FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Packaging

 
 
LinkBack Thread Tools
 
Old 09-30-2012, 08:56 PM
Matthew Miller
 
Default mp3 source (but not compiled) in squeak package

I'm sure I've seen discussion of this before, but I can't find it in the
mailing list, and
https://fedoraproject.org/wiki/Forbidden_items?rd=ForbiddenItems#MP3_Support
doesn't spell it out.

The Squeak VM package in Fedora includes the upstream source code for MP3
support, but disables actually building it. Is that okay, or does the
tarball need to be sanitized?



--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 12:32 AM
Michael Schwendt
 
Default mp3 source (but not compiled) in squeak package

On Sun, 30 Sep 2012 16:56:21 -0400, Matthew Miller wrote:

> I'm sure I've seen discussion of this before, but I can't find it in the
> mailing list, and
> https://fedoraproject.org/wiki/Forbidden_items?rd=ForbiddenItems#MP3_Support
> doesn't spell it out.
>
> The Squeak VM package in Fedora includes the upstream source code for MP3
> support, but disables actually building it. Is that okay, or does the
> tarball need to be sanitized?

https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohibited_ Code
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 02:20 AM
Matthew Miller
 
Default mp3 source (but not compiled) in squeak package

On Mon, Oct 01, 2012 at 02:32:26AM +0200, Michael Schwendt wrote:
> > The Squeak VM package in Fedora includes the upstream source code for MP3
> > support, but disables actually building it. Is that okay, or does the
> > tarball need to be sanitized?
> https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohibited_ Code

Right, I saw that, but it's not clear if MP3 falls under "not allowed to
ship even as source code". If that's the case, shouldn't we just say so?

This: https://bugzilla.redhat.com/show_bug.cgi?id=247983 brings up a number
of issues. But here, https://bugzilla.redhat.com/show_bug.cgi?id=481056#c5,
Gavin notes that the licensing issues have been resolved. I hadn't looked at
this deeply initially -- I'm just trying to get Scratch to work -- but now I
wonder if it needs a second check. (For example, I see that the GPLv2+
code is still there.)

(There *is* now a Debian package, by the way, and it looks like they've done
some investigation:
http://packages.debian.org/changelogs/pool/main/s/squeak-vm/squeak-vm_4.4.7.2357-1.1/squeak-vm.copyright
)



--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 02:22 AM
Matthew Miller
 
Default mp3 source (but not compiled) in squeak package

On Sun, Sep 30, 2012 at 10:20:15PM -0400, Matthew Miller wrote:
> > > The Squeak VM package in Fedora includes the upstream source code for MP3
> > > support, but disables actually building it. Is that okay, or does the
> > > tarball need to be sanitized?
> > https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohibited_ Code
> Right, I saw that, but it's not clear if MP3 falls under "not allowed to
> ship even as source code". If that's the case, shouldn't we just say so?

Oh, cool -- just got a message from upstream noting that there is an
mp3-free source tarball at

http://squeakvm.org/unix/release/Squeak-4.10.2.2614-src-no-mp3.tar.gz

which at least resolves that issue.


--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 11:20 AM
Michael Schwendt
 
Default mp3 source (but not compiled) in squeak package

On Sun, 30 Sep 2012 22:20:15 -0400, Matthew Miller wrote:

> > > The Squeak VM package in Fedora includes the upstream source code for MP3
> > > support, but disables actually building it. Is that okay, or does the
> > > tarball need to be sanitized?
> > https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohibited_ Code
>
> Right, I saw that, but it's not clear if MP3 falls under "not allowed to
> ship even as source code". If that's the case, shouldn't we just say so?

Then you would need to explain what you're thinking.
You've pointed at

https://fedoraproject.org/wiki/Forbidden_items?rd=ForbiddenItems#MP3_Support

| MP3 encoding and decoding support is not included in any Fedora
| application because MP3 is heavily patented in several regions
| including the United States. The patent holder is unwilling to give an
| unrestricted patent grant, as required by the GPL. [...]

and in turn I've pointed at

https://fedoraproject.org/wiki/Packaging:SourceURL#When_Upstream_uses_Prohibited_ Code

| Some upstream packages include patents or trademarks that we are not
| allowed to ship even as source code. In these cases you have to modify
| the source tarball to remove this code before you even upload it to
| the build system. [...]

so all you ask for is to be even more explicit in connecting these two?

--
Fedora release 17 (Beefy Miracle) - Linux 3.5.4-2.fc17.x86_64
loadavg: 0.35 0.29 0.25
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 12:58 PM
Matthew Miller
 
Default mp3 source (but not compiled) in squeak package

On Mon, Oct 01, 2012 at 01:20:47PM +0200, Michael Schwendt wrote:
> > Right, I saw that, but it's not clear if MP3 falls under "not allowed to
> > ship even as source code". If that's the case, shouldn't we just say so?
> Then you would need to explain what you're thinking.

If a package includes MP3 source code but does not enable it, that literally
complies with "MP3 encoding and decoding support is not included in any
Fedora application", which is the directive in the Forbidden Items section.

