Re: [Fedora-marketing-list] Derivate distributions and GPL

[Sankarshan Mukhopadhyay <sankar redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrick W. Barnes wrote:

> To a degree, we already do a lot to enable derivatives.  Our licensing, 
> trademark guidelines, and packaging processes are all friendly to 
> derivatives.  The issue at hand is whether or not we would be willing to 
> accept responsibility for providing the source code as required by the GPL 
> for a downstream distribution.  I really don't think we should.  I'm happy to 
> enable derivatives, but I don't think we should take any responsibility for 
> them.  We also need to be very careful in establishing any sort of 
> relationship with specific derivatives.  There are plenty of political and 
> liability concerns behind doing so.

The moot issue might just be whether upstream Fedora has the
means/methods/tools to validate that the binaries that are going into
the derivative are in-toto from the upstream repos. The derivative
distribution has the liability to produce sources for the binaries on
demand - if they can substantially establish that the so-claimed
upstream binaries packaged are no different from the ones obtained
through Fedora repos they might just be able to deliver a derivative
distribution.

I am not suggesting that upstream take on the onus for providing the
source, rather what I would like to know whether there can be a means
for the derivative distributions to point to upstream sources as
pristine and hence be able to (re)distribute them towards compliance.

:Sankarshan

ps; I am still looking into the earlier posts on this (MUA freakishness)
so pardon me if I post to a closed issue

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEu5nI+g4kmZ76nyERAtRWAJ9VtBDDTOKDb8LLWAIzRdvtZJje7QCffzzF
BH8/lsqgWCKVtMiMqIBn5Eg=
=2wWl
-----END PGP SIGNATURE-----