Re: [Mldonkey-users] GPL compliance, debian package

[MLdonkey]

>  I see a problem with the mldonkey source being GPL but not being fully
>  available.

Really ? :)

I spent two weeks to allow mldonkey to stay at Savannah after that
some mldonkey users complained that mldonkey was not GPL and should
not stay at Savannah (even R.M. Stallman was involved in the debate:).
The result is that mldonkey is still on Savannah, but not the edonkey
plugin anymore ! Now, compiling mldonkey with edonkey support requires
to download the donkey/donkey.lam file from another site (this is done
automatically if you reply yes in the configure script).

>  For mldonkey to be GPL compliant there would have to be a written
>  offer for the source of the secret files good for 3 years or the
>  source included with mldonkey.
>  
>  I got the secret files without a problem after asking for them, so one
>  could consider that 3 year offer required by the gpl as implicit for
>  the secret files. But strictly speaking thats not good enough. There
>  should at least be a file in the cvs stating such an offer for the
>  secret files.

When asking for them, you also agreed not to distribute them too
much. There was some kind of trust in this agreement, that you would
not misuse them to create malicious clients. It is a bit different
from the GPL offer, where you can do whatever you want once you have
the files.

>  For a debian package I think thats not even enough. Debian allways
>  distributes binary and source together and has no 3 year offer. Debian
>  being a non-profit organisation could also forward mldonkeys 3 year
>  offer but firms that sell debian could not.
>  
>  This would be a problem for mldonkey to be in main and thus on Debian
>  CDs, which would be sad.

Yes, clearly, there would be an mldonkey without edonkey support in
the debian main, and another one with edonkey in the non-free part.
  
>  Is it realy worth the trouble to keep the secret files secret? There
>  are enough donkey hacks out there anyway, so its not like releasing
>  those files would make any more people cheat the protocoll.

Well, the problem is that mldonkey already suffers from a bad
reputation on the edonkey network because there are already too many
options that can be configured/customized to improve its performance
to abuse other users. As a consequence, releasing these files would
make the things worse (since more options will become configurable in
the sources), and more servers will probably start kicking mldonkey
clients (and Windows users will kick mldonkey users from their upload
queues too). I don't think there are so many donkey hacks available,
so that keeping these sources unavailable is still a good protection
against most users (not against bright ones of course).

>  If your dead set on keeping the secret files secret I could ask
>  debian-legal for advice how to handle such a package but I would
>  rather keep things simple.

Their reply will probably be the same as the FSF: "no source = proprietary"
I thought about the "3 years offer", but it still allows someone to
distribute these sources once he has a copy. Why not keep mldonkey in
the non-free part of Debian, or simply distribute a .deb file on the
WEB for them (to run mldonkey, you should be able to download
something from a WEB page, otherwise, mldonkey will not be very
useful) ?

I also proposed to the FSF to guaranty the "freedom" of mldonkey, by
keeping a copy of these files in an hidden part of Savannah: this way,
malicious users would not have direct access to these files, but there
would be no way to make mldonkey proprietary, since the FSF could
release the files in this case. They didn't want to hear about that :)

- MLDonkey