It's my understanding that at least one open source MP3 implementation
operates under this theory. The question is whether that's actually good
enough, or whether MP3 actually falls under "patents or trademarks that we
are not allowed to ship even as source code".

Following the logic of the-exception-proves-the-rule, that last statement
implies that *is* source code which includes patents which we *are* able to
ship in that form. Again, is MP3 included?

My impression had been that it is not, and that we always patch it out, but
then I came across this reviewed, accepted package which has been in Fedora
for three and a half years, so I wanted to check if that was a mistake or if
my attitude had been over-zealous.


--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 05:31 PM
Michael Schwendt
 
Default mp3 source (but not compiled) in squeak package

On Mon, 1 Oct 2012 08:58:38 -0400, Matthew Miller wrote:

> > > Right, I saw that, but it's not clear if MP3 falls under "not allowed to
> > > ship even as source code". If that's the case, shouldn't we just say so?
> > Then you would need to explain what you're thinking.
>
> If a package includes MP3 source code but does not enable it, that literally
> complies with "MP3 encoding and decoding support is not included in any
> Fedora application", which is the directive in the Forbidden Items section.
>
> It's my understanding that at least one open source MP3 implementation
> operates under this theory. The question is whether that's actually good
> enough, or whether MP3 actually falls under "patents or trademarks that we
> are not allowed to ship even as source code".

The MP3 codec is patented => we must not ship it at all => not even as
source code.

> Following the logic of the-exception-proves-the-rule, that last statement
> implies that *is* source code which includes patents which we *are* able to
> ship in that form. Again, is MP3 included?

Same as above.

> My impression had been that it is not, and that we always patch it out, but
> then I came across this reviewed, accepted package which has been in Fedora
> for three and a half years, so I wanted to check if that was a mistake or if
> my attitude had been over-zealous.

Doing reviews isn't easy.

--
Fedora release 17 (Beefy Miracle) - Linux 3.5.4-2.fc17.x86_64
loadavg: 0.08 0.18 0.21
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 06:07 PM
Matthew Miller
 
Default mp3 source (but not compiled) in squeak package

On Mon, Oct 01, 2012 at 07:31:39PM +0200, Michael Schwendt wrote:
> > It's my understanding that at least one open source MP3 implementation
> > operates under this theory. The question is whether that's actually good
> > enough, or whether MP3 actually falls under "patents or trademarks that we
> > are not allowed to ship even as source code".
> The MP3 codec is patented => we must not ship it at all => not even as
> source code.
> > Following the logic of the-exception-proves-the-rule, that last statement
> > implies that *is* source code which includes patents which we *are* able to
> > ship in that form. Again, is MP3 included?
> Same as above.

I'm really not trying to be difficult. I think one can reasonably see how
what you're saying doesn't necessarily follow from what's written. The
section on MP3 should be changed to make this more clear, to make things
easier for both packagers and reviewers.


> > but then I came across this reviewed, accepted package which has been in
> > Fedora for three and a half years, so I wanted to check if that was a
> > mistake or if my attitude had been over-zealous.
> Doing reviews isn't easy.

I didn't mean to imply that it was, or either ineptitude or maliciousness.
Just lack of clarity.


--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 06:24 PM
Matthew Miller
 
Default mp3 source (but not compiled) in squeak package

On Mon, Oct 01, 2012 at 01:12:00PM -0500, Jon Ciesla wrote:
> How about filing a Trac for the FPC with clarified wording for one or
> both sections?

https://fedorahosted.org/fpc/ticket/214

--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 10-01-2012, 06:25 PM
Michael Schwendt
 
Default mp3 source (but not compiled) in squeak package

On Mon, 1 Oct 2012 14:07:07 -0400, Matthew Miller wrote:

> I'm really not trying to be difficult. I think one can reasonably see how
> what you're saying doesn't necessarily follow from what's written. The
> section on MP3 should be changed to make this more clear, to make things
> easier for both packagers and reviewers.

Well, I even quoted it for you.

[...] MP3 is heavily patented [...] Some upstream packages include patents
or trademarks that we are not allowed to ship even as source code. [...]

IMO, it's leading nowhere if you're reading inbetween the lines. I fail
to see why we would ship something "heavily patented".

> > > but then I came across this reviewed, accepted package which has been in
> > > Fedora for three and a half years, so I wanted to check if that was a
> > > mistake or if my attitude had been over-zealous.
> > Doing reviews isn't easy.
>
> I didn't mean to imply that it was, or either ineptitude or maliciousness.
> Just lack of clarity.

Would that help? One reviewer would skim over the contents of a large
source code archive, another would not. One reviewer would miss a
subfolder deep in the tree even with "MP3" in its name, another one
would notice it but not realize that it's an implementation of a codec
and not just some frame/ID3 parsing or similar. More fun you'd get if
it the source contains problematic code other than MP3.

--
Fedora release 17 (Beefy Miracle) - Linux 3.5.4-2.fc17.x86_64
loadavg: 0.33 0.20 0.20
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 

Thread Tools




All times are GMT. The time now is 02:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org