https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Bug ID: 1713604 Summary: Review Request: onvifviewer - Network camera viewer Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: Package Review Severity: medium Priority: medium Assignee: nobody@fedoraproject.org Reporter: casper@meijn.net QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Spec URL: https://copr-be.cloud.fedoraproject.org/results/caspermeijn/ONVIFViewer/fedo... SRPM URL: https://copr-be.cloud.fedoraproject.org/results/caspermeijn/ONVIFViewer/fedo... Description: The goal of this project is to replace the proprietary app that was needed to configure and view my IP camera. The ONVIF protocol can be used to view and configure many types of camera's and is a open standard that can be implemented using standard SOAP libraries. Using Qt5 for the back-end and Kirigami UI framework makes this application a cross-platform solution. Fedora Account System Username: caspermeijn
There are two things that I am not sure of: * The source files related to the ONVIF protocol may be distributed, but not modified. Is this allowed in the source package? Does this need to be stated in the spec file? Does this change the license of the binary (and with that the License field)? * The tests in the package require a X server. Is this possible during a rpmbuild? Is it useful to run these tests? Thanks in advance.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Robert-André Mauchin zebob.m@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |zebob.m@gmail.com Blocks| |182235 (FE-Legal)
--- Comment #1 from Robert-André Mauchin zebob.m@gmail.com --- - Not needed:
rm -rf %{buildroot}
The tests in the package require a X server. Is this possible during a rpmbuild? Is it useful to run these tests?
You could try running them with xvfb-run, not sure it will work.
The source files related to the ONVIF protocol may be distributed, but not modified. Is this allowed in the source package? Does this need to be stated in the spec file? Does this change the license of the binary (and with that the License field)?
I'm not sure, asking FE-Legal opinion on this
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=182235 [Bug 182235] Fedora Legal Tracker
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Tom "spot" Callaway tcallawa@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |tcallawa@redhat.com
--- Comment #2 from Tom "spot" Callaway tcallawa@redhat.com --- Ugh, this is complicated. I'm going to have to discuss this internally. Please hold on doing anything with this package for the time being.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
--- Comment #3 from Casper Meijn casper@meijn.net --- Can I do anything for this or do I just have to wait?
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
--- Comment #4 from Robert-André Mauchin 🐧 zebob.m@gmail.com --- I sent a mail to Legal to see if they can give a definitive opinion.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Ben Cotton bcotton@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bcotton@redhat.com Flags| |needinfo?(casper@meijn.net)
--- Comment #5 from Ben Cotton bcotton@redhat.com ---
- The source files related to the ONVIF protocol may be distributed, but not modified.
Can you clarify which files you're talking about? Looking through the GitLab repo, I only see GPL and CC 0 licenses in use.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Casper Meijn casper@meijn.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(casper@meijn.net) |
--- Comment #6 from Casper Meijn casper@meijn.net --- It is about the files in 3rdparty/wsdl directory. These files are come from different domains/companies and therefore they have different licenses, but in my non-legal view they are similar. I could compile a list of these licenses if that is useful. Following is an example of these licenses from 3rdparty/wsdl/www.onvif.org/ver10/device/wsdl/devicemgmt.wsdl:
Copyright (c) 2008-2017 by ONVIF: Open Network Video Interface Forum. All rights reserved.
Recipients of this document may copy, distribute, publish, or display this document so long as this copyright notice, license and disclaimer are retained with all copies of the document. No license is granted to modify this document.
THIS DOCUMENT IS PROVIDED "AS IS," AND THE CORPORATION AND ITS MEMBERS AND THEIR AFFILIATES, MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THIS DOCUMENT ARE SUITABLE FOR ANY PURPOSE; OR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT, WHETHER OR NOT (1) THE CORPORATION, MEMBERS OR THEIR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (2) SUCH DAMAGES WERE REASONABLY FORESEEABLE, AND ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT. THE FOREGOING DISCLAIMER AND LIMITATION ON LIABILITY DO NOT APPLY TO, INVALIDATE, OR LIMIT REPRESENTATIONS AND WARRANTIES MADE BY THE MEMBERS AND THEIR RESPECTIVE AFFILIATES TO THE CORPORATION AND OTHER MEMBERS IN CERTAIN WRITTEN POLICIES OF THE CORPORATION.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
--- Comment #7 from Ben Cotton bcotton@redhat.com --- Thanks! I'll follow up with Legal and see if I can figure out what the specific issue is.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Bryan Sutula bsutula@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bsutula@redhat.com
--- Comment #8 from Bryan Sutula bsutula@redhat.com --- "Open Source" licenses need the permission to modify the work and create derivative works. That's why these types of licenses aren't considered "open source".
Just a thought...as you review the specific files and licenses, if these "non-open-source" licenses apply only to documents, could you simply remove the document files from the package?
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
--- Comment #9 from Casper Meijn casper@meijn.net --- (In reply to Bryan Sutula from comment #8)
"Open Source" licenses need the permission to modify the work and create derivative works. That's why these types of licenses aren't considered "open source".
Just a thought...as you review the specific files and licenses, if these "non-open-source" licenses apply only to documents, could you simply remove the document files from the package?
The WSDL files are used to generate code for parsing and creating ONVIF messages, so they can't be removed from the package.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
--- Comment #10 from Robert-André Mauchin 🐧 zebob.m@gmail.com ---
The issue here (at least the only one I'm aware of) was that the package contains WSDL files that are nominally under a license that does not meet Fedora's policy on acceptable licenses.
The default conclusion here should be that the package is not acceptable for Fedora. However, if you or anyone else would like to provide an explanation of how these files are used in this package, that might support a different conclusion. I do not really have the bandwidth to look into this myself.
Richard
The WSDL files are used to generate code for parsing and creating ONVIF messages, so they can't be removed from the package.
Does the WSDL files end up up in the binary package or are they only needed at build time? Try to answer Richard's message on the legal ML.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
--- Comment #11 from Casper Meijn casper@meijn.net --- (In reply to Robert-André Mauchin 🐧 from comment #10)
Does the WSDL files end up up in the binary package or are they only needed at build time? Try to answer Richard's message on the legal ML.
The WSDL files are the interface specification and they are only used for the RPC interface to the ONVIF camera. This information is required to implement the ONVIF protocol correctly. The function names and structures in the WSDL will be used to generate RPC interface code. The WSDL files itself is not included in the binary, but they are used to generate code that is going into the binary.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Casper Meijn casper@meijn.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CANTFIX Last Closed| |2021-09-07 20:47:55
--- Comment #13 from Casper Meijn casper@meijn.net --- I assume that legal couldn't clear this issue. I will focus on Flathub packaging instead.
https://bugzilla.redhat.com/show_bug.cgi?id=1713604
Casper Meijn casper@meijn.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(casper@meijn.net) |needinfo-
Product: Fedora Version: rawhide Component: Package Review
Casper Meijn casper@meijn.net has denied Package Review package-review@lists.fedoraproject.org's request for Casper Meijn casper@meijn.net's needinfo: Bug 1713604: Review Request: onvifviewer - Network camera viewer https://bugzilla.redhat.com/show_bug.cgi?id=1713604
package-review@lists.fedoraproject.org
-
bugzilla@redhat.com