[sword-devel] Licensing audit of SWORD for Fedora - sharing results with upstream

Thu Sep 28 08:05:00 EDT 2023

Aaron,

As the previous maintainer who dropped support, thank you for picking it
up. I have moved on from being a Fedora user (NixOS these days) and was no
longer maintaining those packages nor the apps that depend on it. I am,
however, the pumpkin holder for the Python and Perl bindings. If you want
to submit a patch to us that gets those working again I would be happy to
include it upstream.

Any files under the cmake folder were contributed by me. Those noting a
license were taken from later CMake versions and would match licenses
there. The FindXZ file is my original contribution and is under the GPLv2
like all other original SWORD code.

The gSOAP and Objective-C bindings should be safe to remove in Fedora as
there is no need for them there.

The win32 files would only affect the MinGW build of sword in Fedora, which
was not retired as it was unaffected by the Python changes.

ftpparse is a constant thorn in our side whenever people become hung up on
the commercial clause. While not strictly necessary to SWORD, as HTTP and
HTTPS are supported if the library is built with cURL support, it would be
a huge loss of functionality for most users. It probably is time to
consider rewriting their functionality.

The Android jar file is also unnecessary for your packaging and you can
safely delete it. And the whole pqa folder for diatheke should be tossed.
Likely at the SVN level, as I'm sure we are not building Palm binaries
anymore.

Hope that helps.

--Greg

On Thu, Sep 28, 2023, 01:06 Aaron Rainbolt <arraybolt3 at gmail.com> wrote:

> Good morning/evening, and thanks for your time.
>
> Recently SWORD was removed from Fedora 39 because of a bug relating to
> the python bindings (it's still using distutils rather than setuptools,
> which needed to be fixed, but the maintainer didn't fix it in time). I'm
> attempting to get SWORD back into Fedora by fixing the issue, but as the
> package was already retired, I'm preparing to reintroduce it as if it
> were being added for the first time. For the sake of making things go
> smoothly, I did a full licensing audit on the SWORD source code to
> ensure that all licenses were compliant with Fedora's requirements.
>
> Some of the results of this audit were less-than-ideal, so I thought I
> would share the results with you so that you can take any measures you
> deem appropriate. I'm in the process of resolving these issues in Fedora.
>
> * There are several files under sword-1.9.0/cmake that have unclear
> licenses (referring to "the BSD license" but without specifying which
> version, and telling the user to look at a file that doesn't exist for
> the license details). I *believe* these files are licensed under
> BSD-3-Clause, as I found the original source for all but one of them,
> however I could not find the original source for
> sword-1.9.0/cmake/FindXZ.cmake.
>
> * The gSOAP bindings contain a file,
> sword-1.9.0/bindings/gsoap/include/stdsoap.h, which has no license and
> an "All rights reserved" notice.
>
> * The Objective-C bindings have a similar problem - the following files
> under sword-1.9.0/bindings/objc all have no license and an "All rights
> reserved" notice:
>     - ObjCSword.h
>     - src/Notifications.h (yes I realize this file consists entirely of
> comments but this is still worrying)
>     - src/SwordBibleBook.h
>     - src/SwordBibleBook.m
>     - src/SwordBibleChapter.h
>     - src/SwordBibleChapter.m
>     - src/SwordBibleTextEntry.h
>     - src/SwordBibleTextEntry.m
>     - src/SwordInstallSource.h
>     - src/SwordInstallManager.h
>     - src/SwordInstallManager.mm
>     - src/SwordInstallSource.mm
>     - src/SwordKey.h
>     - src/SwordKey.m
>     - src/SwordListKey.h
>     - src/SwordListKey.mm
>     - src/SwordLocaleManager.h
>     - src/SwordLocaleManager.mm
>     - src/SwordModuleIndex.h
>     - src/SwordModuleIndex.m
>     - src/SwordModuleTextEntry.h
>     - src/SwordModuleTextEntry.m
>     - src/SwordTreeEntry.h
>     - src/SwordTreeEntry.m
>     - src/SwordVerseKey.h
>     - src/SwordVerseKey.mm
>     - src/SwordVerseManager.h
>     - src/SwordVerseManager.m
>     - src/VerseEnumerator.h
>     - src/VerseEnumerator.m
>     - src/services/Configuration.h
>     - src/services/Configuration.m
>     - src/services/iOSConfiguration.h
>     - src/services/iOSConfiguration.m
>     - src/services/OSXConfiguration.h
>     - src/services/OSXConfiguration.m
>     - SWORD/SWORD/SWORD.h
>     - SWORD/SWORD/SWORD.m
>     - test/SwordListKeyTest.h
>     - test/SwordListKeyTest.m
>     - test/SwordModuleLongRunTest.h
>     - test/SwordModuleLongRunTest.mm
>     - test/SwordModuleTest.h
>     - test/SwordModuleTest.m
>
> * Two files under sword-1.9.0/src/utilfuns/win32 are under non-free
> licenses - they prohibit the sale of media containing those files for
> anything greater than the cost of distribution.
>
> * The files sword-1.9.0/include/ftpparse.h and
> sword-1.9.0/src/utilfuns/ftpparse.c are under informal non-free licenses
> prohibiting commercial use unless the copyright owner is informed of
> what program uses the files. This code appears to be critical to SWORD's
> functionality (as FTP is used for module downloading), so I have
> attempted to contact the author and ask that ftpparse be relicensed to
> 0BSD (which should be compatible with the licenses in SWORD).
>
> In addition to the above, I discovered some pre-built binary files
> floating around:
>     - sword-1.9.0/bindings/Android/SWORD/gradle/wrapper/gradle-wrapper.jar
>     - sword-1.9.0/utilities/diatheke/pqa/Diatheke.pqa
>
> While these aren't strictly a problem, they do have to be removed in
> Fedora. You might consider removing them from your SVN repo if possible
> and not too inconvenient.
>
> I hope this message finds you all doing well! God bless, and thanks for
> all the work you've put into the SWORD Project!
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20230928/6705999e/attachment.htm>