Hi, games-rpg/zsdx and games-engines/solarus ebuilds state that those packages are under GPLv3 but there are proprietary content in the archives. Data are licenced by Nintendo (see https://github.com/christopho/zsdx/blob/master/license.txt#L80 for the list). Gentoo package should not include proprietary data. Regards, slash
> Gentoo package should not include proprietary data. I don't understand this statement. However, I think this should be mirror-restricted.
Does upstream have Nintendo's permission to redistribute their content?
(In reply to Ulrich Müller from comment #2) > Does upstream have Nintendo's permission to redistribute their content? No. Usually, Nintendo sends a lawyer when fan projects become too big / too famous. Lots of Zelda-like games have been closed, but this one is still there without any problem. I asked upstream (on their website, not on github to split packages with a clear licence.
(In reply to Julian Ospald (hasufell) from comment #1) > > Gentoo package should not include proprietary data. > > I don't understand this statement. > > However, I think this should be mirror-restricted. Well, sorry for my english. I wanted to say that Gentoo ebuild should restrict the download due to problematic licence.
I've just discussed with christopho (the main developper of solarus, zsdx, zsxd) ; - there is no problem with Solarus (the game engine) - there are licensing problems with the games using solarus (zsdx et zsxd) : about 80% of data are owned by Nintendo
@ulm ...so, mirror or fetch restriction?
(In reply to Julian Ospald (hasufell) from comment #6) > @ulm ...so, mirror or fetch restriction? The problem is that there is no license. Even "all-rights-reserved" cannot be used if upstream has no permission to distribute the files. What would you write in the pkg_nofetch message? That downloading is illegal? That would make it obvious that we are aware of the problem but ignoring it. (Or, to say it in more drastic words, that we endorse the use of pirated software.) Looks like an invitation for Nintendo to sue us.
(In reply to Ulrich Müller from comment #7) > (In reply to Julian Ospald (hasufell) from comment #6185) > > @ulm ...so, mirror or fetch restriction? > > The problem is that there is no license. Even "all-rights-reserved" cannot > be used if upstream has no permission to distribute the files. > > What would you write in the pkg_nofetch message? That downloading is > illegal? That would make it obvious that we are aware of the problem but > ignoring it. (Or, to say it in more drastic words, that we endorse the use > of pirated software.) Looks like an invitation for Nintendo to sue us. It is not clear whether downloading is illegal. I don't see why it is our problem if upstream has the right to redistribute it or not. We don't. I don't see how posting links alone can be illegal. Please elaborate.
Time to escalate to trustees. @Trustees: We had an issue very similar to this one in 2013, but there wasn't any decision because the package has been removed before for other reasons. So I repeat the questions from my e-mail message of 2013-05-13: It is clear that we can have packages with non-redistributable distfiles (e.g. LICENSE="all-rights-reserved") _if_ these distfiles are hosted by their copyright owner. It is enough if we mirror restrict (or fetch restrict, in some cases) these packages, and there are many such examples in the Portage tree. What is not at all clear to me is the following, and here is where a decision by the trustees may be needed: 1. Can we have packages with a non-redistributable distfile, where that distfile is hosted at a third-party site (i.e. _not_ by the copyright holder, but by someone who doesn't himself have the right to distribute said file)? In short, it's "packages with pirated distfiles", but maybe this is too provocative. 2. If yes, can the SRC_URI of our ebuild point to such a third-party site? Alternatively, with fetch restriction, can a message output in pkg_nofetch point to it?
(In reply to Julian Ospald (hasufell) from comment #8) > It is not clear whether downloading is illegal. I agree, it is not clear at all. Presumably, it depends on the legislation of your country. IANAL.
(In reply to Ulrich Müller from comment #9) > 1. Can we have packages with a non-redistributable distfile, where that > distfile is hosted at a third-party site (i.e. _not_ by the copyright > holder, but by someone who doesn't himself have the right to distribute > said file)? In short, it's "packages with pirated distfiles", but maybe > this is too provocative. How would we know whether they have the rights to distribute those files or not? We have chrome in the tree, but we have no way to know whether Google has the right to distribute it. For that matter, we have no way to know whether Linus has the right to distribute the kernel. The only thing we can know is whether somebody has told us that these rights are being contested, or that there is a court ruling one way or the other. And, of course, rulings may or may not impact any particular person or the Foundation depending on the court's jurisdiction/etc. So, any policy we establish should keep this in mind. There really is a continuum of levels of gray between a link to MS Office on a warez site, a project like this that builds on very old copyrighted material, something like dvdcss, and something like the kernel (where somebody is getting sued every six months it seems about something inside - like vfat or a bunch of #defines). I'd suggest RESTRICT=mirror. We should probably also have some kind of "license" that indicates that a package has files of uncertain redistributability so that anybody that accepts GPL-3 is aware of this. Indeed, redistributing something as GPL-3 bundling this stuff might be a violation of the GPL as well in some jurisdictions.
+ 13 Apr 2014; Julian Ospald <hasufell@gentoo.org> zsdx-1.7.1.ebuild: + set RESTRICT=mirror wrt #507412 + 13 Apr 2014; Julian Ospald <hasufell@gentoo.org> zsxd-1.7.1.ebuild: + set RESTRICT=mirror wrt #507412 what about the license? Do you want to add another @ulm?
(In reply to Julian Ospald (hasufell) from comment #12) > what about the license? Do you want to add another @ulm? Since we don't know what license the Nintendo material is distributed under, we must assume all-rights-reserved. BTW, the upstream license.txt mentions CC-BY-SA-3.0 too. (In reply to Richard Freeman from comment #11) In bug 405803 comment #8 you said something else: "Now, if a SRC_URI pointed to somebody who did not have legal permission to redistribute a file, that could be legally problematic [...]"
(In reply to Ulrich Müller from comment #13) > (In reply to Richard Freeman from comment #11) > In bug 405803 comment #8 you said something else: > "Now, if a SRC_URI pointed to somebody who did not have legal permission to > redistribute a file, that could be legally problematic [...]" Emphasis on "could" - there are no certainties when it comes to the law - just varying levels of risk. We can be sued simply for redistributing the Linux kernel - SCO has threatened numerous companies simply for using it.
+ 13 Apr 2014; Julian Ospald <hasufell@gentoo.org> zsdx-1.7.1.ebuild: + update license info wrt #507412 + 13 Apr 2014; Julian Ospald <hasufell@gentoo.org> zsxd-1.7.1.ebuild: + update license info wrt #507412
anything left to do here?
