Canonical & Ubu. binary packages licensing

[holden]

http://www.itworld.com/open-source/3870 ... y-packages

[shicy]

daj brate udri koju prosto proširenu rečenicu onkraj poveznice...

[Suko]

Samo da ne bude bas previse prosta.

[jurastublic]

Ukratko, Ubuntu bi stavio kopirajt na binarne fileove koje oni kompiliraju iz sourcea a Mintovci kažu da to ne bu išlo jer je kompiliranje deterministički proces. Teško se snaći u tim linkovima pa evo (to oko kopirajta je zadnja trećina članka):

Kod: Označi sve

Mint, Ubuntu and online banking

 At the end of November some Linux news sites picked up and ran with a mailing list post made by a Canonical employee, Oliver Grawert. The post, which talks about Linux Mint, makes the statement that the Mint developers purposefully hold back security updates to their distribution: "I would say forcefully keeping a vulnerable kernel, browser or Xorg in place instead of allowing the provided security updates to be installed makes it a vulnerable system, yes. I personally wouldn't do on-line banking with it." Grawert links to a file in the Linux Mint code repository which he claims contains a list of packages which "will never update".

 Unfortunately Grawert did not fully understand the nature of the file to which he linked. The file contains a list of packages which may be updated and the number next to each package name indicates how stable the Mint developers consider the package to be. Packages with numbers 1, 2 & 3 next to their names are packages which are updated by default. Packages marked with a 4 or 5 are packages which are not automatically marked for upgrade due to stability concerns, but the user can choose to install these upgrades as well if they think it necessary. In other words, Grawert was incorrect on two points. First, the updates are not forcible kept off the system, the user has the choice as to which updates they wish to apply. Second, the distribution's web browser is not a package marked as unstable. The Firefox browser is marked as a level two update, meaning it gets upgraded by default.

 Other Ubuntu developers apparently also misunderstood the nature of Mint's update process. Benjamin Kerensa, for example, stated, "It is unclear why Linux Mint disables all of their security updates although to some degree they have tried to justify their disabling ofkernel updates by suggesting that such updates could make a system unstable." Kerensa went on to say security updates for Firefox are sometimes delayed, adding, "This puts Linux Mint users at risk and is one of the key reasons I never suggest Linux Mint to anyone as an alternative to Ubuntu." The idea that Mint disables security updates is, of course, incorrect.

 These statements sparked off the sort of distro war many Linux users love to read about and comment on. Quotes and commentary spread around and Linux Mint's founder, Clement Lefebvre, eventually saw fit to make a statement. He pointed out that Linux Mint uses the same Firefox package the Ubuntu distribution does, meaning there is no delay between when Ubuntu gets a web browser update and when Mint users receive the same update. He also explained Mint's policy of filtering unstable security updates and how users can choose to install these potentially troublesome packages. Clem went on to say, "I personally talked to the legal department at Canonical (for other reasons, they're telling us we need a license to use their binary packages) and it is clear they are confused about LMDE and Mint. They don't know what repositories we're using and they don't know what we're doing."

 In a follow-up blog post Grawert responded to the generated controversy, pointing out his views on Linux Mint are his personal opinions, not the views of Canonical. He also suggested that this back and forth of statements had revealed a potential issue which could be addressed. "Hey Clem! So how about we take a look at this and improve that situation for you, obviously something in Ubuntu doesn't work like you need it, Canonical puts a lot of time and money into improving the QA since about two years. I think it would be really helpful to sit down and look if we can improve it well enough for both of us to benefit (Ubuntu from your feedback and you from improvements we can do to the package quality)." In a later comment Clem stated that he is open to looking at how Mint organizes security updates and making changes following the release of Linux Mint 16.

 I bring up all of this back and forth between the Ubuntu developers and the Mint team to highlight a few points. One is that while many people in the Linux community enjoy a good controversy and fight (often resulting in pointless flame wars) this is typically not representative of open source projects themselves. Many developers are more interested in getting things done, either independently or collaboratively) than arguing. What started as a casual remark on a mailing list a month ago may, in fact, end up helping both the Linux Mint and Ubuntu distributions. These two projects are not so much in competition as they are symbiotic.

 My second point is that this exchange brings to light a problem which many developers seem to have. Quite often developers of one distribution are not aware of the features, policies or designs of other projects. Many Linux (and BSD) developers appear to be ignorant of the practices of other projects and I think this is unfortunate. Distributions should be borrowing ideas and technology from each other, but too frequently we see duplication of effort. Too often we see distributions struggling with problems which have been solved elsewhere. It is my hope that more developers will do as Grawert and Clem did last week and try to benefit from working together.

 Third, and I think this is a point other Linux news websites are ignoring, Clem claims he has been asked by Canonical's legal department to license the binary packages used by Ubuntu. To me this is a scary thought. Ubuntu is a base distribution for many projects, some of them (such as Mint and Kubuntu) are quite successful. Clem's statement makes me wonder if Canonical has approached other open source projects about licensing the right to access Ubuntu's package repositories. If so, what might follow? Would derivative distributions need to pay to use Canonical's packages? How would Canonical enforce such a policy, with lawyers, by blocking access to the repositories if a user isn't using Genuine Ubuntu? Canonical would certainly have the right to restrict access to its packages, they are on Canonical's servers after all. However, most Linux distributions are quite open about allowing anyone to access their software repositories and I wonder if Canonical might be acting in a short-sighted manner if they are trying to license access.

 With these thoughts in mind I contacted Canonical and asked if they could shed any light on the issue. At the time of writing I have not received a reply. An e-mail to the Linux Mint project asking for details yielded much better results. Clement Lefebvre responded the following day and, while he wasn't able to go into specific details as talks with Canonical are still on-going, he was able to share a few pieces of information. When asked if Canonical was hoping to collect a fee for using their binary packages, Clem responded, "Money isn't a primary concern. Although the original fee was in the hundreds of thousands pounds, it was easily reduced to a single digit figure. The licensing aims at restricting what Mint can and cannot do, mostly in relation to the OEM market, to prevent Mint from competing with Canonical in front of the same commercial partners."

 Clem went on to indicate Canonical has not offered any threats nor discussed enforcing any licensing terms. When I asked what Mint's plans were concerning the licensing deal Clem answered, "We don't think the claim is valid (i.e. that you can copyright the compilation of source into a binary, which is a deterministic process). With that said, Ubuntu is one of Mint's major components and it adds value to our project. If we're able to please Canonical without harming Linux Mint, then we're interested in looking into it. As negative as this may sound, this is neither urgent nor conflictual. It's a rare occasion for Canonical and Linux Mint to talk with one another and although there are disagreements on the validity of the claim, things have been going quite well between the two distributions and both projects are looking for a solution that pleases all parties."