LICENSE says "GPL-2", but the WHENCE file included with the tarball lists several others, including some problematic ones like "unknown" or "all rights reserved". Should we try to make a complete list, or would a catch-all like "GPL-2 freedist" suffice?
I've added freedist for the moment, along with GPL, BSD, GPL-3, since that's a minimal covering set based on WHENCE. We could add more licenses if we wanted, but the LICENSES string for that package is going to get extremely long, and we'd be adding at least 20 different licenses to the tree.
As an idea, maybe we just install WHENCE and LICEN[CS]E.* files ourselves?
What about if there was a @WHENCE group which the user could add? Or could the @WHENCE as a group be used in the ebuild's LICENSES string? Apart from being a lot of work, would there be anything else bad about getting all the licenses from WHENCE into the ebuild?
*** Bug 345869 has been marked as a duplicate of this bug. ***
I confirm this fact, that's why debian marks the package a non-free.
(In reply to comment #2) > As an idea, maybe we just install WHENCE and LICEN[CS]E.* files ourselves? Coming back to this. I believe that this is the only practicable solution. We'd have to add a version to the WHENCE file though, since it changes all the time. For example, it could be installed as licenses/linux-firmware-<version>. We have most of the LICEN[CS]E.* files already: LICENCE.agere = BSD LICENCE.atheros_firmware = ipw3945 / ralink-firmware LICENCE.broadcom_bcm43xx = Broadcom (some differences) LICENSE.dib0700 = as-is LICENCE.i2400m = ipw3945 / ralink-firmware (some differences) LICENCE.iwlwifi_firmware = ipw3945 / ralink-firmware LICENCE.libertas = ipw3945 / ralink-firmware LICENCE.mwl8k = ipw3945 / ralink-firmware LICENCE.phanfw LICENCE.qla2xxx = qlogic-fibre-channel-firmware LICENSE.radeon_rlc = radeon-ucode LICENCE.ralink-firmware.txt = ipw3945 / ralink-firmware LICENCE.rtlwifi_firmware.txt = ipw3945 / ralink-firmware LICENCE.ti-connectivity LICENCE.ueagle-atm4-firmware = BSD LICENCE.xc5000 = as-is
I see no progress here, so I'm inclined to go for a pragmatic solution. What would you think about adding a file licenses/linux-firmware with the following wording? Gentoo license note: Linux firmware images are distributed under a variety of licenses, some of them being non-free. According to upstream, all of them should be redistributable. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms.
(In reply to comment #7) > According to upstream, all of them should be redistributable. Strike this out, it doesn't apply to all firmware images.
Created attachment 349446 [details] Attempt to classify licenses in WHENCE Here's my e-mail message on the subject from February, for reference.
(In reply to Ulrich Müller from comment #8) > (In reply to comment #7) > > According to upstream, all of them should be redistributable. > > Strike this out, it doesn't apply to all firmware images. In which case, why is there no mirror RESTRICT?
(In reply to Kristian Fiskerstrand from comment #10) > (In reply to Ulrich Müller from comment #8) > > (In reply to comment #7) > > > According to upstream, all of them should be redistributable. > > > > Strike this out, it doesn't apply to all firmware images. > > In which case, why is there no mirror RESTRICT? Seems it is possible to mitigate this to some extent by using a pseudo-license in a non-free group. e.g a "linux-firmware-licenses": "this package contains a number of binary blobs under licenses, please consider the ramifications yourself based on the license files in the tarball and information from upstream"
(In reply to Kristian Fiskerstrand from comment #10) > (In reply to Ulrich Müller from comment #8) > > (In reply to comment #7) > > > According to upstream, all of them should be redistributable. > > > > Strike this out, it doesn't apply to all firmware images. > > In which case, why is there no mirror RESTRICT? What is the point of a mirror restriction? Or a fetch restriction? There are two types of ebuilds for linux-firmware, git, and snapshot. The git tree had been broken for months last I checked (it is working now), so the 99999999 ebuild may be broken for months at a time. The snapshot ebuilds are just one of us grabbing the git repo and making a tarball as some $DATE. We make and host the tarball, so a mirror restriction or fetch restriction makes no sense since we are already hosting it and it's going to come from us anyway. Personally, every major linux distribution redistributes this software, the git tree is/was hosted by the linux kernel team, and there is a *requirement* that any firmware in the linux-firmware repo must allow redistribution: https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/README I say it's fine, and I am not a lawyer.
