GitHub has posted new Terms of Service (see URL) effective on 2017-02-28. These contain problematic clauses like this paragraph in section D.5: "If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to access your Content through the GitHub Service, and to use, display and perform your Content, and to reproduce your Content solely on GitHub as permitted through GitHub's functionality. You may grant further rights if you adopt a license." Section D.7, waiving attribution requirements, which may conflict with CC-BY-* and other licenses: "To the extent such an agreement is not enforceable by applicable law, you grant GitHub a nonexclusive, revocable, worldwide, royalty-free right to (1) use the Content without attribution strictly as necessary to render the Website and provide the Service; and (2) make reasonable adaptations of the Content as provided in this Section. We need these rights to allow basic functions like search to work." Most problematic may be section D.4, though: "That means you're giving us the right to do things like reproduce your content (so we can do things like copy it to our database and make backups); display it (so we can do things like show it to you and other users); modify it (so our server can do things like parse it into a search index); distribute it (so we can do things like share it with other users); and perform it (in case your content is something like music or video)." Note that this gives GitHub a right to modify the "content". However, there are files in the Gentoo repository (mostly in packages' files/ directories) which come only with a right to distribute, but not to modify them. The most prominent example may be licenses/GPL-2 which itself is distributed under these terms: "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed." So the question is if we are legally permitted to upload a copy of the Gentoo repository to GitHub under their new TOS?
There is a distinction between modifying as to alter the content, versus technical modifications to suit the distribution and storage. I would read the "make reasonable adaptations of the Content as provided in this Section" as a technical modification, and as such not infringing on the rights.
(In reply to Sven Vermeulen from comment #1) > There is a distinction between modifying as to alter the content, versus > technical modifications to suit the distribution and storage. I would read > the "make reasonable adaptations of the Content as provided in this Section" > as a technical modification, and as such not infringing on the rights. That's in D.7. There is no such restriction on modification in section D.4 though.
For a change, the HN actually provided with a useful thread on this: https://news.ycombinator.com/item?id=13766933
(In reply to Ulrich Müller from comment #0) > > So the question is if we are legally permitted to upload a copy of the > Gentoo repository to GitHub under their new TOS? Is Gentoo or its employees actually uploading anything to Github right now? I see a lot of people who contribute to Gentoo also contributing to a Gentoo repository on Github, but I don't think I see much sign of Gentoo or its authorized agents doing so.
(In reply to Richard Freeman from comment #4) > (In reply to Ulrich Müller from comment #0) > > > > So the question is if we are legally permitted to upload a copy of the > > Gentoo repository to GitHub under their new TOS? > > Is Gentoo or its employees actually uploading anything to Github right now? > > I see a lot of people who contribute to Gentoo also contributing to a Gentoo > repository on Github, but I don't think I see much sign of Gentoo or its > authorized agents doing so. Ok, I've since learned that it seems like infra is actually posting directly on Github, so that makes us fairly directly involved. I'm not convinced the sky is falling, but the line of argument I just advanced should be disregarded.
IANAL, but I don't think we need to worry too much. This is currently based on a blogpost by someone without a legal background. I guess one of two things is gonna happen: Either there's a clarification that makes this sound much less scary or github will find out it was a bad idea and will change their tos again after speaking to some lawyers. I find it incredibly unlikely that github wants to implement a change that will make hosting GPL code impossible. Just to put this in perspective: This would effectively mean github could no longer host copies of the git code.
Here is fsf's take on the issue: https://www.fsf.org/blogs/licensing/do-githubs-updated-terms-of-service-conflict-with-copyleft
(In reply to moikkis from comment #7) > Here is fsf's take on the issue: > https://www.fsf.org/blogs/licensing/do-githubs-updated-terms-of-service- > conflict-with-copyleft Again, that covers only one aspect of the problem. The question of ToS section D.4 (which gives GitHub a right to modify), versus files that are distributable but not modifiable remains open. And we definitely have such files in the Gentoo tree.
