Differences between revisions 26 and 81 (spanning 55 versions)
Revision 26 as of 2006-11-15 09:51:11
Size: 17932
Editor: ?SimonJosefsson
Comment:
Revision 81 as of 2012-05-29 07:20:38
Size: 10866
Editor: ?SimonJosefsson
Comment: mention 674940 false positive
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
The majority of IETF documents, such as RFCs, are not licensed under DFSG-free terms, and should thus not be included in Debian's main. However, RFC documents are frequently included in many packages that would otherwise be free software. Some care is required to remove then when packaging software for Debian. The majority of IETF documents, such as RFCs, are not licensed under DFSG-free terms, and should thus not be included in Debian's main. However, RFC documents are frequently included in many packages that would otherwise be free software. Some care is required to remove the documents when packaging software for Debian.
Line 9: Line 9:
 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810  * DebianBug:92810
 * DebianBug:199810
Line 15: Line 16:
 * http://release.debian.org/removing-non-free-documentation
 * http://release.debian.org/etch_rc_policy.txt

In particular, the etch_rc_policy.txt document above says:
 * http://release.debian.org/squeeze/rc_policy.txt
 * http://release.debian.org/wheezy/rc_policy.txt

In particular, the latter document above says:
Line 26: Line 27:
All non-free RFC files in non-source packages are believed to be reported, see: All non-free RFC files in source packages are believed to be reported, see:
Line 30: Line 31:
Currently I'm investigating source packages too. A list of packages with non-free files in them are found at:

 * http://josefsson.org/bcp78broken/ietf-in-src.txt

On 2006-10-16, I sent bug reports for RFC/I-Ds in source packages too. They are now visible through the first linke in this section.

Some raised a concern that there may be false positives in the list. I modified the script (see last on this page) to compute MD5's on the RFC in the source packages, and run diff+cmp on the files if the MD5 doesn't match. The output from the script is published at:

 * http://josefsson.org/bcp78broken/debian-ietf-documents-diff.txt

I went through the reports manually, and there were one unclear case which most likely indicate a false positive, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393411

On 2006-10-24 I modified the script to recursively look into archives-within-archives in the source packages, to find deeply nested documents too. Some more occurances were found and reported.
After the initial report against a lot of packages without manual checking, there were claims of false positives in the list. To this date, the only at least likely false positive was DebianBug:393411 and DebianBug:674940.

On 2006-10-24 I modified the script to recursively look into archives-within-archives in the source packages, to find deeply nested documents. Since that date, I run the debian-run script (see below) from time to time and report any changes. Since the amount of changes is now small, I try to check each package manually before reporting. As of 2009-04-21, this is still the current status.

On 2009-09-11 the last bug related to a package in testing was fixed (DebianBug:459705) and on 2009-09-22 the package entered testing. In order words, by that date, testing no longer contain any non-free RFCs! Since then, the status has regressed and some packages with RFCs in them has entered testing, but as of 2010-05-17 testing do not contain any RFCs.

As of 2010-05-17 the list of remaining packages (in unstable!) that contains IETF documents is 'samba4'.

On 2011-10-19 another check was made, and bugs were found (and reported) in lusca, open-iscsi, libpgm, isc-dhcp, libreoffice, and libmath-base85-perl.

Other checks can be made without referring to this page, like the http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gnewsense;tag=libreplanet;users=gnewsense-dev@nongnu.org;, which spotted bacula (DebianBug:658326).
Line 50: Line 48:
   See http://bugs.debian.org/390658    See DebianBug:390658
Line 53: Line 51:
   See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393408    See DebianBug:393408
Line 55: Line 53:

 * The I-D draft-ietf-cat-kerb-chg-password-02.txt
   See DebianBug:393380
   and http://packages.debian.org/changelogs/pool/main/k/krb5/current/copyright

 * RFC 2629.
   See the copyright of the source file in xml2rfc.

