mozilla/firefox source tarballs ship binary only files - conflicts with GPL/LGPL license terms

NEW
Unassigned

Status

()

Firefox
General
11 years ago
8 years ago

People

(Reporter: Alexander Sack, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
From Ubuntu Bug: https://bugs.edge.launchpad.net/ubuntu/+source/firefox/+bug/121734

===
The orig.tar.gz's of Mozilla products have some binary-only files (Windows DLLs and MacOS) without accompanying source code. Thus they do not fulfill the 'preferred form of modification' requirements of GPL/MPL. They either need to be removed, accompanied by source, or distributed under another license (such as BSD).
===

As a starter (probably not complete) a file list that appear to be binary-only can be found in the script:

  http://launchpadlibrarian.net/8648794/remove.nonfree


Possible resolutions:
 1. ship sources for the binary only files in produce tarball
 2. remove binary only files from distributed source tarball
This is not actually a legal problem, although it may be a practical problem. To appreciate why, it's necessary to think about exactly what it means for something to be multiply-licensed.

It means two things:

1) Anyone distributing any of the code must obey at least one of the sets of terms applicable to it

2) Anyone receiving any of the code may use it under any of the terms applicable to each part

The Mozilla Project distributes the source tarballs (case 1) under MPL terms. 

The Debian project takes those tarballs (case 2), and wishes to use a subset of the code/data therein under the GPL. That's absolutely fine, because all of the code they want to use is available under GPL terms too. However, in this case it happens to mean that the tarballs are not redistributable under those terms unmodified.

One solution, therefore, seems to be for Debian to modify the tarball before distributing it. However, perhaps this is a practical problem for Debian. Is it?

One further point: some of the files in the remove.nonfree script are in fact in the preferred form for modification. Examples:
rm -fv ./extensions/universalchardet/doc/UniversalCharsetDetection.doc
rm -fv ./xpinstall/wizard/os2/setuprsc/box_ch_d.bmp
rm -fv ./embedding/minimo/mozconfig
I'm fairly sure .rsrc are in the preferred form for modification as well, even though they are binary. If not, what are they compiled from?

Gerv
Debian != Ubuntu, fyi.
If any progress is to be made on this bug, we need to know why each file (or group of files, if files have been listed because they are of a particular file type) has been deemed as unsuitable. We can then analyse that and see if we can fix the problems.

I note that the corresponding Ubuntu bug seems to have some impatience in it. Let it not be said that we are being unresponsive here.

Gerv
Been almost a year, and there still hasn't been an answer to Gerv's request. Can somebody from Debian or Ubuntu please do so?
Going through our remove.nonfree script is on my TODO list. I know a bunch of the files there are actually source. Some others are definitely not, such as, iirc, some WinCE .dlls, or various binaries (NSIS ones being one set among others).

Anyways, it's better for us to have false negatives than false positives, which is why we are still removing the same files ; plus the fact that they aren't used during build.

Comment 6

10 years ago
Created attachment 344136 [details]
REMOVED+nobinonly log from Ubuntu on trunk

In Ubuntu, we provide a log of what has actually been removed.
Our script does "no binary only", not "no non-free" like Debian.

Updated

8 years ago
You need to log in before you can comment on or make changes to this bug.