the problem by patching out the code with problematic
licensing. By writing the patch and submitting it upstream (which is
what Fedora packagers should be doing with _ALL_ of their patches),
we're doing more than simply passing the buck on the problem. :)


More information about the legal mailing list