 * RFC 5864.
   See the copyright of the source file in openafs.
Line 63: Line 71:
   The RFC editor has something else to say on this {{{    See bug DebianBug:365201 for some discussion.

The RFC editor has something else to say on this
{{{
Line 92: Line 103:
}}}

== Bug report template ==

This will be used for the reports on non-free RFCs in source packages.

{{{
Subject: Source package contains non-free IETF RFC/I-D
Severity: serious
Package: [package]
Version: [version]
User: debian-release@lists.debian.org
Usertags: nonfree-doc rfc

Hi!

This source package contains the following files from the
IETF under non-free license terms:

FILES

The license on RFC/I-Ds is not DFSG-free, see:

 * http://wiki.debian.org/NonFreeIETFDocuments
 * http://bugs.debian.org/199810

According to the squeeze/wheezy release policy, source packages must be
DFSG-free, see:

 * http://release.debian.org/squeeze/rc_policy.txt
 * http://release.debian.org/wheezy/rc_policy.txt

The severity is serious, because this violates the Debian policy:

 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem. In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license. A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding 'dfsg' to the Debian package
   version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal
or debian-devel in the thread with Subject: "Non-free IETF RFC/I-Ds in
source packages".

Thanks,
Simon
Line 182: Line 248:
== Bug report template ==

This will be used for the reports on non-free RFCs in source packages.

{{{ Subject: Source package contains non-free IETF RFC
Severity: serious
Package: [package]
Version: [version]
User: debian-release@lists.debian.org
Usertags: nonfree-doc rfc

Hi!

This source package contains the following files from the
IETF under non-free license terms:

FILES
The license on RFC/I-Ds is not DFSG-free, see:
 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199810
 * http://release.debian.org/removing-non-free-documentation
 * http://wiki.debian.org/NonFreeIETFDocuments

The etch release policy says binary and source packages must each be free:
 * http://release.debian.org/etch_rc_policy.txt

The severity is serious, because this violates the Debian policy:
 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem. In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license. A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding 'dfsg' to the Debian package
   version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal
or debian-devel in the thread with Subject: "Non-free IETF RFC/I-Ds in
source packages".

Thanks,
Simon
}}}
Line 232: Line 250:
1. Rsync the Debian repository.

The file is called debian-rsync.

{{{
#!/bin/sh

# debian-rsync: Mirror a Debian repository.

# Written by Simon Josefsson <simon@josefsson.org> during September
# 2006. Released under GPLv2 or later. See
# <http://wiki.debian.org/NonFreeIETFDocuments>.

MIRROR=ftp.se.debian.org::debian
OUT=/data/debian

rsync -av --exclude Sources.diff $MIRROR/dists/testing/main/source \
    $OUT/dists/testing/main/
rsync -av --exclude Packages.diff $MIRROR/dists/testing/main/binary-i386 \
    $OUT/dists/testing/main/
rsync -av --exclude Sources.diff $MIRROR/dists/unstable/main/source \
    $OUT/dists/unstable/main/
rsync -av --exclude Packages.diff $MIRROR/dists/unstable/main/binary-i386 \
    $OUT/dists/unstable/main/

LIST=$(rsync $MIRROR/pool/main/ \
    | grep '^drwx' \
    | awk '{print $5}' \
    | grep -v -e '^.$')

for i in $LIST; do
    echo Working in $i...
    rsync -av --delete --delete-excluded \
 --exclude '*.udeb' \
 --exclude '*_alpha.deb' \
 --exclude '*_amd64.deb' \
 --exclude '*_arm.deb' \
 --exclude '*_hppa.deb' \
 --exclude '*_hurd-i386.deb' \
 --exclude '*_ia64.deb' \
 --exclude '*_m68k.deb' \
 --exclude '*_mips.deb' \
 --exclude '*_mipsel.deb' \
 --exclude '*_powerpc.deb' \
 --exclude '*_s390.deb' \
 --exclude '*_sparc.deb' \
 $MIRROR/pool/main/$i $OUT/pool/main/
done
}}}

2. Get list of package contents.

There are two files here, first tar-recursive and then debian-unpack.

