[Zope3-dev] Re: [Checkins] SVN: lovely.rating/ Initial import from
Lovely Systems repository
Tres Seaver
tseaver at palladion.com
Thu Aug 17 01:11:44 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martijn Faassen wrote:
> Stephan Richter wrote:
>> On Wednesday 16 August 2006 09:42, Martijn Faassen wrote:
>>> Anyway, nothing is said about dependency on GPL-ed code. That's a
>>> different debate. It's strictly not against rules, but it does mean one
>>> expectation is broken: one might want to expect that all code in the
>>> repository is freely usable without having to worry about
>>> GPL-provisions. This is not the case for code that depends on GPL-ed
>>> code. Even though this may be already a grey area for other reasons, it
>>> still makes sense to think about the intent and people's expectations
>>> when checking in a codebase.
>>
>> My expectation is that I have to read all included license files and
>> the licenses of the dependencies.
>
> If the GPL is one of those included licenses, the whole package falls
> under the provisions of the GPL, not just the dependencies. This is what
> the GPL requires.
I'd prefer to have somebody at the foundation pay for advice on this: I
have consulted to one very Zope-and-Python savvy IP lawyer (Ron
Chichester) who has subsequently made his analysis of the interaction of
GPL and Python's import public (at the Plone Symposium in New Orleans
last March).
He noted first that the GPL cannot restrict more than what copyright law
permits, which is why "mere aggregation" of GPL and non-GPL software
does not trigger the GPL. He then dissected the process of importing
one Python module from another, in terms of the actual operations
(including copies made in RAM) which take place, and argued from this
analysis that the GPL does not govern a program / module which merely
imports code from a GPL'ed module.
I bring this up not to argue for Ron'd analysis, but only to say that
assuming that you know what the GPL means in the context of Python might
need to wait until the issue has been adjudicated. In the meanwhile, it
is probably *not* going to be within the ZF's IP policy to allow
checking in code which forces users of the repostiory to deal with the
GPL at all; I would consider such a checkin now, in the interregnum
period, to be particularly ill-advised.
>> Remember, we are talking only about a dependency here, not even an
>> inclusion. This case is much weaker than a lot of others.
>
> I know we're talking about a dependency here. I'm not saying what you
> did was wrong, but I do also think Benji brought up a good point that
> should be carefully considered.
The Zope repository as managed by ZC has had a clear anti-GPL policy; I
don't think that the foundation's policy is likely to be more favorable
to code which might, in theory, trigger the provisions of the GPL.
The appropriate thing here would be to remove the code which depends on
the GPL, and then ask the foundation's permission before readding it.
In the meanwhile, codespeak.net might provide a reasonable place from
which to continue development of said code.
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE4/qQ+gerLs4ltQ4RAsNFAJ0eYNbPL7ryaHvqSHELI5ZUqG95KgCeMGBs
R3Sv0rbyHDEAXXRgWTPkc/A=
=Aieu
-----END PGP SIGNATURE-----
More information about the Zope3-dev
mailing list