From owner-svn-ports-all@freebsd.org Sun Sep 9 03:06:24 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 071F7108335E for ; Sun, 9 Sep 2018 03:06:24 +0000 (UTC) (envelope-from adamw@adamw.org) Received: from mail-yw1-xc35.google.com (mail-yw1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 99CF782846 for ; Sun, 9 Sep 2018 03:06:23 +0000 (UTC) (envelope-from adamw@adamw.org) Received: by mail-yw1-xc35.google.com with SMTP id x67-v6so6735379ywg.0 for ; Sat, 08 Sep 2018 20:06:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamw-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4BHd4TFbSQL7bDlXlFskyb4DtRK6NiHuTqvDtD7IcAk=; b=Uaj3DoFAAWsZC3dXByibyMkI90L6iDONVv+tVZQzn/gWnHKlZErwNGmJaTJZsZWBJc 0H9zFdxVLwq8SIxza/SYIuiCdlIww/8NJsLEwgUuKp8KBsn/8plvgnZbQgngBFvNrKBk ttTpq7OiHO44AXQgg+SUyLjdMrjTxPSUtpFRXBIQw+2MbnoqnDjI40syejNk7TIh3E2a tuYu4OQSWnRpY0pFVPXGOqFzCXGFimRK24RQPilyxjHhMzCvyCjB9FCvuQtLHSDmqp+g 8YBo3jkh+kC+3CQG0dsPIkjL/8WSv7xjvckM4SYwX8B1SnKBW3XiLr2vn/H1V1UdJaUJ PEwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4BHd4TFbSQL7bDlXlFskyb4DtRK6NiHuTqvDtD7IcAk=; b=tPMbBq0b7iL+BrdgbvmSEJzcCFfL//VkPfmanLM4C00V7s3A17ssMlxG3T9Qqe/kFz hgRkafwCkIz+jgn8rMCAEDWYUs0slRJNm1Ob/4B33Vx669Dz3ZBHbmt2SetVndReOjFR sWoyO+WaFVI1BrtW4iGBJQBCFUOsYrIfm0fwgCHknRLtusBY1bUdJ6gPEFTbV5Z7+mjF 2EiNVXnzru/L2Sx6DcVKRkfxONRXqaGsBsewC+EaCuNfGd25BrSin1Ifr81uLZsZOGmU 8eiZw4bOk5b2+Vfz1m1QlVF1uA8OsleiPYCXwOzs4/M23kd09Cza0fVDzH3X7yOMyFez hb/g== X-Gm-Message-State: APzg51C7RJJ6tsqfysLrxCVwKrOJCFy2DeyPN2B6s2xBPqrF/llacG8M 195T1iAaT4oY9+MEH49RjkTYL66q0AlCM3ELNRZ0aw== X-Google-Smtp-Source: ANB0VdaWXEQfAwDB1Y63TdICU7s5a6m5K9az07TLysWQZ/XQw9vV+L+mh0Ws00zxbmuzpDjw/z/o3RARcdvaLk46F4Y= X-Received: by 2002:a81:67c6:: with SMTP id b189-v6mr7570531ywc.37.1536462382842; Sat, 08 Sep 2018 20:06:22 -0700 (PDT) MIME-Version: 1.0 References: <201809082328.w88NSLVF073775@repo.freebsd.org> <536e5c65-b195-f629-6778-1935dc422b58@freebsd.org> In-Reply-To: <536e5c65-b195-f629-6778-1935dc422b58@freebsd.org> From: Adam Weinberger Date: Sat, 8 Sep 2018 21:06:06 -0600 Message-ID: Subject: Re: svn commit: r479263 - in head/science: . namd namd/files To: yuri@freebsd.org Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Sep 2018 03:06:24 -0000 On Sat, Sep 8, 2018 at 7:42 PM Yuri wrote: > > On 9/8/18 6:11 PM, Adam Weinberger wrote: > > I'm not sure that that's sufficient, because if they require > > registration to download the release versions of code as a bundle, > > then circumventing it from a public git server might not be > > sufficiently different. > > > > If you'd like to reach out to upstream and ask them whether it's > > permissible for FreeBSD to distribute a script to recreate released > > source code bundles without registration, then that would probably be > > the best way to protect ourselves. In the meantime though, the ports > > need to be removed until we're sure it's safe for us to have it. > > > I agree, this is a good way to proceed. > > I have contacted them and asked this question. > > > > It's clear you put a lot of work into making those ports work, but we > > have to take the conservative path here, which unfortunately means > > removing the ports until we know it's safe. > > > The need to stay on the conservative side is a bit less obvious to me here. > > This isn't a life and death situation where one can only make one mistake. > > The normal way of handling licensing issues is sending a violation > notice or a cease-and-desist letter. > > Nobody acting in a good faith is sued for licensing or patent violations > right away, and it isn't obvious that these ports are in violation until > we get a reply from them. > > > I also have a precedent with different software that has a very similar > license: UCSF Chimera software similarly requires registering and > clicking "I agree". It also has the open subversion server and build > instructions. > > I specifically discussed the similar situation with them, and pointed to > the Arch port https://aur.archlinux.org/packages/ucsf-chimera , and > after reviewing this Arch port they agreed that it isn't in violation. > > Arch community ports are almost exactly the same as what our ports with > LICENSE_PERMS=no-auto-accept no-dist-mirror no-pkg-mirror. > > > Let's wait and see what will they answer. A compromise that linimon suggested on IRC is to replace the do-fetch with a message that gives the URL and instruction for downloading the official source code tarball. Other ports do this, and then there's no way that we're violating their license terms. I agree with you (and linimon on IRC) that removing the port entirely is unnecessary at this time, but until you hear back and get confirmation that pulling from their git repo is okay, please just add in a new do-fetch with a message telling users how to download the official tarball. You could even rename the current do-fetch to maintainer-fetch or something. # Adam -- Adam Weinberger adamw@adamw.org https://www.adamw.org