Date: Sat, 8 Sep 2018 21:06:06 -0600 From: Adam Weinberger <adamw@adamw.org> To: yuri@freebsd.org Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r479263 - in head/science: . namd namd/files Message-ID: <CAP7rwcgArBcggqfF=HZ_C=pBRCAWO6CgePsXpHMYbt4fy-KTRA@mail.gmail.com> In-Reply-To: <536e5c65-b195-f629-6778-1935dc422b58@freebsd.org> References: <201809082328.w88NSLVF073775@repo.freebsd.org> <CAP7rwcgq5EpuEggex2vG369-0Cz4O9GbRPQNpbUUQ6VB15HH4Q@mail.gmail.com> <bf8482a4-65db-a501-1907-03e581bf8069@freebsd.org> <CAP7rwci_GspMmTNrU5y-e3i609%2BCOjwWtosT4_H2MFcYsqzb3Q@mail.gmail.com> <536e5c65-b195-f629-6778-1935dc422b58@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 8, 2018 at 7:42 PM Yuri <yuri@freebsd.org> wrote: > > On 9/8/18 6:11 PM, Adam Weinberger wrote: > > I'm not sure that that's sufficient, because if they require > > registration to download the release versions of code as a bundle, > > then circumventing it from a public git server might not be > > sufficiently different. > > > > If you'd like to reach out to upstream and ask them whether it's > > permissible for FreeBSD to distribute a script to recreate released > > source code bundles without registration, then that would probably be > > the best way to protect ourselves. In the meantime though, the ports > > need to be removed until we're sure it's safe for us to have it. > > > I agree, this is a good way to proceed. > > I have contacted them and asked this question. > > > > It's clear you put a lot of work into making those ports work, but we > > have to take the conservative path here, which unfortunately means > > removing the ports until we know it's safe. > > > The need to stay on the conservative side is a bit less obvious to me here. > > This isn't a life and death situation where one can only make one mistake. > > The normal way of handling licensing issues is sending a violation > notice or a cease-and-desist letter. > > Nobody acting in a good faith is sued for licensing or patent violations > right away, and it isn't obvious that these ports are in violation until > we get a reply from them. > > > I also have a precedent with different software that has a very similar > license: UCSF Chimera software similarly requires registering and > clicking "I agree". It also has the open subversion server and build > instructions. > > I specifically discussed the similar situation with them, and pointed to > the Arch port https://aur.archlinux.org/packages/ucsf-chimera , and > after reviewing this Arch port they agreed that it isn't in violation. > > Arch community ports are almost exactly the same as what our ports with > LICENSE_PERMS=no-auto-accept no-dist-mirror no-pkg-mirror. > > > Let's wait and see what will they answer. A compromise that linimon suggested on IRC is to replace the do-fetch with a message that gives the URL and instruction for downloading the official source code tarball. Other ports do this, and then there's no way that we're violating their license terms. I agree with you (and linimon on IRC) that removing the port entirely is unnecessary at this time, but until you hear back and get confirmation that pulling from their git repo is okay, please just add in a new do-fetch with a message telling users how to download the official tarball. You could even rename the current do-fetch to maintainer-fetch or something. # Adam -- Adam Weinberger adamw@adamw.org https://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAP7rwcgArBcggqfF=HZ_C=pBRCAWO6CgePsXpHMYbt4fy-KTRA>