Subject: Re: license nits on "adzap"
To: None <tech-pkg@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-pkg
Date: 05/22/2000 23:47:38
IANAL, *BUT*:

[ On Saturday, May 20, 2000 at 10:08:33 (-0400), Bill Sommerfeld wrote: ]
> Subject: license nits on "adzap"
>
> So, www/adzap has no explicit license in the actual distribution
> tarball, but does contain an "interesting" license on its web page:

(I wouldn't call that a "license", but rather just a warning.)

>    Until Wednesday 26may1999, this code was free for use by all. However,
>    the Australian Government brought in some truly stupid and invasive
>    legislation, so this code is now free except that it MAY NOT be used
>    to enforce or support that legislation or other legistlation of
>    similar intent. I'm happy for people to use it to filter their own
>    browsing, but not for people to force their morals onto others.

So far as I've come to understand the above type of "license
restriction" (if indeed it had been listed as a term in the copyright)
cannot (yet, thankfully) be enforced under copyright law in many, if not
most, jurisdictions (certainly not in at least some major "havens" of
Internet servers and connectivity! ;-).

Presumably in Australia it is a separate law that defines whether or not
any given software product may be used in a certain way or not (just as
it is a separate law in some jurisdiction that covers whether or not any
given person is allowed to use, or even possess, encryption software).

In fact the very same thing (i.e. non-enforceability under copyright
law) applies to most, if not all, of the existing identifiers used in
the pkgsrc "ACCEPTABLE_LICENSES" variable.  Copyright law (in general)
cannot protect shareware that's available for anonymous FTP, nor can it
tell anyone what they can or cannot do "privately" with a legally
obtained copy of something, and so of course if you can anonymously FTP
(or otherwise transfer) some software package then its author has no
hope in hell (at least in any sane legal jurisdiction) of ever
controlling how you make use of the function of that legal copy of
his/her software.  All the author can basically do is extend to you the
right to publish the software and/or some derivative work in some way
(perhaps anonymously, or perhaps commercially, or whatever).

> Assuming we want pkgsrc to respect the wishes of the author,

(don't you mean "the wishes of the Australian Government"? -- the author
seems to indicate a dislike for this state of affairs!)

>    I suspect 
> this should translate into "LICENSE=no-use-for-censorship" or
> "LICENSE=voluntary-filtering-only" or some such, with an explanatory
> comment in the makefile to force people installing the package to be
> aware of this restriction/request from the author.

Once again I think that the pkgsrc "license" specifiers should be used
only for copyright restriction classification.

Yes, I do remember that last time this was discussed there were people
voicing the wish to have an identifier included in the pkgsrc system
which would allow them to recognise various kinds of odd-ball non-legal
licensing schemes.  However I fail to see how it could ever be possible
for the maintainers of pkgsrc to cater to the almost infinite possible
combinations and permutations of odd-ball ideas while at the same time
also keeping the system within the real boundaries of the actual laws
common to most jurisdictions and thus serving the *real* legal needs of
its users.  Indeed I continue to say that all of you who wish to have
pkgsrc maintain descriptors for your favourite fictitious rule-sets
should take responsibility for your own private rules in-house and not
burden a shared system with them.

In order to respect copyright law there are three possible mutually
exclusive states that need to be recognised w.r.t. to the original
distribution -- either the package is:  1) freely available and freely
re-distributable, or 2) freely available but *not* freely
re-distributable, or 3) *not* freely available and *not* freely
re-distributable.  (I.e. can such package distribution files be legally
obtained anonymously and if so can they be mirrored on ftp.netbsd.org
and all of its mirror sites and all of the similar sites where the
contents of the /usr/pkgsrc/distfiles directory are made publicly and
anonymously readable?)

That a similar set of mutually exclusive states also applies to the
result of a "make package" -- i.e. the compressed "tar" of the binary
products created from the original distribution through the process
specified by the given "pgksrc" module:  1) freely re-distributable, or
2) freely re-distributable with source and any local changes, or 3)
*not* freely re-distributable even with source.  (I.e. can the binary
packages be legally made available on ftp.netbsd.org and all of its
mirror sites and all of the similar sites where the /usr/pkgsrc/packages
hierarchy is made publicly and anonymously readable, perhaps given the
restriction that their original source distributions plus all local
changes is also made available?)

Of course the re-distributability of the binary package may be different
than that of the original, virgin, (presumably source) distribution, and
it may depend on whether or not actual patches were used in building the
binary products too (but since the latter is a static thing within
pkgsrc the resulting state is relatively easy to derive from the answer
to whether or not an "original" binary is re-distributable).

Even within copyright law there is of course an almost infinite spectrum
of minor limitations that might prevent, or allow, or require, one to
freely redistribute a package that is not otherwise explicitly freely
re-distributable (either in original or "binary" form), but I don't
think it's "safe" for pkgsrc to make any declaration on behalf of the
person who would actually be doing the redistribution and instead it
must err on the safe side and simply say "not re-distributable" (unless
of course TNF takes the legal responsibility and obtains a copyright
distribution license on behalf of all NetBSD users (which is in effect
the same as saying "the general public"!).

That's it.  That's all there is.  Period.  Systems like "pkgsrc" (and of
course its progenitor and its cousins) should not try to go any further
than to simply classify the re-distributability of "distfiles" and
"binary package products" as either "YES" or "NO".  Everything else is
either more or less meaningless, or personal (i.e. not legal)
interpretation and subject to (potentially serious) error.

Yes, the FreeBSD "ports" system goes one step further to identify which
packages can be legally included (in either binary and/or source form)
in a compilation that's effectively sold for profit, but they do that
because that's the way their biggest direct supporter makes a living....
NetBSD's pkgsrc system could offer similar guidelines (which should
probably be set and controlled by separate variables) too I suppose, but
I personally don't see this a necessary feature.

And, well, actually, yes, I guess there are the other laws that pkgsrc
et al might be interested in "supporting" in some way, such as those in
various jurisdictions which control the legality of encryption software.
However I'd like to see a separate variable used to define the state of
such things -- it may be perfectly legal to redistribute encryption
software from some jurisdictions even when it is illegal to even possess
it in others.  These are not mutually exclusive states that can be
represented by a simple identifier set in a single variable.
Furthermore given the relative complexity of understanding such laws
around the world, and the fact that the author of such packages will
likely have a similar responsibility (and thus may not choose to make
the package truly freely re-distributable in the first place), it
doesn't seem nearly as urgent to me that pkgsrc be used to tag which
packages may be legally restricted for reasons other than copyright in
some (hopefully increasingly rare) jurisdictions.

So, what I'm really trying to say is that I continue to find it
extremely hypocritical and/or "Big Brother"-ish for pkgsrc to try and
foist meaningless/fake restrictions on me just because some author is
severely confused about his or her own rights and responsibilities.
Sure I can just set whatever mk.conf variables to their most wide-open
settings or whatever, but that seems less productive than just having
pkgsrc stick to the real world limitations and to try and reflect them
in a way that's most useful for the widest variety of users.

In fact in general it should be "hard" for the user to change the
specification of whether or not a package (and/or its binary) is freely
re-distributable.  This should only be possible if the user goes to some
far less than zero effort to change the default settings.  For example
perhaps the variables that controls this should be left un-documented,
or at least not fully documented and templated in mk/mk.conf.example.
Any documentation that is given should warn the user that changing the
setting will potentially put them at legal risk if they should
purposefully, or even accidentally, publish their distfiles and/or
packages archives.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>