Re: [Mldonkey-users] GPL compliance, debian package

[root]

MLdonkey <address@hidden> writes:

> >  I see a problem with the mldonkey source being GPL but not being fully
> >  available.
> 
> Really ? :)
> 
> I spent two weeks to allow mldonkey to stay at Savannah after that
> some mldonkey users complained that mldonkey was not GPL and should
> not stay at Savannah (even R.M. Stallman was involved in the debate:).
> The result is that mldonkey is still on Savannah, but not the edonkey
> plugin anymore ! Now, compiling mldonkey with edonkey support requires
> to download the donkey/donkey.lam file from another site (this is done
> automatically if you reply yes in the configure script).

Exactly. You had to remove the secret files completly.

> >  For mldonkey to be GPL compliant there would have to be a written
> >  offer for the source of the secret files good for 3 years or the
> >  source included with mldonkey.
> >  
> >  I got the secret files without a problem after asking for them, so one
> >  could consider that 3 year offer required by the gpl as implicit for
> >  the secret files. But strictly speaking thats not good enough. There
> >  should at least be a file in the cvs stating such an offer for the
> >  secret files.
> 
> When asking for them, you also agreed not to distribute them too
> much. There was some kind of trust in this agreement, that you would
> not misuse them to create malicious clients. It is a bit different
> from the GPL offer, where you can do whatever you want once you have
> the files.

The files are part of the mldonkey-1.16 binary thats under GPL. They
fall under the GPL or you violated the GPL in the first place.

So I _could_ do whatever I want with them (within the bounds of the
GPL).

> >  For a debian package I think thats not even enough. Debian allways
> >  distributes binary and source together and has no 3 year offer. Debian
> >  being a non-profit organisation could also forward mldonkeys 3 year
> >  offer but firms that sell debian could not.
> >  
> >  This would be a problem for mldonkey to be in main and thus on Debian
> >  CDs, which would be sad.
> 
> Yes, clearly, there would be an mldonkey without edonkey support in
> the debian main, and another one with edonkey in the non-free part.
>   
> >  Is it realy worth the trouble to keep the secret files secret? There
> >  are enough donkey hacks out there anyway, so its not like releasing
> >  those files would make any more people cheat the protocoll.
> 
> Well, the problem is that mldonkey already suffers from a bad
> reputation on the edonkey network because there are already too many
> options that can be configured/customized to improve its performance
> to abuse other users. As a consequence, releasing these files would
> make the things worse (since more options will become configurable in
> the sources), and more servers will probably start kicking mldonkey
> clients (and Windows users will kick mldonkey users from their upload
> queues too). I don't think there are so many donkey hacks available,
> so that keeping these sources unavailable is still a good protection
> against most users (not against bright ones of course).
> 
> >  If your dead set on keeping the secret files secret I could ask
> >  debian-legal for advice how to handle such a package but I would
> >  rather keep things simple.
> 
> Their reply will probably be the same as the FSF: "no source = proprietary"
> I thought about the "3 years offer", but it still allows someone to
> distribute these sources once he has a copy. Why not keep mldonkey in
> the non-free part of Debian, or simply distribute a .deb file on the
> WEB for them (to run mldonkey, you should be able to download
> something from a WEB page, otherwise, mldonkey will not be very
> useful) ?
> 
> I also proposed to the FSF to guaranty the "freedom" of mldonkey, by
> keeping a copy of these files in an hidden part of Savannah: this way,
> malicious users would not have direct access to these files, but there
> would be no way to make mldonkey proprietary, since the FSF could
> release the files in this case. They didn't want to hear about that :)
> 
> - MLDonkey

The problem is that you can't distribute a mldonkey client with donkey
support under GPL. That would make the secret files GPL (as they
are for any released binary) and you realy don't seem to want that.
Since its unlikely that you can get written permission from everyone
that wrote some lines of code for mldonkey you also can't change the
license.

You might not care about it and just distribute a mldonkey with donkey
support but Debian wouldn't risk it. So there would be no donkey
support in Debian.

One way around would be building modules for the different protocols
that can be loaded at runtime or building libraries and providing a
free donkey-dummy library that does basically nothing but sattisfy the
linker and a closed source donkey library based on the donkey.lam
file (like libungif and libgif or libsvgalib-dummy).

I would probably choose the later because its easier to do, but thats
from my experiences with c/c++. How easy is it to load a module with a
given signature at runtime?

Ideas? Comments?

Mfg
        Goswin

PS: I'm assuming you have full copyright over the secret files. No
patches from third persons under GPL in there?