As per the Foundation meeting of 2017/03/26; we have decided to go with the FSF & Software Freedom Conservancy opinions on the GitHub issue, but we are open to making sure they fit all of our cases. (In reply to Ulrich Müller from comment #8) > The question of ToS section D.4 (which gives GitHub a right to modify), > versus files that are distributable but not modifiable remains open. And we > definitely have such files in the Gentoo tree. Can you list some of the files in repo/gentoo.git which are covered by such a license? Not the distfiles, but the actual files committed to repo/gentoo.git, or one of the other files committed to a repo that is mirrored to GitHub. The distfiles don't matter in this case as they are not on GitHub themselves. At this time, the list of repos automatically mirrored to GitHub are as follows: data/api git@github.com:gentoo/api-gentoo-org.git dev/maksbotan git@github.com:maksbotan/maksbotan_overlay.git proj/devmanual git@github.com:gentoo/devmanual.gentoo.org.git proj/gentoo-bashcomp git@github.com:gentoo/gentoo-bashcomp.git proj/gentoo-mate git@github.com:gentoo/gentoo-mate.git proj/java-config git@github.com:gentoo/java-config.git proj/java-ebuilder git@github.com:gentoo/java-ebuilder.git proj/javatoolkit git@github.com:gentoo/javatoolkit.git proj/kde git@github.com:gentoo/kde.git proj/portage git@github.com:gentoo/portage.git proj/vmware git@github.com:gentoo/vmware.git proj/x11 git@github.com:gentoo/x11.git repo/gentoo git@github.com:gentoo/gentoo.git
(In reply to Robin Johnson from comment #9) > > The question of ToS section D.4 (which gives GitHub a right to modify), > > versus files that are distributable but not modifiable remains open. > > And we definitely have such files in the Gentoo tree. > > Can you list some of the files in repo/gentoo.git which are covered by such > a license? Assuming that patches with a size of more than a few lines share the license of the original package (as they contain some of its code in the context lines), there are hundreds of such files. Here are a few examples of larger patches throughout the tree, along with the non-free license of their package: app-text/mpage/files/01_previous_changes.patch LICENSE="freedist" -> no modification allowed media-gfx/xv/files/xv-3.10a-libpng15-r1.patch LICENSE="xv" -> "modified versions may not be distributed without prior consent of the author" sci-biology/consed/files/consed-29-fix-qa.patch LICENSE="phrap" -> distribution not allowed sci-biology/vaal/files/vaal-46233_remove-namespace-std.patch LICENSE="Whitehead-MIT" -> "YOU agree to forward to M.I.T. any and all Modifications" sci-chemistry/molmol/files/wild.patch LICENSE="molmol" -> very restrictive on distribution of modified versions Also this: licenses/GPL-2 (i.e. the license document itself) "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed."
Can we get an update on our strategy? Especially due to the nature of git, it would be required to rewrite master in order to purge the files ulm listed, correct?
(In reply to Manuel Rüger from comment #11) > Can we get an update on our strategy? > Especially due to the nature of git, it would be required to rewrite master > in order to purge the files ulm listed, correct? I see several problems there: 1. It is not possible to remove license files like GPL-2 from the tree. We are required to distribute them because we distribute other files under their terms. 2. The list in comment 10 is far from being exhaustive, but is what I could find with a quick scan. It is easy to say that all non-free files should be removed, but in practice they first need to be identified, and I don't know how large a task that will be. 3. So far we didn't have any policy that all files in the tree must be under a free software license, but it was enough that everything was distributable (so that the tree can be distributed e.g. via rsync mirrors). Do we even want to change this policy, because a third party has concocted new terms of service?
(In reply to Ulrich Müller from comment #12) > Do we even > want to change this policy, because a third party has concocted new terms of > service? Do we want to lose sleep over a TOS change that no other FOSS organization is losing sleep over, as far as I can tell? If Github doesn't want to follow the license terms that pertain to these files, why not let them do the work of removing them? We aren't violating any license terms by uploading them to Github. At worst Github might violate them if they subsequently modify them. Sure, we can have an academic argument over that, but I don't see how it actually impacts us. Gentoo isn't modifying anything.
/trustee hat on At the current time I do not believe we need to take any action.
I don't not believe the foundation plans to do any more work on this bug, so I'm resolving it.
