Fedora Board Recap 2007-JUL-10

Luis Villa luis at tieguy.org
Fri Jul 13 02:45:46 UTC 2007 

On 7/12/07, Luis Villa <luis at tieguy.org> wrote:
> [Note that this is not an official position of Red Hat Legal; I am not
> a lawyer (yet), and I am particularly not your lawyer (yet). Were I
> speaking as part of Red Hat Legal, I would speak with an @redhat.com
> address.]
>
> On 7/12/07, Josh Boyer <jwboyer at jdub.homelinux.org> wrote:
> > > == Brief discussion of GPL v2/v3 and EULA for F8 ==
> > >  * Consider adding license version tagging to spec file - push to FESCo
> > >  * Need to raise awareness to examine code coming from upstream during version updates
> > >  * Mostly packaging issues that need to be discussed with legal
> >
> > Can you explain this a bit more please?  Particularly if you're going to
> > push it to FESCo.
> >
> > 1) Why do we need to examine code coming from upstream updates?  (E.g.
> > only to make sure the license tag spells out the correct version?)
>
> Consider a not very hypothetical hypothetical: (the details of the
> incompatibility are simplified and possibly even incorrect, because I
> have been at the office *a lot* the past three days, but the basic
> idea is there)
>
> * Samba releases a library which is GPLv3. They are upstream for
> libsmbclient; it is their prerogative to do this.
>
> * Fedora packages and ships this new, GPL v3 libsmbclient.
>
> * Fedora rebuilds things which link against libsmbclient, but which
> are not GPL v3.
>
> * Fedora distributes. Voila... a (potential, depending on the details)
> license violation!
>
> Here, all relevant upstreams have done the right thing, and yet Fedora
> has committed a license violation. So Fedora might wish to put into
> place review procedures which minimize the risk of this occurring.

Probably worth noting, finally, that of course this also eventually
becomes an upstream problem which the library and application will
have to work out between themselves. But because Fedora is the
integrator, and Fedora is the one who (by linking) actually violates
the license (and in the v2 case, technically immediately loses the
right to distribute in the future!), Fedora needs to be on its toes
and not wait for the two of them to work it out; instead it should try
to see the problems before the upstreams do and help both sides to
work it out instead of just waiting and hoping that they do.

Luis

More information about the fedora-advisory-board mailing list