apparmor-profile-everything icon indicating copy to clipboard operation
apparmor-profile-everything copied to clipboard

Published 20 hours ago verified publisher icon Kicksecure

Release under Apache-2.0 compatible license

Open savchenko opened this issue 4 years ago • 4 comments

@adrelanos & @madaidan ,

Would you consider releasing AppArmor profiles under something that is compatible with Apache-2.0? I'd love to include the pre-built *.deb into savchenko/debian as the user-selectable option, but it turns out that licenses have only one-way compatibility:

However, GPLv3 software cannot be included in Apache projects. The licenses are incompatible in one direction only, and it is a result of ASF's licensing philosophy and the GPLv3 authors' interpretation of copyright law.

Reference

savchenko avatar Aug 18 '21 12:08 savchenko

Not legal advice:

Since presumably it's not compiled or linked, I don't think a license change is required. It's a compilation. A Debian installer iso is similar, a compilation. Contains various libre licenses including gpl, apache.

a packages.debian.org free repository package:

  • is a compressed archive
  • can contain files that are under gpl and/or apache at the same time
  • is a compilation

an official Debian free iso image:

  • is a compressed archive
  • can contain deb packages/files that are under gpl and/or apache
  • is a compilation

adrelanos avatar Aug 18 '21 16:08 adrelanos

Since presumably it's not compiled or linked, I don't think a license change is required. It's a compilation.

As we're talking about binary *.deb, I'd stay on the cautious side. That being said, as the project owner you can resolve this via single-line "I allow @savchenko to package AppArmor profiles under Apache-2.0 in Debian". This will be highly appreciated indeed.

savchenko avatar Aug 18 '21 23:08 savchenko

Since presumably it's not compiled or linked, I don't think a license change is required. It's a compilation.

Compilation within this meaning: https://opensource.stackexchange.com/questions/354/distributing-an-operating-system-dvd-bundling-proprietary-and-gnu-gpl-software

As we're talking about binary *.deb, I'd stay on the cautious side.

A deb is a compressed archive. Not a compiled binary.

An iso is also a compressed archive. Not a compiled binary.

Ubuntu iso mixes it all, GPL, apache license and proprietary drivers. That iso is a compilation of various software all under different licenses.

Maybe consider this:

  • https://www.fsf.org/licensing mentions [email protected] which is free, I used it before a few years ago, I've been told before is a private, internal mailing list with more than 100 lawyers.
  • https://fsfe.org might be providing a similar service.
  • Other similar orgs probably provide similar services too.

I suggest to sort this out generally so you don't have to chase projects asking them to change license whenever this happens.

That being said, as the project owner you can resolve this via single-line "I allow @savchenko to package AppArmor profiles under Apache-2.0 in Debian".

Since @madaidan is the main contributor of this very repository, a license change or dual licensing could be considered, if @madaidan would be in favor of that. I am however sure it's not required here.

adrelanos avatar Aug 19 '21 09:08 adrelanos

@madaidan, can you please state your position?

savchenko avatar Sep 09 '21 13:09 savchenko

https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/484

adrelanos avatar Jan 15 '24 15:01 adrelanos