Number: 1608
Title: license problems
Submitter: Simon Steiner
Date: Fri Mar 20 12:12:35 2009
Subsys: Dot
Version: 2.22.2
System: *-*-
Severity: critical
Problem:
Hi,

The files under graphviz-2.22.2/lib/gvc are under LGPL, are you statically linking to them.


LGPL:

graphviz-2.22.2/lib/gvc/regex_win32.c graphviz-2.22.2/lib/gvc/regex_win32.h

Files under graphviz-2.22.2/lib/gd does not have license reference

graphviz-2.22.2/lib/gd/gdfontg.c graphviz-2.22.2/lib/gd/gdfontg.h graphviz-2.22.2/lib/gd/gdfontl.c graphviz-2.22.2/lib/gd/gdfontl.h graphviz-2.22.2/lib/gd/gdfontt.c graphviz-2.22.2/lib/gd/gdfontt.h

1: 2: 3: /* 4: This is a header file for gd font, generated using 5: bdftogd version 0.51 by Jan Pazdziora, adelton@fi.muni.cz 6: from bdf font 7: -Misc-Fixed-Bold-R-Normal-Sans-15-140-75-75-C-90-ISO8859-2 8: at Mon Jan 26 14:45:58 1998. 9: The original bdf was holding following copyright: 10: "Libor Skarvada, libor@informatics.muni.cz"

graphviz-2.22.2/lib/gd/gdft.c references to "license.terms" which is missing same issue with graphviz-2.22.2/lib/glcomp/

graphviz-2.22.2/lib/gd/gdft.c 167: * 168: * Routines for manipulating UTF-8 strings. 169: * 170: * Copyright (c) 1997-1998 Sun Microsystems, Inc. 171: * 172: * See the file "license.terms" for information on usage and redistribution 173: * of this file, and for a DISCLAIMER OF ALL WARRANTIES. 174: * 175: * SCCS: @(#) tclUtf.c 1.25 98/01/28 18:02:43

graphviz-2.22.2/lib/glcomp/glTexFont.h graphviz-2.22.2/lib/glcomp/glTexFontTGA.h graphviz-2.22.2/lib/glcomp/glTexFont.c graphviz-2.22.2/lib/glcomp/glTexFontColor.c graphviz-2.22.2/lib/glcomp/glTexFontTGA.c

1 /* 2 Copyright (c) 1999 Nate Miller 3 4 Notice: Usage of any code in this file is subject to the rules 5 described in the LICENSE.TXT file included in this directory. 6 Reading, compiling, or otherwise using this code constitutes 7 automatic acceptance of the rules in said text file.

no license for the mentioned files in graphviz-2.22.2/plugin/quartz/

graphviz-2.22.2/plugin/quartz/GVTextLayout.h graphviz-2.22.2/plugin/quartz/GVTextLayout.m

3 // 4 // 5 // Created by Glen Low on 3/01/09. 6 // Copyright 2009 Pixelglow Software. All rights reserved. 7 //

Thanks
Comments:
[north] Thank you for the information. There may be some things we need to clean up.

Regarding your statement, "The files under graphviz-2.22.2/lib/gvc are under LGPL", I do not believe this is correct, as many of the files were written by us. Are you referring to the regex source files only?

Regarding libgd, since gdft.c refers to code from tclUtf.c from the TCL release, which in term refers to license.terms.

Since you are pointing this out as a problem, did you find and read those terms and is there some reason you are not satisfied?

Now I'm wondering why a representative of Nokia is acting as a police inspector, though we do appreciate the opportunity to keep our code free of unwanted legal entanglements.

As you may know, AT&T, including AT&T Mobility is a major customer of Nokia. We hope there is a spirit of good will and cooperation. I work closely with the office of the Chief Scientist of AT&T so if you see a problem here I can escalate it at once. Who is your executive officer at Nokia?

[simon] If we want to include open source software in our releases then we need to have the sources checked for any errors. We are not the police and this is not important to raise with any managers. I report any mistakes found to authors of OSS to try to get them resolved.

Do you have any comments about the plugin/quartz files?

no license for the mentioned files in graphviz-2.22.2/plugin/quartz/


graphviz-2.22.2/plugin/quartz/GVTextLayout.h
graphviz-2.22.2/plugin/quartz/GVTextLayout.m

3 // 4 // 5 // Created by Glen Low on 3/01/09. 6 // Copyright 2009 Pixelglow Software. All rights reserved.

[ellson] The LGPL licensing problem in lib/gvc is just with regex_win32.[ch]. Arif, can you see about removing these? They are only used for matching gvplugin dll filenames. The lib/gd contents are a fairly recent copy of gd, so if there are licensing problems in there, its really a gd problem. If push-comes-to-shove we can drop lib/gd entirely from our sources, by adding a prebuild requirement for a recent gd to centos[345].

Presumably Glen can fix the license in graphviz-2.22.2/plugin/quartz/GVTextLayout.[mh] ?

Is it really so that we are not permitted to link statically with LGPL libraries? In which case we have a big problem with Glen's binaries for MacOSx which pull in all kinds of LGPL stuff. MacPorts builds use shared libraries so don't have a problem - except that we can't ship prebuilt binaries.

The mingw builds use shared libs, what about the VisualC builds?

We also have support for --enable-static on other platforms, but we don't ship any binaries built with this in .rpms or .debs. Perhaps we need to add a big warning to ./configure to not distribute any binaries built --with-static?
Owner: *
Status: *