Dwarf Fortress Bug Tracker - Dwarf Fortress
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0011787||Dwarf Fortress||General||public||2021-07-23 03:25||2021-08-24 09:16|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0011787: The release tarball for Linux ships GPL-licensed shared libraries, but violates their license|
|Description||The release tarball for Dwarf Fortress for Linux contains these shared libraries:|
$ tar -tf df_47_05_linux.tar.bz2 df_linux/libs/libstdc++.so.6 df_linux/libs/libgcc_s.so.1
These files look like they are part of GCC, which is licensed under a GPL3 license (with some GCC specific exceptions, which don't seem to apply to this case). However, I can't be exactly certain, because no files in the tarball, nor the website explain where these files come from, what their licensing conditions are and what source code they have been compiled from.
This brings up problems, because section 6 of the GPL3 places certain restrictions on the redistribution of compiled forms of covered works, i.e. the shared libraries included in the Dwarf Fortress tarball. The two requirements Dwarf Fortress falls short on are these:
* section 5 (which is referenced from section 6) point b states the following:
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
This isn't done in the case of Dwarf Fortress. The files in question are accompanied by no copyright or license statement at all.
* section 6 point d places requirements for the distribution of compiled files through a website download or similar:
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
This isn't done in the case of Dwarf Fortress either. There is no mention at all, what source code the files in question have been compiled from.
You may find that this is very pedantic, and you might be right. While this does violate the copyright of the copyright holders of GCC, it is probably unlikely that they will notice this, let alone take legal action against this practice.
However, leaving this problem as it is, might cause problems for other people down the line. As an example, there is a bug report for the dwarf-fortress package in Debian, regarding this problem: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986119. [^] Debian does care about not violating the rights of copyright holders, so the problem had to be actually dealt with. This means the maintainer of the package in Debian (yeah, it's me) had to go out of their way to patch the files in question out of the package.
This isn't really a drama, but fixing the issue should be easy, save people who want to redistribute Dwarf Fortress (such as me) some work, and prevent potential legal problems in the future.
|Steps To Reproduce||Unpack the downloaded release tarball, look in libs/, see that libstdc++.so.6 and libgcc_s.so.1 are there, but not licensing information or a pointer to corresponding source code is provided along them.|
|Additional Information||This problem doesn't really have to be hard to fix. As the first option, maybe you could just remove the files from the tarball? Why are they there in the first place? Most (all?) Linux systems should have those files installed already. For the Debian package, we chose to not use those files for our package, even before we noticed the copyright problem, because as I said: pretty much every Linux system already has these files installed.|
If you think keeping the files in the tarball is really necessary, the following steps should be sufficient to do so in a license-compliant manner, but keep in mind, I am not a lawyer and this is not legal advice:
* Include a paragraph in README.linux such as this:
The files libstdc++.so.6 and libgcc_s.so.1 in the libs/ directory are compiled from the source doe for GCC. They are licensed under the GPL version 3 (available in gpl3.txt) and the additional GCC runtime exception (available in gcc-exception.txt). Their source code is available at http://<link [^] to relevant source code tarball>.
* Include copies of the GPL3 (e.g. taken from https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=COPYING3;h=94a9ed024d3859793618152ea559a168bbcbb5e2;hb=HEAD [^]) and the GCC runtime exception (e.g. taken from https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=COPYING.RUNTIME;h=e1b3c69c179dfaff5744ea4bf853e6b0d90c9ef9;hb=HEAD [^]).
|Tags||No tags attached.|
|2021-07-23 03:25||kritzefitz||New Issue|
|2021-08-11 14:11||lethosor||Note Added: 0041132|
|2021-08-11 14:11||lethosor||Assigned To||=> lethosor|
|2021-08-11 14:11||lethosor||Status||new => acknowledged|
|2021-08-11 19:43||lethosor||Note Edited: 0041132||bug_revision_view_page.php?bugnote_id=0041132#r16733|
|2021-08-24 09:16||kritzefitz||Note Added: 0041138|
|2021-08-27 03:11||kritzefitz||Note Edited: 0041138||bug_revision_view_page.php?bugnote_id=0041138#r16739|
|2021-08-27 03:11||kritzefitz||Note Edited: 0041138||bug_revision_view_page.php?bugnote_id=0041138#r16740|