{{{
#!/bin/sh

# tar-recursive: Recursively list members of an archive.

# Inspired by find-in-tars by Timo Juhani Lindfors
# <timo.lindfors@iki.fi>, but re-written by Simon Josefsson
# <simon@josefsson.org> during September 2006. Released under GPLv2
# or later. See <http://wiki.debian.org/NonFreeIETFDocuments>.

for archive in "$@"; do
    case "$archive" in
 *.tar.gz) MEMBERS=`tar tvfz $archive | awk '{print $6}'`;;
 *.tar.bz2) MEMBERS=`tar tvfj $archive | awk '{print $6}'`;;
 *.jar) MEMBERS=`unzip -vqq $archive | awk '{print $8}'`;;
 *.zip) MEMBERS=`unzip -vqq $archive | awk '{print $8}'`;;
    esac

    for member in $MEMBERS; do
 echo $member
 case "$member" in
     *.tar.gz | *.tar.bz2 | *.jar | *.zip)
  echo recursing into $archive $member 1>&2
  tempdir=`mktemp -d -t tar-recursive.XXXXXXXXXX` || exit 1
  case "$archive" in
      *.tar.gz) tar xfz $archive -C $tempdir $member
   err=$? ;;
      *.tar.bz2) tar xfj $archive -C $tempdir $member
   err=$? ;;
      *.jar) unzip -q $archive $member -d $tempdir
   err=$? ;;
      *.zip) unzip -q $archive $member -d $tempdir
   err=$? ;;
  esac
  if test "$err" != "0"; then
      echo "tar failed on $member with error $?" 1>&2
      exit 1
  fi
  echo $member
  tar-recursive $tempdir/$member | sed "s@^@$member:@"
  rm -fr $tempdir
  ;;
 esac
    done
done
}}}

{{{
#!/bin/sh

# debian-unpack: Extract a list of members in *.orig.tar.gz in a
# Debian repository.

# Written by Simon Josefsson <simon@josefsson.org> during September
# 2006. Released under GPLv2 or later. See
# <http://wiki.debian.org/NonFreeIETFDocuments>.

OUT=/data/debian

mkdir -p $OUT/contents/

find $OUT/pool/main -name \*.orig.tar.gz | (
    while read file; do
 oldIFS=$IFS
 IFS=/
 set -- $file
 IFS=$oldIFS
 dir=$6
 pkg=$7
 basename=$8
# echo file $file dir $dir pkg $pkg basename $basename
 if ! test -f $OUT/contents/$basename; then
     echo unpacking $file
     tar-recursive $file > $OUT/contents/$basename
     if [ "x$?" != "x0" ]; then
  echo "tar failed on $filename with error $?" 1>&2
  exit 1
     fi
 fi
    done)
}}}

3. Search for RFC matches.

{{{
#!/bin/sh

# debian-search: Search a Debian repository for non-free RFC/I-D files.

# Written by Simon Josefsson <simon@josefsson.org> during September
# 2006. Released under GPLv2 or later. See
# <http://wiki.debian.org/NonFreeIETFDocuments>.

DIR=/data/debian
SRCLIST=$DIR/dists/testing/main/source/Sources
TMPBUGLIST=/tmp/tmp-bug.$$

