[sword-devel] Licensing audit of SWORD for Fedora - sharing results with upstream

Greg Hellings greg.hellings at gmail.com
Thu Oct 5 14:06:36 EDT 2023


I've gone ahead and directly added you as an admin on the two projects.

On Thu, Oct 5, 2023 at 1:00 PM Aaron Rainbolt <arraybolt3 at gmail.com> wrote:

> On 9/28/23 11:29, Greg Hellings wrote:
> >
> >
> > On Thu, Sep 28, 2023, 12:14 Aaron Rainbolt <arraybolt3 at gmail.com> wrote:
> >
> >     Hey, thanks for your help!
> >
> >     I was able to just repack and remove most everything offending. I
> >     figured I should share the info upstream so that if there was
> >     anything
> >     you wanted to do on your end, you could, but obviously if you're
> >     comfortable keeping things as they are, I don't have a problem
> >     with that :)
> >
> >
> > There are others who are pumpkin holders for separate parts and
> > they'll need to decide on updating their pieces. I own CMake and the
> > Swig bindings (Python and Perl for us).
> >
> >
> >     I'll submit a patch for the Python bindings, the fix was fairly
> >     simple.
> >
> >     As for ftpparse, I could potentially try writing a replacement myself
> >     and license it as GPLv2. We already probably have a good starting
> >     point
> >     since the FileZilla project is under GPL-2.0-or-later, and appears to
> >     have its own independently developed directory litsing parser
> >     written in
> >     C++ (see
> >
> https://svn.filezilla-project.org/filezilla/FileZilla3/trunk/src/engine/directorylistingparser.cpp?revision=10945&view=markup
> >     <
> https://svn.filezilla-project.org/filezilla/FileZilla3/trunk/src/engine/directorylistingparser.cpp?revision=10945&view=markup
> >).
> >
> >     We could port the logic from that into something SWORD-compatible
> >     perhaps?
> >
> >
> > That would probably work. Part of the goal with SWORD is that it needs
> > no hard external library dependencies. Thus why ftpparse has been
> > included inline. A novel contribution that replaces those but is still
> > highly portable C would likely be welcomed.
> >
> >
> >     One more question about the CMake files, you mention that
> >     FindXZ.cmake
> >     is your original contribution and would be GPLv2, but it appears
> >     to be
> >     ported from the BSD-3-Clause FindBZIP2.cmake. Just to be clear,
> >     since it
> >     contains your modifications, it should be "upgraded" to GPLv2 as
> >     it now
> >     contains your GPLv2 contributions? If so, are there any other
> >     files in
> >     the CMake folder that should be similarly "upgraded"? Potentially
> >     all of
> >     them if they've all had to be modified for SWORD?
> >
> >
> > I don't believe I had to modify anything. They were simply pulled in
> > so I could maintain support for old versions of CMake - like on CentOS
> > 6 and old Ubuntu LTS versions at the time - that had the core
> > functionality needed but just lacked a file which newer CMake had
> > bundled. Including most of them is likely a moot point by now as those
> > versions are ancient. Yes, I undoubtedly modified it from FindBZIP2 as
> > it was a later addition to the optional dependencies. The only reason
> > to upgrade to GPL2 is that it's the exclusive license and version for
> > SWORD contributions, in absence of compelling reasons to the contrary.
> >
> >
> >     Thanks so much for your help! Also, did you also previously maintain
> >     Xiphos and Bibletime? If so, I would love to take maintainership of
> >     those too so I can keep everything SWORD-related from dropping out of
> >     Fedora.
> >
> >
> > I'm fairly certain that I am. If not the owner I was the defacto
> > maintainer. You are welcome to take over those packages, for sure. Let
> > me know if you need me to do the needful for that. I don't think
> > they've been officially orphaned for F39, but would be on the chopping
> > block for F40 in the absence of sword making it back in.
>
> Thanks! If all of the comaintainers for Xiphos and BibleTime are also no
> longer available or interested, I think it would be helpful if you could
> go into https://src.fedoraproject.org/rpms/xiphos and
> https://src.fedoraproject.org/rpms/bibletime and click the "Orphan"
> button on those. I'll take them once that's done and should be able to
> help keep them maintained.
>
> Thanks for all your help, and God bless!
>
> Aaron
>
> >
> > --Greg
> >
> >
> >     God bless, and thanks again.
> >
> >     Aaron
> >
> >     On 9/28/23 07:05, Greg Hellings wrote:
> >     > Aaron,
> >     >
> >     > As the previous maintainer who dropped support, thank you for
> >     picking
> >     > it up. I have moved on from being a Fedora user (NixOS these
> >     days) and
> >     > was no longer maintaining those packages nor the apps that
> >     depend on
> >     > it. I am, however, the pumpkin holder for the Python and Perl
> >     > bindings. If you want to submit a patch to us that gets those
> >     working
> >     > again I would be happy to include it upstream.
> >     >
> >     > Any files under the cmake folder were contributed by me. Those
> >     noting
> >     > a license were taken from later CMake versions and would match
> >     > licenses there. The FindXZ file is my original contribution and is
> >     > under the GPLv2 like all other original SWORD code.
> >     >
> >     > The gSOAP and Objective-C bindings should be safe to remove in
> >     Fedora
> >     > as there is no need for them there.
> >     >
> >     > The win32 files would only affect the MinGW build of sword in
> >     Fedora,
> >     > which was not retired as it was unaffected by the Python changes.
> >     >
> >     > ftpparse is a constant thorn in our side whenever people become
> >     hung
> >     > up on the commercial clause. While not strictly necessary to
> >     SWORD, as
> >     > HTTP and HTTPS are supported if the library is built with cURL
> >     > support, it would be a huge loss of functionality for most
> >     users. It
> >     > probably is time to consider rewriting their functionality.
> >     >
> >     > The Android jar file is also unnecessary for your packaging and you
> >     > can safely delete it. And the whole pqa folder for diatheke
> >     should be
> >     > tossed. Likely at the SVN level, as I'm sure we are not building
> >     Palm
> >     > binaries anymore.
> >     >
> >     > Hope that helps.
> >     >
> >     > --Greg
> >     >
> >     >
> >     > On Thu, Sep 28, 2023, 01:06 Aaron Rainbolt
> >     <arraybolt3 at gmail.com> wrote:
> >     >
> >     >     Good morning/evening, and thanks for your time.
> >     >
> >     >     Recently SWORD was removed from Fedora 39 because of a bug
> >     >     relating to
> >     >     the python bindings (it's still using distutils rather than
> >     >     setuptools,
> >     >     which needed to be fixed, but the maintainer didn't fix it in
> >     >     time). I'm
> >     >     attempting to get SWORD back into Fedora by fixing the
> >     issue, but
> >     >     as the
> >     >     package was already retired, I'm preparing to reintroduce it
> >     as if it
> >     >     were being added for the first time. For the sake of making
> >     things go
> >     >     smoothly, I did a full licensing audit on the SWORD source
> >     code to
> >     >     ensure that all licenses were compliant with Fedora's
> >     requirements.
> >     >
> >     >     Some of the results of this audit were less-than-ideal, so I
> >     >     thought I
> >     >     would share the results with you so that you can take any
> >     measures
> >     >     you
> >     >     deem appropriate. I'm in the process of resolving these
> >     issues in
> >     >     Fedora.
> >     >
> >     >     * There are several files under sword-1.9.0/cmake that have
> >     unclear
> >     >     licenses (referring to "the BSD license" but without
> >     specifying which
> >     >     version, and telling the user to look at a file that doesn't
> >     exist
> >     >     for
> >     >     the license details). I *believe* these files are licensed
> under
> >     >     BSD-3-Clause, as I found the original source for all but one
> >     of them,
> >     >     however I could not find the original source for
> >     >     sword-1.9.0/cmake/FindXZ.cmake.
> >     >
> >     >     * The gSOAP bindings contain a file,
> >     >     sword-1.9.0/bindings/gsoap/include/stdsoap.h, which has no
> >     license
> >     >     and
> >     >     an "All rights reserved" notice.
> >     >
> >     >     * The Objective-C bindings have a similar problem - the
> >     following
> >     >     files
> >     >     under sword-1.9.0/bindings/objc all have no license and an "All
> >     >     rights
> >     >     reserved" notice:
> >     >         - ObjCSword.h
> >     >         - src/Notifications.h (yes I realize this file consists
> >     >     entirely of
> >     >     comments but this is still worrying)
> >     >         - src/SwordBibleBook.h
> >     >         - src/SwordBibleBook.m
> >     >         - src/SwordBibleChapter.h
