php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57946 incorrect/incomplete license in package.xml
Submitted: 2007-12-03 03:36 UTC Modified: 2007-12-03 18:08 UTC
From: jakub at gentoo dot org Assigned:
Status: Not a bug Package: rar (PECL)
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jakub at gentoo dot org
New email:
PHP Version: OS:

 

 [2007-12-03 03:36 UTC] jakub at gentoo dot org
Description:
------------
Since Bug #12587 was completely misunderstood and it's impossible to reopen it for whatever reason...

package.xml states that this package is licensed under PHP license, however the bundled unrar has it's own license (see unrar/LICENSE.txt).

@tony2001 - I guess you misunderstood the purpose of the bug? The whole point is to state ALL licenses relevant to the package in the license tag, so that downstream packagers and users do not have to manually wade thru the whole code to find out important licensing info.

Thanks.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-03 03:40 UTC] tony at daylessday dot org
What's the problem with the UnRAR license? *It's freeware*.
If you're going to re-create a Rar/Winrar, I'm sure you'll have to take a look at the sources, otherwise I can't see why this should bother you.
 [2007-12-03 07:45 UTC] jakub at example dot com
I do NOT have any issue with unrar license. What I'm requesting here is that <license> tag provides an *accurate* and *complete* licensing information, that's the whole purpose of this tag, after all.

P.S. I *do* have tremendous issues with this bugtracker, which insists on some password which I didn't set for the bug, even though I'm logged on, and when trying to recover the password, it tells me that none exists. :(
 [2007-12-03 07:53 UTC] tony at daylessday dot org
>What I'm requesting here is that <license> tag provides an 
>*accurate* and *complete* licensing information

Which is ..?

No idea about the bugtracker, sorry.
 [2007-12-03 07:57 UTC] jakub at example dot com
Which is obviously to state BOTH licenses there, not just PHP license. Heck you can even link to the license within the package using the filesource attribute.
 [2007-12-03 08:08 UTC] tony at daylessday dot org
>Which is obviously to state BOTH licenses there, not just PHP license.

Why?
I don't see how UnRar license matters here.
It's almost "public domain" with the only clause, which does not affect PHP users in any way.
 [2007-12-03 08:13 UTC] jakub at example dot com
Well because you are actually *using* their code to make this compile and work, so both licenses apply here, and not just PHP one? So you cannot distribute the resulting binary package under PHP license *only*, because it includes code that's licensed in a different way, e.g.

Sounds pretty obvious? *confused*
 [2007-12-03 08:23 UTC] tony at daylessday dot org
Honestly saying, I don't quite see why this kind of stuff should be squeezed into the <license> tag.
There is limited set of licenses which might be used there and I don't think specifying something like "The extension itself is PHP licensed, but if you're going to re-create a Winrar, please don't because UnRar license prohibits this" would work.
Hence the current choice - "PHP License".
 [2007-12-03 15:03 UTC] jakub at example dot com
Care to explain how's the set limited? Anyway, from legal POV, the current license info is plain wrong, end of story. I'm tired of debating this obvious issue here. You simply can't take a code from another project which is licensed under a different license and claim that the license doesn't matter and everything is fine when you 'relicense' it.
 [2007-12-03 15:15 UTC] tony at daylessday dot org
All you've told is that "PHP License" is wrong.
Care to propose something better?
 [2007-12-03 15:24 UTC] jakub at example dot com
I don't know whether you are really serious or if this whole debate is some sort of joke...

$ grep LICENSE pecl-rar-0.3.1.ebuild 
LICENSE="PHP-3 unRAR"

You ship those licenses w/ the tarball and can link to them using the filesource atrribute. Does this bug really need to continue in this way?
 [2007-12-03 16:49 UTC] tony at daylessday dot org
>LICENSE="PHP-3 unRAR"

One package. Two licenses?
This makes no sense for me, sorry.
 [2007-12-03 17:03 UTC] jakub at example dot com
Well, then this is a lost cause; yeah one package has two licenses, it can easily have 5 licenses or more. Either they are compatible and then there's no problem, or they are not compatible and then you need to get some of the code relicensed so that they become compatible, or rewrite that code from scratch. 

What you definitely cannot legally do is to silently 'relicense' other people's code and distribute it, hoping that noone will notice and pretending that the other license doesn't exist.
 [2007-12-03 17:11 UTC] tony at daylessday dot org
Silently relicensing? 
So BIG FAT WARNING in the sources is "silently relicensing"?
If you have any problems with including this extension into Gentoo distribution because of this "silent relicensing" I suggest you not to include it.
Thank you.
 [2007-12-03 17:15 UTC] jakub at example dot com
Sigh. I don't have any problem. *You* have a problem because you claim that your code is PHP-licensed while it's clearly not the case because you are using third-party code with a different license to make the thing compile and work. Hence, both licenses apply at the same time, which is completely obvious matter of fact.

May I suggest that someone more competent could have a look at this issue, because your legal 'awareness' is simply something incredible.
 [2007-12-03 17:43 UTC] jakub at example dot com
I'd suggest that you read the following links, unbogus and forward this bug to someone who is actually willing to deal with legitimate issues:

https://bugzilla.redhat.com/show_bug.cgi?id=334371
http://www.nabble.com/License-violation-in-unrar-code-t4655232.html
 [2007-12-03 18:08 UTC] tony at daylessday dot org
---
2. The unRAR sources may be used in any software to handle RAR archives without limitations free of charge, but cannot be used to re-create the RAR compression algorithm, which is proprietary.
Distribution of modified unRAR sources in separate form or as a part of other software is permitted, provided that it is clearly stated in the documentation and source comments that the code may not be used to develop a RAR (WinRAR) compatible archiver.
---

Both source file and the documentation follow the unRAR license and clearly state that re-creating a RAR writer is prohibited.

PECL, PECL/rar and PHP have nothing to do with GPL stuff and the links you mentioned.
 [2007-12-03 18:35 UTC] jakub at example dot com
I'd suggest that you read the initial comment on this bug once again. Otherwise, I might suggest that you drop the <license> tag altogether. When it contains incomplete/misleading/bogus info and noone's interested in fixing it (which would be a matter of minutes) and instead prefers to produce similar tirades and spends a whole day showing his complete ignorance of the underlying issue - then the whole metadata information gets plain useless.

So, to re-iterate:

- package.xml has incorrect licensing info; 
- http://pecl.php.net/package/rar has incorrect licensing info as well. 

Instead of fixing this, you go and tell people that the other license doesn't matter, that having two licenses for one package doesn't make any sense, that they should wade thru the source code in case they care for licenses etc. 

Apparently, making information easily available would make too much sense. Yay!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 22:01:26 2024 UTC