(In reply to Rick Farina (Zero_Chaos) from comment #12) > We make and host the tarball, so a mirror restriction or fetch restriction > makes no sense since we are already hosting it and it's going to come from > us anyway. *If* our conclusion was that this is not distributable, then we could neither mirror it nor host it. > [...] there is a *requirement* that any firmware in the linux-firmware repo > must allow redistribution: > https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/ > tree/README That may be valid for new entries, but unfortunately it is not true for the existing ones. See my audit in attachment #349446 [details]. Three years ago almost one third of the blobs was not redistributable. It is enough to look at the very first two entries in WHENCE (in the linux-firmware-20160628 tarball) to confirm that the problem still exists. They say "Licence: Allegedly GPLv2+, but no source visible" and "Licence: Unknown", respectively.
(In reply to Ulrich Müller from comment #7) > I see no progress here, so I'm inclined to go for a pragmatic solution. What > would you think about adding a file licenses/linux-firmware with the > following wording? Updated wording: Gentoo license note: Linux firmware images are distributed under a variety of licenses, many of them being non-free. Most likely, some of the images are not redistributable. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms. CCing trustees. I shall commit the above on 2016-11-21, unless you tell me differently.
(In reply to Ulrich Müller from comment #14) > CCing trustees. I shall commit the above on 2016-11-21, unless you tell me > differently. I've missed that date, and since it's several months ago, here's another heads up. I am going to commit the above on sunday. (And obviously, ebuilds will be mirror and bindist restricted.)
As discussed by the Trustees in their meeting yesterday, I have added a linux-firmware license note with text as follows: Gentoo license note: Linux firmware images are distributed under a variety of licenses, many of them being non-free. Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms. All ebuilds of sys-kernel/linux-firmware updated (the "()" grouping is for better readability only; it is redundant for ACCEPT_LICENSE): LICENSE="linux-firmware ( BSD ISC MIT no-source-code ) GPL-2 GPL-2+ freedist" I am leaving this bug open because it still is an issue that should be taken care of upstream.
(In reply to Ulrich Müller from comment #16) > LICENSE="linux-firmware ( BSD ISC MIT no-source-code ) GPL-2 GPL-2+ freedist" I wonder if we shouldn't simplify that. We had originally added "freedist" as a catch-all. However, that doesn't provide any additional information, since we have the more specific "linux-firmware" in place now.
(In reply to Ulrich Müller from comment #17) > (In reply to Ulrich Müller from comment #16) > > LICENSE="linux-firmware ( BSD ISC MIT no-source-code ) GPL-2 GPL-2+ freedist" > > I wonder if we shouldn't simplify that. We had originally added "freedist" > as a catch-all. However, that doesn't provide any additional information, > since we have the more specific "linux-firmware" in place now. Seems reasonable to me to only keep linux-firmware in this case.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c35fd08ac1d901f3eade42b0c609c69c1a63cc72 commit c35fd08ac1d901f3eade42b0c609c69c1a63cc72 Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2019-02-23 11:22:38 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2019-02-23 11:24:41 +0000 sys-kernel/linux-firmware: Drop freedist from LICENSE. "freedist" was originally added as a catch-all. With the more specific "linux-firmware" in place, it doesn't provide any additional information. Bug: https://bugs.gentoo.org/318841 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Ulrich Müller <ulm@gentoo.org> sys-kernel/linux-firmware/linux-firmware-20181026.ebuild | 4 ++-- sys-kernel/linux-firmware/linux-firmware-20181216.ebuild | 4 ++-- sys-kernel/linux-firmware/linux-firmware-20181218.ebuild | 2 +- sys-kernel/linux-firmware/linux-firmware-20190114.ebuild | 2 +- sys-kernel/linux-firmware/linux-firmware-20190118.ebuild | 2 +- sys-kernel/linux-firmware/linux-firmware-20190213.ebuild | 2 +- sys-kernel/linux-firmware/linux-firmware-20190221.ebuild | 2 +- sys-kernel/linux-firmware/linux-firmware-99999999.ebuild | 4 ++-- 8 files changed, 11 insertions(+), 11 deletions(-)
Created attachment 576772 [details] Classify licenses in WHENCE, as of 20190514 In a long discussion in #gentoo-council yesterday (including dilfridge, robbat2, ulm, Whissi, Zero_Chaos) we came up with the following solution, which I am trying to summarise: 1. Two USE flags "redistributable" and "unknown-license" will be added to sys-kernel/linux-firmware, controlling installation of non-free files. 2. The ebuild will have a default of IUSE="+redistributable unknown-license", in order to provide a useful default for the vast majority of users. For example, most wireless cards will require non-free/non-libre firmware. 3.a. USE="-redistributable" will only install files with a license in the @FREE set. (The USE="-redistributable unknown-license" setting wasn't seen as useful, so the unknown-license flag can be ignored if redistributable is not set.) 3.b. USE="redistributable -unknown-license" (the default) will additionally install files with a license in @BINARY-REDISTRIBUTABLE. 3.c. USE="redistributable unknown-license" will install all files. 4. A restriction "unknown-license? ( bindist )" will be added to the ebuild. 5. The "unknown-license" flag will be package.use.masked (or use.masked) in profiles, to prevent accidental installation of these components. 6. Mirror restriction of the distfile was not seen as necessary, for the time being. Attached is an updated classification of licenses in the WHENCE file, using the following three categories: (F) free software (in @FREE) (R) redistributable (in @BINARY-REDISTRIBUTABLE but not in @FREE) (X) unknown license (not in @BINARY-REDISTRIBUTABLE) Disclaimer: IANAL, TINLA.
