[HTTPS-Everywhere] License issue with utils/zipfile_deterministic.py (was: 3.4.2 and 4.0development.13 released)

Fri Oct 18 16:31:25 PDT 2013

It is a perverse victory of the copyright system that so many brilliant
programmers waste so much of their time worrying about very minor details
of licensing.  This is a terrible and ironic problem in the
free software community; our objective should be to free ourselves from
the oppresion of copyright, not perpetuate it [1].

I've adjusted the LICENSE.txt file to indicate the lineage of that file.
We aren't shipping it in the .xpi or .crx files, so we don't need to
worry about anything in the extensions themselves; it just needs to be
clear in the source tree.

[1] If anyone wishes to waste more time on this, they can read chapter 8
of my PhD, http://reworld.org/phd.pdf ;)

On Sat, Oct 05, 2013 at 10:14:36AM -0700, Yan Zhu wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sat 05 Oct 2013 07:26:11 AM PDT, Jérémy Bobbio wrote:
> > Micah Lee:
> >> Actually, Yan and I just discovered that this release isn't _quite_
> >> deterministic. So we'll have to wait for our next release to make the
> >> announcement.
> >>
> >> The build process in the HTTPS Everywhere repository is completely
> >> deterministic for Firefox, but when we do public releases we run a
> >> separate unpublished script to make things easier. We didn't update
> >> this script before making this release, so we'll have to update it
> >> before the next release before the xpi is actually deterministic.
> >
> > Also, I suspect there is a license problem with the new so I'm not going
> > to update the Debian package for now:
> >
> 
> We also realized this a moment after updating. Currently, it seems like
> we would need to include a copy of
> http://www.python.org/download/releases/2.6/license/ in the repository
> and also "include the notice “"Python" is a registered trademark of the
> Python Software Foundation” in the appropriate part of your
> documentation or About box and place the “®” symbol after the first
> mention of “Python” in your documentation."
> (https://wiki.python.org/moin/PythonSoftwareFoundationLicenseFaq#If_I_bundle_Python_with_my_application.2C_what_do_I_need_to_include_in_my_software_and.2For_printed_documentation.3F)
> 
> Actually, does this mean we should have done the latter even before
> this release if we mentioned Python anywhere in our documentation or
> comments?
> 
> > There's no indication of a license for utils/zipfile_deterministic.py
> > except that it says it's a fork. Fork means that there is an initial
> > code base, and the latter usually has authors and copyrights.
> >
> > Python is crazily versatile. Can't this be fixed by a monkey patch?
> > If not, could you provide proper license and authorship information?
> 
> Thanks! The only downside of a monkey patch as far as I can tell is
> that the build would be a few seconds slower, because we would create a
> non-deterministic zipped file, canonicalize the zipinfo values, and
> then write to a new zipfile. But then again, since usually developers
> don't care about making a deterministic build when testing the
> extension, this could just be an optional process that happens after
> the normal build process, taking the zip file created by makexpi.sh as
> input.
> 
> I think this is actually a better design, so I'll volunteer to go ahead
> and change it.
> 
> - -Yan
> 
> >
> > Thanks!
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJSUEj8AAoJENC7YDZD/dnsqvkH/01rMvVGL3rMx75YdUU0s1Zh
> NG/KRxeTBSp40r2PXXIvsmWJRISE1Qp/4VipbKmaJ7THnj38TTUi2Y1hrVhRIPCT
> j88i19T3DyFB7MD0b/DLBYZhHElsO06wozu1VrTx0iCAKpu8ZG8zgVryWrx3SFGj
> Wf7LZVIX0YyLuFPORDA53ddvFxtyspM3j1l1QgGgzFyPcGDSiRo3dAEpCPcoggTW
> 2ejYxEeWloggv3qEJZNM5vfbJ/xptgQ1qahdzhkO2IPUzBTbefahFRuXn7SWCHQF
> geDDy/rgRlUEndry3SzhqZurCDQRVYodvKQ2p2VhqTbRjGacNmvFGhPIXVACdVk=
> =GZd6
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993