> >     >         - src/SwordBibleChapter.m
> >     >         - src/SwordBibleTextEntry.h
> >     >         - src/SwordBibleTextEntry.m
> >     >         - src/SwordInstallSource.h
> >     >         - src/SwordInstallManager.h
> >     >         - src/SwordInstallManager.mm
> >     >         - src/SwordInstallSource.mm
> >     >         - src/SwordKey.h
> >     >         - src/SwordKey.m
> >     >         - src/SwordListKey.h
> >     >         - src/SwordListKey.mm
> >     >         - src/SwordLocaleManager.h
> >     >         - src/SwordLocaleManager.mm
> >     >         - src/SwordModuleIndex.h
> >     >         - src/SwordModuleIndex.m
> >     >         - src/SwordModuleTextEntry.h
> >     >         - src/SwordModuleTextEntry.m
> >     >         - src/SwordTreeEntry.h
> >     >         - src/SwordTreeEntry.m
> >     >         - src/SwordVerseKey.h
> >     >         - src/SwordVerseKey.mm
> >     >         - src/SwordVerseManager.h
> >     >         - src/SwordVerseManager.m
> >     >         - src/VerseEnumerator.h
> >     >         - src/VerseEnumerator.m
> >     >         - src/services/Configuration.h
> >     >         - src/services/Configuration.m
> >     >         - src/services/iOSConfiguration.h
> >     >         - src/services/iOSConfiguration.m
> >     >         - src/services/OSXConfiguration.h
> >     >         - src/services/OSXConfiguration.m
> >     >         - SWORD/SWORD/SWORD.h
> >     >         - SWORD/SWORD/SWORD.m
> >     >         - test/SwordListKeyTest.h
> >     >         - test/SwordListKeyTest.m
> >     >         - test/SwordModuleLongRunTest.h
> >     >         - test/SwordModuleLongRunTest.mm
> >     >         - test/SwordModuleTest.h
> >     >         - test/SwordModuleTest.m
> >     >
> >     >     * Two files under sword-1.9.0/src/utilfuns/win32 are under
> >     non-free
> >     >     licenses - they prohibit the sale of media containing those
> >     files for
> >     >     anything greater than the cost of distribution.
> >     >
> >     >     * The files sword-1.9.0/include/ftpparse.h and
> >     >     sword-1.9.0/src/utilfuns/ftpparse.c are under informal non-free
> >     >     licenses
> >     >     prohibiting commercial use unless the copyright owner is
> >     informed of
> >     >     what program uses the files. This code appears to be critical
> to
> >     >     SWORD's
> >     >     functionality (as FTP is used for module downloading), so I
> have
> >     >     attempted to contact the author and ask that ftpparse be
> >     >     relicensed to
> >     >     0BSD (which should be compatible with the licenses in SWORD).
> >     >
> >     >     In addition to the above, I discovered some pre-built binary
> >     files
> >     >     floating around:
> >     >         -
> >     >
> >      sword-1.9.0/bindings/Android/SWORD/gradle/wrapper/gradle-wrapper.jar
> >     >         - sword-1.9.0/utilities/diatheke/pqa/Diatheke.pqa
> >     >
> >     >     While these aren't strictly a problem, they do have to be
> >     removed in
> >     >     Fedora. You might consider removing them from your SVN repo if
> >     >     possible
> >     >     and not too inconvenient.
> >     >
> >     >     I hope this message finds you all doing well! God bless, and
> >     >     thanks for
> >     >     all the work you've put into the SWORD Project!
> >     >
> >     >     _______________________________________________
> >     >     sword-devel mailing list: sword-devel at crosswire.org
> >     > http://crosswire.org/mailman/listinfo/sword-devel
> >     >     Instructions to unsubscribe/change your settings at above page
> >     >
> >     >
> >     > _______________________________________________
> >     > sword-devel mailing list: sword-devel at crosswire.org
> >     > http://crosswire.org/mailman/listinfo/sword-devel
> >     > Instructions to unsubscribe/change your settings at above page
> >     _______________________________________________
> >     sword-devel mailing list: sword-devel at crosswire.org
> >     http://crosswire.org/mailman/listinfo/sword-devel
> >     Instructions to unsubscribe/change your settings at above page
> >
> >
> > _______________________________________________
> > sword-devel mailing list: sword-devel at crosswire.org
> > http://crosswire.org/mailman/listinfo/sword-devel
> > Instructions to unsubscribe/change your settings at above page
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20231005/835c07b1/attachment-0001.htm>


More information about the sword-devel mailing list