Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 664134 - sys-firmware/intel-microcode has license that prevents redistribution
Summary: sys-firmware/intel-microcode has license that prevents redistribution
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Foundation
Classification: Unclassified
Component: Licenses (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Licenses team
URL:
Whiteboard:
Keywords:
: 664590 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-08-20 18:09 UTC by Matthew Thode ( prometheanfire )
Modified: 2018-08-26 06:30 UTC (History)
10 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-08-20 18:09:38 UTC
Intel updated their licence, we probably need to add it to the tree (maybe in the EULA group) and RESTRICT mirroring.

Licence snippet that sucks

DO NOT DOWNLOAD, INSTALL, ACCESS, COPY, OR USE ANY PORTION OF THE SOFTWARE UNTIL YOU HAVE READ AND ACCEPTED THE TERMS AND CONDITIONS OF THIS AGREEMENT. BY INSTALLING, COPYING, ACCESSING, OR USING THE SOFTWARE, YOU AGREE TO BE LEGALLY BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT.
Comment 1 Chí-Thanh Christopher Nguyễn gentoo-dev 2018-08-20 20:25:47 UTC
It may be a good idea to link or attach the full license text here.

I think EULA is definitely required.

Redistribution appears to be tricky. It looks like it is possible to redistribute per section 2 (iii) if we make the user accept the license agreement in Appendix A.

Further redistribution by the user is then not permitted per Appendix A, section License (a), which would warrant RESTRICT=bindist
Comment 2 Ulrich Müller gentoo-dev 2018-08-21 14:21:12 UTC
(In reply to Chí-Thanh Christopher Nguyễn from comment #1)
> I think EULA is definitely required.

That isn't entirely clear. Intel offers the distfile for download without asking for agreement to those conditions. Once obtained, nothing prevents the user from using it (because he has neither a contract with Intel, nor has he agreed to Intel's conditions).

We can of course say that we should err on the side of caution and add the license to the EULA group.

In any case, the distfile cannot be redistributed, so the ebuild needs mirror and bindist restrictions.

> Redistribution appears to be tricky. It looks like it is possible to
> redistribute per section 2 (iii) if we make the user accept the license
> agreement in Appendix A.

We cannot distribute it on mirrors, though, because we cannot ask mirror operators to accept any license agreements.

> Further redistribution by the user is then not permitted per Appendix A,
> section License (a), which would warrant RESTRICT=bindist


Disclaimer: IANAL, TINLA.
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-08-22 17:07:12 UTC
Can we get a response from the licence team about if we should restrict mirroring and bindist?
Comment 4 Ulrich Müller gentoo-dev 2018-08-23 05:09:17 UTC
(In reply to Matthew Thode ( prometheanfire ) from comment #3)
> Can we get a response from the licence team about if we should restrict
> mirroring and bindist?

See comment #2.
Comment 5 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-08-23 06:28:57 UTC
ok, didn't know that was with a licence team hat :D

In that case I'd err on the side of caution and restrict mirror and bindist.

@base-system can you do that please?
Comment 6 Ulrich Müller gentoo-dev 2018-08-23 09:51:49 UTC
<licenses team>
OK, to further clarify:
- The ebuild needs RESTRICT="mirror bindist"
- The updated license should go into a file with a new name. Do *not* reuse the existing "PUEL" license.
- The new license should be added to the EULA license group
</licenses team>
Comment 7 Larry the Git Cow gentoo-dev 2018-08-23 17:17:49 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=933df6d841020ef50bea24836ea854f6e4474cf7

commit 933df6d841020ef50bea24836ea854f6e4474cf7
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-08-23 17:17:14 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-08-23 17:17:36 +0000

    sys-firmware/intel-microcode: revbump to update licence
    
    Also restirct mirror and bindist
    Closes: https://bugs.gentoo.org/664134
    Package-Manager: Portage-2.3.48, Repoman-2.3.10
    RepoMan-Options: --force

 ..._p20180808.ebuild => intel-microcode-20180807_p20180808-r2.ebuild} | 4 ++--
 ...0180808-r1.ebuild => intel-microcode-20180807_p20180808-r3.ebuild} | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6697e4152400ff7cd043585f600243a909d0c932

commit 6697e4152400ff7cd043585f600243a909d0c932
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-08-23 17:12:54 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-08-23 17:17:35 +0000

    licenses: add new intel-microcode license
    
    Also add new licence to the EULA license group
    
    Bug: https://bugs.gentoo.org/664134

 licenses/intel-ucode-20180807 | 332 ++++++++++++++++++++++++++++++++++++++++++
 profiles/license_groups       |   2 +-
 2 files changed, 333 insertions(+), 1 deletion(-)
Comment 8 Hanno Böck gentoo-dev 2018-08-23 18:05:06 UTC
Maybe we should re-open, given the recent controversy about Intel's new licensing clause ("you may not benchmark"), Intel has now released entirely new licensing terms:
https://01.org/mcu-path-license-2018

These sound much nicer and seems they'd not need a mirror restriction any more.
Comment 9 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-08-23 18:09:50 UTC
That is much closer to the original licence, once a version of the microcode is shipped with that we'll switch back I expect.  This bug was just for the currently released version.
Comment 10 Ulrich Müller gentoo-dev 2018-08-23 22:28:57 UTC
(In reply to Ulrich Müller from comment #6)
> - The updated license should go into a file with a new name. Do *not* reuse
> the existing "PUEL" license.

I meant to write "intel-ucode" license there.


(In reply to Matthew Thode ( prometheanfire ) from comment #9)
> That is much closer to the original licence, once a version of the microcode
> is shipped with that we'll switch back I expect.  This bug was just for the
> currently released version.

It is the old intel-ucode license verbatim, except for a trivial change of wording in the last clause:

"Binary form" includes any format {+that is+} commonly used for electronic conveyance [-which-] {+that+} is a reversible, bit-exact translation of binary representation to ASCII or ISO text, for example "uuencode."
Comment 11 Thomas Deutschmann gentoo-dev Security 2018-08-26 06:30:03 UTC
*** Bug 664590 has been marked as a duplicate of this bug. ***