[Fedora-legal-list] Creating a trusted sha256sum.exe binary for verifying *-CHECKSUM files on Windows
Tom "spot" Callaway
tcallawa at redhat.com
Wed Dec 23 15:35:07 UTC 2009
On 12/19/2009 02:28 PM, Todd Zullinger wrote:
> What I'm wondering about is what do we need to do in order to ensure
> GPL compliance here? Knowing that will help me move this forward with
> the folks on the infrastructure team.
Assuming GPLv2, the simplest solution for you would be to do this:
In GPLv2, it says:
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
So, assuming we will be putting this binary somewhere on the Fedora
website, we should put links to download the source code for the sha256
binary (and all statically compiled libraries) right next to it. These
links can be to koji, as long as they will not go stale (e.g. no scratch
builds).
Also, we'll want to put the binary .exe in a zip file with COPYING
(GPLv2 license text).
hth,
~spot
More information about the legal
mailing list