# Comments for packages, format is ^ +PACKAGE WHATEVER$.
cat<<EOF > $TMPBUGLIST
  asn1c http://bugs.debian.org/393357
  cherokee http://bugs.debian.org/393360
  cyrus-sasl2 http://bugs.debian.org/365183 fixed in experimental
  cyrus-sasl2-mit http://bugs.debian.org/
  dante http://bugs.debian.org/393361
  dhcp http://bugs.debian.org/393364
  dictd http://bugs.debian.org/393365
  dnswalk http://bugs.debian.org/393366
  e2fsprogs http://bugs.debian.org/390664 not fixed
  evolution-exchange http://bugs.debian.org/393368
  firefox http://bugs.debian.org/393370
  gidentd http://bugs.debian.org/393371
  gnome-utils http://bugs.debian.org/393372
  gtk-gnutella http://bugs.debian.org/393373
  httptunnel http://bugs.debian.org/393374
  imapsync http://bugs.debian.org/393375
  inetutils http://bugs.debian.org/393376 done
  ircd-hybrid http://bugs.debian.org/390667 done
  jta http://bugs.debian.org/393377
  keynote http://bugs.debian.org/393379
  krb5 http://bugs.debian.org/393380
  l2tpd http://bugs.debian.org/393381
  libdatetime-format-mail-perl http://bugs.debian.org/393382 done
  libdigest-hmac-perl http://bugs.debian.org/393383 pending
  libdigest-md2-perl http://bugs.debian.org/393384 pending
  libdigest-md4-perl http://bugs.debian.org/393385
  libemail-find-perl http://bugs.debian.org/393386
  libgcgi http://bugs.debian.org/393387
  libspf http://bugs.debian.org/393389
  libspf2 http://bugs.debian.org/393390
  libtheora http://bugs.debian.org/393391
  libunicode-map8-perl http://bugs.debian.org/393392 pending
  liburi-perl http://bugs.debian.org/393393
  libuser http://bugs.debian.org/393394
  lprng http://bugs.debian.org/393395
  mailutils http://bugs.debian.org/393396
  maradns http://bugs.debian.org/393397
  mhash http://bugs.debian.org/393398
  mozart http://bugs.debian.org/393399
  nettle http://bugs.debian.org/393400
  openh323 http://bugs.debian.org/393402
  openldap2 http://bugs.debian.org/393403
  openslp http://bugs.debian.org/393405
  openswan http://bugs.debian.org/393406
  proftpd http://bugs.debian.org/393408
  psp http://bugs.debian.org/393409
  qpopper http://bugs.debian.org/393410
  subversion http://bugs.debian.org/393414 pending
  systemimager http://bugs.debian.org/395021
  tcllib http://bugs.debian.org/393415
  teapop http://bugs.debian.org/393416
  tin http://bugs.debian.org/395101
  uw-imap http://bugs.debian.org/393417
  vflib3 http://bugs.debian.org/393418
  vpim http://bugs.debian.org/393419
  xfmail http://bugs.debian.org/393420
  xrn http://bugs.debian.org/393421
  xulrunner http://bugs.debian.org/393422
  yardradius http://bugs.debian.org/393423
  zeroconf http://bugs.debian.org/393425
EOF

gzip -cd $SRCLIST.gz > $SRCLIST

FALSEPOSITIVES="-e rfc0000.txt \
  -e draft-zebra-00.txt \
  -e draft-morgan-ident-ext-04.txt \
  -e draft-riikonen-presence-attrs-03.txt \
  -e draft-riikonen-silc-commands-06.txt \
  -e draft-riikonen-silc-flags-payloads-04.txt \
  -e draft-riikonen-silc-ke-auth-08.txt \
  -e draft-riikonen-silc-pp-09.txt \
  -e draft-riikonen-silc-spec-08.txt"

cd $DIR/contents
find . -type f | sort | xargs egrep \
    -e rfc[0-9]+\.txt \
    -e draft-.*[0-9][0-9]\.txt \
    | grep -v $FALSEPOSITIVES | (
    while read line; do
 oldIFS=$IFS
 IFS=:
 set -- $line
 IFS=$oldIFS
 file=$1
 file=`echo $file | sed 's,^./,,g'`
 pkg=`echo $file | sed 's,_.*,,g'`
 ver=`grep -A 3 "^Package: $pkg\$" $SRCLIST | grep ^Version: | sed 's/Version: //'`
 if test -n "$lastpkg" -a "$pkg" != "$lastpkg"; then
     if test -n "$files"; then
  echo pkg $lastpkg ver $lastver
  egrep "^ +$lastpkg " $TMPBUGLIST
  for i in $files; do
      echo " $i"
  done
     fi
     files=""
 fi
 if grep -q $file $SRCLIST; then
     thesefiles=`echo $line | sed 's,[^:]*:,,'`
     files="$files $thesefiles"
 fi
 lastfile=$file
 lastpkg=$pkg
 lastver=$ver
    done
    if test -z "$files$lastfile"; then
 echo last pkg $pkg ver $ver files $files
    fi)
}}}
The source code to search for RFCs inside Debian can be found at http://git.josefsson.org/cgi-bin/gitweb.cgi?p=tools.git;a=tree;f=rfc-search;hb=HEAD
----
## This page is widely referenced from hundreds bug reports
## (search NonFreeIETFDocuments in the BTS. example: http://bugs.debian.org/393400 )
CategoryPermalink

