Exactly one year ago (well actually there are 4 days left before the aniversary), a bug was reported on launchpad, called Non-free files distributed without license/copyright info.
Basically, it complained that people reported bugs like "I need the firmware available on http://hosting.ru/~bob/" for my DVB card to work, and the said firmware was added into linux-restricted-modules (then linux-firmware) without checking it can be redistributed, and without writing the origin and license in copyright file.
This is not really new as in earlier version they were even included in linux-image package, already without correct license info.
This bug got very few activity, like people closing it for old releases, or asking to attach Xorg.0.log twice...
In January this year, a bit upset about that, I wrote an email to Mark Shuttleworth titled "Copyright violations in Ubuntu, nobody cares" and was happy to get two very positive emails in less than 24 hours.
First one was asking someone, with me in Cc, to have a look at it and either drop or ask the appropriate people to get an agreement for redistribution.
The second one was the forwarded answer from Matt Zimmerman, with Technical Board in Cc, saying:
The kernel team has been doing copyright archeology on this already, with a goal of fixing this for 9.04. I don't think he was aware of this particular bug report, and will get it updated to reflect the current status of that work. We know that there are areas where we don't have proper documentation for the origin and copyright of some of these files, and that we need to either clear them or remove them.
Mark added Pascal, I trust that this resolves the issue, please raise it again if 9.04 beta doesn't reflect this goal.
What happened since ? The bug was not updated to reflect the current status of that work. And I didn't have time last few months to look at the betas, so I was quite pessimistic when I found today time to look at it.
Well, things improved a bit, some licenses where added, and new one was added only after checking the license.
But many with unknown licenses are just still there, none was removed.
Worse, some where the license says it's not redistributable, like dvb-fe-tda10046.fw which states The user may not make additional copies of the software. The documentation may not be reproduced. as pointed in another report , are still there too...
So, hosting an Ubuntu mirror or giving away Ubuntu CDs is still violating copyright, and illegal in most countries.
If several bug reports on Launchpad, Mark and Technical Board have not enough power to make packagers follow the packaging rules and the law, and have Ubuntu legally distributable, who can?
When someone submit a package for inclusion in the Ubuntu repositories, isn't there a review made by another packager ?<br><br>If so, this review would be the good time to find about licensing issues in the proposed package.<br><br>That's what we have in Fedora, that works rather nicely.<br><br>However, that doesn't fix anything for packages already in the repositories that need fixing (even less if those are « core » packages like the kernel).<br><br>Maybe if some copyright holder would sue Canonical, that would make them review those issues faster. That's a rather bad solution however :-/
Chuck Norris can
well, you could do it!
There should be more control in everything Linux.
well, just don't look too closely at the .ttf files Mandriva ships in /contrib. =)<br><br>I cleaned up /main before a release - I think it was 2008 Spring - but never got around to /contrib...
At least if you send an email to Mark Shuttleworth you have an email ( and even his email ).<br>I'm pretty sure that if you did the same for Mandriva you will have :<br>- an hard time to find hervé yahi mail<br>- a response ( especially in english )<br><br>you'd better go directly to cooker ML ...
Adam, Fabrice: I don't say we are perfect.<br>What I feel is bad is that there is are open bugs, for one year, people are aware of it and don't fix it.<br>Yes we don't spend time looking for such issues (unlike Debian and Fedora who have people with good legal knowledge), but if a bug report is open saying that we have some file in a package that we can not redistribute we will remove it (it happened several times, and unlike this situation it was not _added_ files).
fabrice: well, anyone who's mailed more than three people who work at Mandriva could probably take a pretty good guess at hervé's address :)
More ever, the bug was quite clear, and yet, people asked in a automated fashion "add lspci -vvv" and "xorg.log". What does it have to do with it ?<br><br>And the bug was closed with "won't fix". I could understand that the bug had no activity, or was being ignored, or that distribution do not have the ressources to clean the mess of upstream tarball, and review every file in every package just in case someone decide to sue, after all, this is just risk mitigation. But well, "won't fix" seems pretty clear.<br><br>On the other hand, I am pretty sure that someone will respond "but the society where you work is not clean either", maybe that does mean that only rms and people outside free software ecology who don't produce software can open such bug report and speak on their blog ? <br><br>I fear that the same reaction to GKH talk will happen "novell attack canonical", see http://www.linux-magazine.com/online/news/kroah_hartman_attacks_canonical, http://boycottnovell.com/2008/09/18/kroah-hartman-ms-vanity/ and others.<br><br>( and hopefully for Ubuntu, no one speak of the rhytmbox/magnatune issue that I spoke on my blog )
The "Won't Fix" status is only on those packages which are no longer in any supported release. That is standard procedure, as those are clearly never going to be updated.
@Pascal<br>Assessing infringement risk is a touchy affair. I believe there are some safe harbor provisions that apply to mirrors who inadvertently infringement which allows them to avoid penalty if they respond to a take down notice in a timely fashion. If that's true that greatly mitigates the risk for an individual mirror maintainer. Without those provisions, it would be very difficult to run a mirror of anything... because you are essentially relying on the originator of that material to not make any mistakes at all.<br><br>Do you know who the copyright holder is on some of that material which is explicitly marked as non-distributable? Are they aware of the situation? If they are serious about the non-distribution clause they should be directly contacting Canonical and the mirrors about pulling the content down. The only people who have authority in this situation are the copyright holders of the works in question. If they are unwilling to take action and protect their own copyrights, then its sort of academic. Academic arguments don't have the teeth to drive policy changes. This will only be important if copyright holders make it important.<br><br>There are counter-examples of Canonical finding ways to work around non-distributable clauses. The way they handle adobe flash would be the..canonical..example. Adobe I believe is serious about its non-distribution clause and Canonical has respected that in the packaging.<br><br>-jef
@Jef<br>Do you mean that when you "borrow" somebody's else work it's okay as long as he doesn't make you to stop using it or sue you? Strange...<br>Aren't their rights in force unless they are enforced? (CC-BY)<br>(nice pun of myself :) <br>Michał
@Micha:<br><br>We can wax poetic all day about what the legal and ethical line is. Canonical has already been told they've crossed the line..several months ago...and it wasn't fixed. There's no argument that Canonical is standing on the ethical high ground here. <br><br>The question is, if pascal is serious about seeing this removed, he's gonna have to find a copyright holder to walk in and demand a take down.<br><br>The only person(s) who has legal standing to demand this stuff get removed is the copyright holder(s) of the non-distributable work. They are the only ones you have the right to enforce their copyrights. Pascal, nor I, nor you can walk in and demand with the force of law to back us that Canonical or the Ubuntu mirrors pull the content down. All we can do is poke Canonical in the eye about the principles of ethical behavior. And as Shuttleworth loves to point out, Canonical likes to balance practicality against principle in how they do things. So with that in mind, Canonical might benefit from a practical demonstration of the consequences of not respecting copyright in the form of a take down notice from a copyright holder. <br><br>Pascal just has to find that copyright holder with the balls to actually enforce that non-redistribute clause. <br><br>-jef<br><br>-jef
@jef<br>I concur.<br>Michał
The gNewSense project aims to fix this and has so far largely succeeded. Unfortunately they only fork LTS releases.<br><br>Otherwise...it's ubuntu minus the blobs.