legal July 2021

legal@lists.fedoraproject.org

16 participants
5 discussions

Brainpool Curves in Fedora (openssl, libgcrypt, gnupg)
by Timothée Ravier 06 Apr '22

06 Apr '22

Hi everyone, The ECC Brainpool Curves [1][2] are currently not available in Fedora as according to this BZ [3], this needs Fedora Legal approval. Could someone from the legal team take a look to see if there are any blockers regarding Brainpool Curves inclusion in Fedora? Thanks! [1] https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Implementation [2] https://tools.ietf.org/html/rfc5639 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1413618

9 21

Steinberg VST3 License question
by Pete Savage 29 Jul '21

29 Jul '21

Hi all, I am working on a package for the sFizz project which provides a VST3 plugin, among others. The VST3 SDK from Steinberg is licensed under a compatible license, but imposes extra "guidelines" which has previously seen it be inadmissible in the Fedora repos and lead to some considerable effort to work around. One of the developers of sFizz asked the question on the Steinberg Forum: https://forums.steinberg.net/t/vst-3-sdk-licensing-faq/201638/20?u=jpcima Which contains relevant links, however I also received other information from another source that stated: Section 7: https://www.gnu.org/licenses/gpl-3.0.en.html All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. Yet someone else countered this with: Section 7 also contains a list of non-permissive additional terms that *are* allowed to be imposed on top of the gpl Can someone comment on this please, I'd prefer not to have to strip the VST plugin as it is the preferred format and would take considerable effort to do so. Pete

4 3

Consider adding MVT License 1.0 to list of allowed/good licenses
by Christian Glombek 22 Jul '21

22 Jul '21

Hello all, The Mobile Verification Toolkit[1] project (developed by the Amnesty International Security Lab in light of the recent news about the Pegasus[2] spyware) is using an adapted MPL 2.0 license, the MVT License. I'd like for this license to be vetted by the legal team, and added to the list of allowed licenses in Fedora so the software can be distributed through Fedora channels. From https://github.com/mvt-project/mvt#license: > The purpose of MVT is to facilitate the consensual forensic analysis of > devices of those who might be targets of sophisticated mobile spyware > attacks, especially members of civil society and marginalized communities. > We do not want MVT to enable privacy violations of non-consenting > individuals. Therefore, the goal of this license is to prohibit the use of > MVT (and any other software licensed the same) for the purpose of > adversarial forensics. > > In order to achieve this, MVT is released under an adaptation of Mozilla > Public License v2.0. This modified license includes a new clause 3.0, > "Consensual Use Restriction" which permits the use of the licensed software > (and any "Larger Work" derived from it) exclusively with the explicit > consent of the person/s whose data is being extracted and/or analysed > ("Data Owner"). Full License text at https://github.com/mvt-project/mvt/blob/main/LICENSE Thank you, Christian [1] https://github.com/mvt-project/mvt [2] https://forbiddenstories.org/about-the-pegasus-project/

2 1

Unsplash License acceptable for Fedora Wallpaper Content?
by Fabio Valentini 16 Jul '21

16 Jul '21

Hi, With version 6 of the elementary OS wallpapers for Pantheon, they include some new wallpapers that are no longer under the "old" CC0 License for conntent from unsplash.com, but now available under the "Unsplash License", which is not listed as an acceptable / good content license in the Fedora licensing Wiki [1]. The new Unsplash license text [2] seems to be very permissive (included below for quick reference) but I still wanted to check in here if it's okay, and if it could be added to the list of acceptable licenses for content in Fedora, with a documented "Unsplash" short identifier for RPM License tags maybe? -- begin license text Unsplash grants you an irrevocable, nonexclusive, worldwide copyright license to download, copy, modify, distribute, perform, and use photos from Unsplash for free, including for commercial purposes, without permission from or attributing the photographer or Unsplash. This license does not include the right to compile photos from Unsplash to replicate a similar or competing service. -- end license text Thanks, Fabio [0]: https://github.com/elementary/wallpapers/blob/deb-packaging/debian/copyright [1]: https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Content_Licenses [2]: https://unsplash.com/license

5 7

Audacity is no longer free
by Vitaly Zaitsev 05 Jul '21

05 Jul '21

Hello. I'm asking the Fedora legal team to review the latest Audacity license and privacy notice[1]: > The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App. Also it now collects a lot of sensitive data and send them to Google and Yandex. I believe this violates the GDPR. I think this application is no longer completely free and open source and should be removed from Fedora. [1]: https://www.audacityteam.org/about/desktop-privacy-notice/ -- Sincerely, Vitaly Zaitsev (vitaly(a)easycoding.org)

5 6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

legal July 2021