This page provides information on IETF RFC/I-Ds within Debian.

Background

The majority of IETF documents, such as RFCs, are not licensed under DFSG-free terms, and should thus not be included in Debian's main. However, RFC documents are frequently included in many packages that would otherwise be free software. Some care is required to remove the documents when packaging software for Debian.

Some links to discussion of the license problems:

Some general background:

In particular, the latter document above says:

  1. DFSG-freeness
    • All content in main and contrib must meet the DFSG, both in .debs and in the source (including the .orig.tar.gz)

Status

All non-free RFC files in source packages are believed to be reported, see:

After the initial report against a lot of packages without manual checking, there were claims of false positives in the list. To this date, the only at least likely false positive was 393411 and 674940.

On 2006-10-24 I modified the script to recursively look into archives-within-archives in the source packages, to find deeply nested documents. Since that date, I run the debian-run script (see below) from time to time and report any changes. Since the amount of changes is now small, I try to check each package manually before reporting. As of 2009-04-21, this is still the current status.

On 2009-09-11 the last bug related to a package in testing was fixed (459705) and on 2009-09-22 the package entered testing. In order words, by that date, testing no longer contain any non-free RFCs! Since then, the status has regressed and some packages with RFCs in them has entered testing, but as of 2010-05-17 testing do not contain any RFCs.

As of 2010-05-17 the list of remaining packages (in unstable!) that contains IETF documents is 'samba4'.

On 2011-10-19 another check was made, and bugs were found (and reported) in lusca, open-iscsi, libpgm, isc-dhcp, libreoffice, and libmath-base85-perl.

Other checks can be made without referring to this page, like the http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gnewsense;tag=libreplanet;users=gnewsense-dev@nongnu.org;, which spotted bacula (658326).

Known exceptions

These documents have been made available under a free license:

The following may hold but is questionable:

  • US-authored RFCs earlier than RFC around RFC 1000-1100.
    • These did not carry a copyright notice, and since the US did not sign the Berne convention until 1989, they are in the public domain.

      See bug 365201 for some discussion. The RFC editor has something else to say on this

From: RFC Editor <rfc-editor@rfc-editor.org>
Subject: Re: Copyright and copying conditions for RFC 1510?
To: Simon Josefsson <jas@extundo.com>
Cc: RFC Editor <rfc-editor@rfc-editor.org>
Date: Mon, 16 Dec 2002 11:07:28 -0800

Simon,

The copyright statement applies retroactively.  Please follow the
instructions as stated at:

   ftp://ftp.rfc-editor.org/in-notes/rfc-editor/rfc-copyright-story

Thank you.

RFC Editor


On Sun, Dec 15, 2002 at 10:38:30AM +0100, Simon Josefsson wrote:
> rfc1510.txt does not mention copyright or copying condition. Does the
> copyright notice in
> 
> ftp://ftp.rfc-editor.org/in-notes/rfc-editor/rfc-copyright-story
> 
> apply retroactively?  If not, do you know who owns the copyright of
> the document and what the copying conditions are?
> 
> Thanks.

Bug report template

This will be used for the reports on non-free RFCs in source packages.

