From owner-svn-ports-all@freebsd.org Sun Sep 9 01:42:33 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BC61E108160B; Sun, 9 Sep 2018 01:42:33 +0000 (UTC) (envelope-from yuri@freebsd.org) Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4D5E3808C5; Sun, 9 Sep 2018 01:42:33 +0000 (UTC) (envelope-from yuri@freebsd.org) Received: from yv.noip.me (c-24-4-131-132.hsd1.ca.comcast.net [24.4.131.132]) (authenticated bits=0) by shell1.rawbw.com (8.15.1/8.15.1) with ESMTPSA id w891gVAh028388 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sat, 8 Sep 2018 18:42:32 -0700 (PDT) (envelope-from yuri@freebsd.org) X-Authentication-Warning: shell1.rawbw.com: Host c-24-4-131-132.hsd1.ca.comcast.net [24.4.131.132] claimed to be yv.noip.me Reply-To: yuri@freebsd.org Subject: Re: svn commit: r479263 - in head/science: . namd namd/files To: Adam Weinberger Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org References: <201809082328.w88NSLVF073775@repo.freebsd.org> From: Yuri Message-ID: <536e5c65-b195-f629-6778-1935dc422b58@freebsd.org> Date: Sat, 8 Sep 2018 18:42:30 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Sep 2018 01:42:33 -0000 On 9/8/18 6:11 PM, Adam Weinberger wrote: > I'm not sure that that's sufficient, because if they require > registration to download the release versions of code as a bundle, > then circumventing it from a public git server might not be > sufficiently different. > > If you'd like to reach out to upstream and ask them whether it's > permissible for FreeBSD to distribute a script to recreate released > source code bundles without registration, then that would probably be > the best way to protect ourselves. In the meantime though, the ports > need to be removed until we're sure it's safe for us to have it. I agree, this is a good way to proceed. I have contacted them and asked this question. > It's clear you put a lot of work into making those ports work, but we > have to take the conservative path here, which unfortunately means > removing the ports until we know it's safe. The need to stay on the conservative side is a bit less obvious to me here. This isn't a life and death situation where one can only make one mistake. The normal way of handling licensing issues is sending a violation notice or a cease-and-desist letter. Nobody acting in a good faith is sued for licensing or patent violations right away, and it isn't obvious that these ports are in violation until we get a reply from them. I also have a precedent with different software that has a very similar license: UCSF Chimera software similarly requires registering and clicking "I agree". It also has the open subversion server and build instructions. I specifically discussed the similar situation with them, and pointed to the Arch port https://aur.archlinux.org/packages/ucsf-chimera , and after reviewing this Arch port they agreed that it isn't in violation. Arch community ports are almost exactly the same as what our ports with LICENSE_PERMS=no-auto-accept no-dist-mirror no-pkg-mirror. Let's wait and see what will they answer. Regards, Yuri