Bug#361846: [Pkg-openldap-devel] Bug#361846: reopening 361846, reassign 361846 to slapd

Russ Allbery rra at debian.org
Tue Oct 3 18:08:16 UTC 2006 

Quanah Gibson-Mount <quanah at stanford.edu> writes:

> Significant parts of core.schema are hard coded into OpenLDAP.

Implementing something from a document is not the same thing as including
that document in the distribution.  Copyright law does not cover
implementations, only reuse of creative work.  However, in this case, the
substance of what is included is purely the interface specification, which
as mentioned previously I don't believe to be copyrightable under US law
(and since both the IESG and the copyright holder for OpenLDAP are located
in the US, I believe US law is the relevant legal structure here).

The correct thing to do is therefore to remove the RFC license from this
distributed schema since it doesn't actually apply.  Ideally, OpenLDAP
should do that upstream.  If not, Debian can do it.

> And I'm pretty sure just about all LDAP servers implement core.schema.
> And amazingly, no license problems.

Well, I agree that in this case there's isn't a license problem.  However,
that Debian is more careful about licenses than most other organizations
shouldn't come as a surprise to anyone.  License problems don't cause
segfaults, so many of them persist for years in large numbers of software
packages.  Even commercial distributions with regular legal counsel do not
routinely review the licensing content of every file in every package they
ship.

> And, as I read it, it doesn't say the document can't be modified.  In
> fact, it quite clearly says the document *can* be modified:

Yes, but only by the IETF or translators:

> ## However, this document itself may not be modified in any way, such as
> ## by removing the copyright notice or references to the Internet
> ## Society or other Internet organizations, except as needed for the
> ## purpose of developing Internet standards in which case the procedures
> ## for copyrights defined in the Internet Standards process must be
> ## followed, or as required to translate it into languages other than
> ## English.

> What it says, is that you cannot modify or remove the license, at least
> the way I read it.

I don't believe that reading is defensible.  The distinction drawn at the
beginning of the license is between derivative works that explain or
assist in implementation and the standards document itself.

This is the standard IETF RFC license, which has been commented on at
length elsewhere and does prohibit modification of the text of the RFCs.
That was the intention of the license; it isn't accidental
(unfortunately).  All IETF RFCs are non-free from Debian's perspective
(with the exception of some older ones that predate the current copyright
policy) and cannot be distributed in main.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

More information about the Pkg-openldap-devel mailing list