Subject: Source package contains non-free IETF RFC/I-D
Severity: serious
Package: [package]
Version: [version]
User: debian-release@lists.debian.org
Usertags: nonfree-doc rfc

Hi!

This source package contains the following files from the
IETF under non-free license terms:

FILES

The license on RFC/I-Ds is not DFSG-free, see:

 * http://wiki.debian.org/NonFreeIETFDocuments
 * http://bugs.debian.org/199810

According to the squeeze/wheezy release policy, source packages must be
DFSG-free, see:

 * http://release.debian.org/squeeze/rc_policy.txt
 * http://release.debian.org/wheezy/rc_policy.txt

The severity is serious, because this violates the Debian policy:

 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem.  In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license.  A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding 'dfsg' to the Debian package
   version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal
or debian-devel in the thread with Subject: "Non-free IETF RFC/I-Ds in
source packages".

Thanks,
Simon

Template for RFC authors to release additional rights

If you as a RFC editor wish to grant additional rights within the document directly, to avoid having the Debian community ask you for additional rights later on, you may include the following text in the document. Similar text has been approved in RFCs before (e.g., RFC 3492, RFC 4501) and the IETF do not appear to object to this practice.

x. Copying conditions

        The author(s) agree to grant third parties the irrevocable
        right to copy, use and distribute the work, with
        or without modification, in any medium, without royalty,
        provided that, unless separate permission is granted,
        redistributed modified works do not contain misleading
        author, version, name of work, or endorsement information.

The text is derived from draft-josefsson-ipr-notice-update.

Template requesting additional rights from RFC authors

This is based on RFC 4663 and draft-josefsson-ipr-rules-update (see <http://josefsson.org/bcp78broken/>).

Subject: Requesting additional rights to RFC xxxx

Dear Author,

The Debian GNU/Linux distribution wishes to incorporate the
IETF RFC xxxx as part of its distribution, and to allow
users to develop, modify and evolve the document.

Under IETF policies that were in effect during the development of
RFC xxxx, the authors of contributions to the IETF standards retain
copyright with respect to such contributions. Because you are an
author of said document, the Debian community hereby requests that
you kindly agree to release your contributions in RFC xxxx under
the license below, for inclusion in Debian.

        I agree to grant third parties the irrevocable
        right to copy, use and distribute the work, with
        or without modification, in any medium, without royalty,
        provided that, unless separate permission is granted,
        redistributed modified works:

             (a) do not contain misleading author, version, name
                 of work, or endorsement information, and

             (b) do not claim endorsement of the modified work by
                 the Contributor, or any organization the
                 Contributor belongs to, the Internet Engineering
                 Task Force (IETF), Internet Research Task Force
                 (IRTF), Internet Engineering Steering Group
                 (IESG), Internet Architecture Board (IAB),
                 Internet Assigned Numbers Authority (IANA),
                 Internet Society (ISOC), Request For Comments
                 (RFC) Editor, or any combination or variation of
                 such terms (including without limitation the
                 IETF "4 diamonds" logo), or any terms that are
                 confusingly similar thereto, and

             (c) remove any claims of status as an Internet
                 Standard, including without limitation removing
                 the RFC boilerplate.

        The IETF suggests that any citation or excerpt of
        unmodified text reference the RFC or other document from
        which the text is derived.

To indicate that you agree to these terms, please reply to this e-mail
and quote the license above and indicate that you agree to this.

If you prefer another widely recognized free license instead, the
following ones are also fine:
 * the 3-clause BSD license
   http://www.gnu.org/licenses/info/BSD_3Clause.html
 * the GNU GPL version 2
   http://www.fsf.org/licensing/licenses/gpl.txt
 * the Expat license
   http://www.jclark.com/xml/copying.txt

 Sincerely yours,
   Simon Josefsson

Theory of operation

The source code to search for RFCs inside Debian can be found at http://git.josefsson.org/cgi-bin/gitweb.cgi?p=tools.git;a=tree;f=rfc-search;hb=HEAD


CategoryPermalink