[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: OpenSSL and ECC patents (was Re: Mesa in F37- vaapi support disabled for h264/h265/vc1)
From: "Michael J Gruber" <mjg () fedoraproject ! org>
Date: 2022-09-28 11:15:07
Message-ID: 20220928111507.6217.46418 () mailman01 ! iad2 ! fedoraproject ! org
[Download RAW message or body]
As Fedora users and contributors, we profit a lot from everything that RedHat \
provides to the Fedora project, be it infra, people-power or "leverage" (talking to \
vendors etc.). In turn, RedHat can expect a certain amount of understanding from "us" \
for their business interests, which include legal liabilities, of course.
Understanding is helped greatly by communication, though. Legal answers such as "We \
can not" do not further this understanding, and "We can not and we can not tell you \
why" is not much better, but these are the typical answer we get, not even with a \
"sorry, but we can't". Obviously, these legal questions are difficult to explain, but \
it can't be true that each such case is under a "gag order". This non-transparency is \
orthogonal to our first F and hurts all efforts to increase the number of \
contributors.
Now, I don't expect the communication issue to be resolved any time soon. Therefore \
it's important to work on the other major friction point: How difficult do we make it \
for users/contributors to get the missing bits that they need or can (because they \
are no distributors, in a different jurisdiction etc.)?
rpmfusion/gstreamer is a prime example of how things can work flawlessly, and takes \
into account all interests.
ffmpeg is a prime example of "in your face", of course, and I'm happy to read that it \
may get resolved.
The other big issue are our hobbled sources: We cannot store some original sources in \
the look-aside cache, obviously. But packages such as openssl do not even specify a \
hash nor an url for the un-hobbled sources. This makes it unncessarily difficult to \
verify that our openssl package has indeed been built against against the hobbled \
version of the original sources - for a package like openssl this really is a trust \
issue (and might even violate our packaging guidelines, but I'm not a lawyer...).
As a side effect, it makes it unnecesarily difficult to rebuild the package locally \
(though it does not effectively inhibit it either, of course; it is not an "effective \
measure" for that cause). I do understand that providing a functional link can be \
construed to be "redistribution", but in the context of a spec file, a comment really \
is a reference to the "source of the source", without which we cannot even claim to \
distribute the hobbled version legally (and without which we have no trust chain).
Note that depending on the legal outcome mesa might have to go the hobbled route, \
too: simply disabling the codecs in %build does not change anything about \
redistributing the source. _______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic