[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: OpenSSL and ECC patents (was Re: Mesa in F37- vaapi support disabled for h264/h265/vc1)
From:       Neal Gompa <ngompa13 () gmail ! com>
Date:       2022-09-28 12:21:42
Message-ID: CAEg-Je8vbdcF1Em18XS0tyrWbVU6oYs6Jzqm1yrR_6M-XiXyXw () mail ! gmail ! com
[Download RAW message or body]

On Wed, Sep 28, 2022 at 1:15 PM Michael J Gruber <mjg@fedoraproject.org> wrote:
> 
> As Fedora users and contributors, we profit a lot from everything that RedHat \
> provides to the Fedora project, be it infra, people-power or "leverage" (talking to \
> vendors etc.). In turn, RedHat can expect a certain amount of understanding from \
> "us" for their business interests, which include legal liabilities, of course. 
> Understanding is helped greatly by communication, though. Legal answers such as "We \
> can not" do not further this understanding, and "We can not and we can not tell you \
> why" is not much better, but these are the typical answer we get, not even with a \
> "sorry, but we can't". Obviously, these legal questions are difficult to explain, \
> but it can't be true that each such case is under a "gag order". This \
> non-transparency is orthogonal to our first F and hurts all efforts to increase the \
> number of contributors. 
> Now, I don't expect the communication issue to be resolved any time soon. Therefore \
> it's important to work on the other major friction point: How difficult do we make \
> it for users/contributors to get the missing bits that they need or can (because \
> they are no distributors, in a different jurisdiction etc.)? 
> rpmfusion/gstreamer is a prime example of how things can work flawlessly, and takes \
> into account all interests. 
> ffmpeg is a prime example of "in your face", of course, and I'm happy to read that \
> it may get resolved. 

Let's talk for a moment here about this. I'm going to give you some
"inside baseball" (or at least as much as I can). I can tell you up
front that ffmpeg in Fedora is *entirely* my fault.

I spent many years tirelessly trying to come up with a solution to
bring FFmpeg into Fedora. It started from the moment we got approval
to introduce MPEG1 and MPEG2 codecs into Fedora. I cannot overstate
how much back-and-forth with Red Hat Legal it took to figure it out.
Over the last few years, more and more codecs got gradually approved,
until we got to a point that enough codecs were approved that it made
sense to finally produce a package to introduce. I had been trying to
come up with a stripped FFmpeg source tree to deliver and was not
succeeding until Andreas Scheider came up with the scripts to do it
properly. That breakthrough allowed us to bring FFmpeg into Fedora as
ffmpeg-free.

It was my choice to be quiet about its introduction, because I was
being verbally and emotionally abused by other community members over
it and I didn't want to invite more by making a big announcement like
we did for mp3. At one point, I got so stressed over it that I became
physically ill for weeks.

Do I regret this work? No. I still firmly believe this is going to
improve the usefulness of baseline Fedora and expand the pressure to
improve and prioritize Free Software in the Linux space. Do I want to
do something like this again? I don't know. It really sucked and in
the end all I got was hate for it. I want to make Fedora the best
Linux distribution out there, but I also don't want to create a
situation where all Fedora users and contributors are in legal
jeopardy.

> The other big issue are our hobbled sources: We cannot store some original sources \
> in the look-aside cache, obviously. But packages such as openssl do not even \
> specify a hash nor an url for the un-hobbled sources. This makes it unncessarily \
> difficult to verify that our openssl package has indeed been built against against \
> the hobbled version of the original sources - for a package like openssl this \
> really is a trust issue (and might even violate our packaging guidelines, but I'm \
> not a lawyer...). 

I'm (personally, though IANAL) of the opinion that the hobbling of
crypto libraries is probably no longer necessary and can be retired
entirely. The method of producing the stripped sources is
reproducible, so from our guidelines perspective, it's fine. But I do
think it's probably obsolete, and I hope Red Hat Legal concurs.

> As a side effect, it makes it unnecesarily difficult to rebuild the package locally \
> (though it does not effectively inhibit it either, of course; it is not an \
> "effective measure" for that cause). I do understand that providing a functional \
> link can be construed to be "redistribution", but in the context of a spec file, a \
> comment really is a reference to the "source of the source", without which we \
> cannot even claim to distribute the hobbled version legally (and without which we \
> have no trust chain). 
> Note that depending on the legal outcome mesa might have to go the hobbled route, \
> too: simply disabling the codecs in %build does not change anything about \
> redistributing the source.

That will depend on how much codec detail exists in the Mesa codebase.
I would guess not enough to matter, but IANAL.

Here's something of a drop-kick for you though: those
hardware-accelerated codecs that Dave Airlie disabled from Mesa
weren't being used by *anything* in Fedora anyway. Not GStreamer, not
FFmpeg, not Chromium, etc. We've been extremely careful to ensure we
don't provide a "completed puzzle" as it were for those codecs. In
practice, you are getting *nothing* from those codecs anyway. Fedora
has only provided working hardware acceleration for unencumbered
codecs. That list is expanding all the time, but for now this means
you're basically only going to see MPEG1, MPEG2, VP8, VP9, and AV1
acceleration. Everything else is currently off the table.


-- 
真実はいつも一つ！/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
 Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


[prev in list] [next in list] [prev in thread] [next in thread]