Also, LICENSE to the ebuild should be updated: LICENSE="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 ) redistributable? ( linux-firmware ( BSD-2 BSD BSD-4 ISC MIT no-source-code ) ) unknown-license? ( all-rights-reserved )" I suggest to reuse the "linux-firmware" license label for the redistributable images, and update its wording to something similar to what I had in comment #7: Gentoo license note: Linux firmware images are distributed under a variety of licenses, many of them being non-free. However, all images whose license is subsumed under this "linux-firmware" license label should at least be redistributable. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms. Then the linux-firmware license would cover only redistributable images, so we could finally add it to the BINARY-REDISTRIBUTABLE group.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cb09513b11ad9721b4173bcaf9d0a8f9fee4d8d commit 7cb09513b11ad9721b4173bcaf9d0a8f9fee4d8d Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2019-05-16 02:18:49 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2019-05-16 02:18:49 +0000 licenses: Add linux-fw-redistributable. New license label that will cover redistributable firmware images in the sys-kernel/linux-firmware package. Bug: https://bugs.gentoo.org/318841 Signed-off-by: Ulrich Müller <ulm@gentoo.org> licenses/linux-fw-redistributable | 7 +++++++ profiles/license_groups | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-)
(In reply to Ulrich Müller from comment #21) > LICENSE="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 ) > redistributable? ( > linux-firmware ( BSD-2 BSD BSD-4 ISC MIT no-source-code ) > ) > unknown-license? ( all-rights-reserved )" I've committed it as "linux-fw-redistributable" rather than re-using the old "linux-firmware" license label, because its meaning has changed.
Created attachment 577144 [details] Classify licenses in WHENCE, as of 20190514 I've found one mistake in my classification. Updated list attached.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11aacf6aaea54788f624f6d1a610b58587fb0dcd commit 11aacf6aaea54788f624f6d1a610b58587fb0dcd Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2019-05-18 17:22:29 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2019-05-18 19:12:08 +0000 profiles: package.use.mask unknown-license for linux-firmware. Bug: https://bugs.gentoo.org/318841#c20 Signed-off-by: Ulrich Müller <ulm@gentoo.org> profiles/base/package.use.mask | 8 ++++++++ 1 file changed, 8 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=636d119a26c187ffd64d0611e3245be29e85dcb9 commit 636d119a26c187ffd64d0611e3245be29e85dcb9 Author: Ulrich Müller <ulm@gentoo.org> AuthorDate: 2019-05-18 17:20:41 +0000 Commit: Ulrich Müller <ulm@gentoo.org> CommitDate: 2019-05-18 19:12:08 +0000 sys-kernel/linux-firmware: New snapshot, add USE flags. Introduce two USE flags: "redistributable": Install all firmware files whose license will at least allow redistribution. (So, USE="-redistributable" will install only files that are free software.) This is enabled by an IUSE default. "unknown-license": In addition, install firmware files with an unknown license according to upstream's WHENCE file. In savedconfig code, call rm only once, instead of executing it for each file. EAPI bumped to 7. Added without KEYWORDS for testing. Bug: https://bugs.gentoo.org/318841#c20 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Ulrich Müller <ulm@gentoo.org> sys-kernel/linux-firmware/Manifest | 1 + .../linux-firmware/linux-firmware-20190514.ebuild | 291 +++++++++++++++++++++ sys-kernel/linux-firmware/metadata.xml | 4 + 3 files changed, 296 insertions(+)
*** Bug 616076 has been marked as a duplicate of this bug. ***
With linux-firware-20190514 being stable, I believe we can finally close this.
