Created attachment 825771 [details, diff] chromium-traveller.diff Another Gentoo derivative has appeared, with development happening at fortressos.org. They've forked Portage, the kernel, and started their own ebuild repositories. I'd like to call attention to a particular package they're carrying, 'traveller' (formerly 'highway'). Their traveller-0.0.0.1 ebuild (https://git.fortressos.org/fortress/fortress/src/commit/55158d9c07962dda190364a7319d3c06d171884b/www-client/traveller/traveller-0.0.0.1.ebuild) appears to be a derivative of gentoo.git's chromium-106.0.5249.119 (https://github.com/gentoo/gentoo/blob/dbd2882396b4fd98bec8809d7069bed59eb7aa4c/www-client/chromium/chromium-106.0.5249.119.ebuild). Importantly, it lacks any attribution to Gentoo as the original authors of the ebuild. --- chromium-106.0.5249.119.ebuild 2022-10-27 20:42:05.682217208 -0500 +++ traveller-0.0.0.1.ebuild 2022-10-27 20:39:38.394499435 -0500 @@ -1,6 +1,3 @@ -# Copyright 2009-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - EAPI=8 PYTHON_COMPAT=( python3_{8..11} ) PYTHON_REQ_USE="xml(+)" The only thing resembling a license for these ebuilds, that I can find, is in the README of the "fortress" repository (https://git.fortressos.org/fortress/fortress/src/commit/55158d9c07962dda190364a7319d3c06d171884b/README.md), "All packages have their own licenses.". A complete diff of the two ebuilds is attached. It's only 284 lines, very small to not be a derivative of chromium-106.0.5249.119.ebuild, which is 1195 lines. I haven't audited everything, but this in particular seems problematic.
Looking at the code, there cannot be any doubt that traveller-0.0.0.1.ebuild is a derived work of chromium-106.0.5249.119.ebuild. GPL-2 section 1 says "... conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty". Also section 4: "You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License." Reassigning to trustees.
Here's the FortressOS founder: https://inferencium.net/ They also seem to be concern with other people's trademarks https://github.com/ungoogled-software/ungoogled-chromium/issues/2091 Their DNS also provides an email via the SOA: inferenceus@proton.me
(In reply to Robin Johnson from comment #2) Sorry for being off-topic, but their discussion about "undoxxed devs" nicely illustrates why allowing anonymous or pseudonymous contributions to a project is a bad idea. We should think again whether we want that GLEP 76 change.
(In reply to Robin Johnson from comment #2) > Here's the FortressOS founder: > https://inferencium.net/ > > They also seem to be concern with other people's trademarks > https://github.com/ungoogled-software/ungoogled-chromium/issues/2091 The person who filed the bug is the FortressOS founder, not the person who made the flippant remarks, right?
Unrestricting for wider review.
I filed https://git.fortressos.org/fortress/fortress/issues/1 -A
(In reply to Alec Warner from comment #6) > I filed https://git.fortressos.org/fortress/fortress/issues/1 > > -A They resolved the issue for the traveller ebuild after I requested they re-add the headers. I'm going to resolve this unless there is something left. -A