WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 4 years ago

Last modified 4 years ago

#16039 closed defect (bug) (fixed)

Copyright Problem: Original Copyright Statement, Licensing Information and Disclaimer removed from kses.php

Reported by: hakre Owned by:
Milestone: 3.1 Priority: normal
Severity: blocker Version: 3.1
Component: General Keywords: has-patch
Focuses: Cc:

Description

Copyright Problem: Original Copyright Statement, Licensing Information and Disclaimer removed from kses.php

The wordpress core makes use of a library called kses by Ulf Harnhammar.

The original copyright and licensing statements as well as the disclaimer have been removed from the file in the wordpress package (/wp-includes/kses.php).

With such a removal, the conditions (GPL) to distribute the copyrighted work are not met (see §1).

Additionally, the conditions to create a derivate of the software are not met (see §2).

As explained, the conditions for distribution were not met by the committing author (r649) - but the work has been distributed from wordpress.org servers since ca. 2003-12-23 / Wordpress 1.0-alpha-2.

To the best of my knowledge and according to all publicly available licensing terms, this was and still is an attempt of distribution other than the expressly provided by/under the license. Which terminates "your" rights under that license (see §4).

Suggested Actions:

IANAL, but as those rights terminated automatically, the original copyright holder should be contacted by wordpress.org to learn how to gain GPL compliance again. Next to communicating with the author(s), the project should decide how to deal with the code in question. More information about GPL Compliance is available here.

Attachments (3)

16039-trunk.patch (1.7 KB) - added by hakre 5 years ago.
Changes as requested by Ulf Harnhammar for trunk
16039-branches-3.0.patch (1.7 KB) - added by hakre 5 years ago.
Changes as requested by Ulf Harnhammar for 3.0 branch
16039-updated.patch (1.8 KB) - added by hakre 5 years ago.
Updated as per Request by author

Download all attachments as: .zip

Change History (21)

comment:1 @christianbolstad5 years ago

I've notifed Ulf Härnhammar via mail, awaiting response.

comment:2 @indie-ulf5 years ago

Ulf (original kses author) here. Thanks to Christian for telling me about this bug.

License violations are serious stuff, but I believe that it was a mistake in this case and not an attempt to rip me off. Therefore, I grant WordPress the right to continue to use the kses library under GPL v2 or later, if you put back the Copyright and Disclaimer information at the top of the file. (Please remove my postal address in Uppsala though, it's not valid anymore.)

Best,
Ulf Härnhammar - Huddinge - Sweden
http://advogato.org/person/metaur/ (includes my obfuscated email address)

comment:3 @hakre5 years ago

Thanks a lot for this generous offer and the quick response.

@hakre5 years ago

Changes as requested by Ulf Harnhammar for trunk

@hakre5 years ago

Changes as requested by Ulf Harnhammar for 3.0 branch

comment:4 @hakre5 years ago

  • Keywords has-patch added

comment:5 @ryan5 years ago

  • Milestone changed from Awaiting Review to 3.1

comment:6 @hakre5 years ago

Patch for 2.9 incl. security fixes is available here (probably of use for downstream users): #16042

comment:7 @ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17181]) Add Copyright Statement, Licensing Information and Disclaimer to kses. Props hakre. Thanks Ulf Harnhammar. fixes #16039

comment:8 @ryan5 years ago

(In [17182]) Add Copyright Statement, Licensing Information and Disclaimer to kses. Props hakre. Thanks Ulf Harnhammar. see #16039

@hakre5 years ago

Updated as per Request by author

comment:9 @ryan5 years ago

(In [17185]) Update @author tag contact info. Props hakre. see #16039

comment:10 @ryan5 years ago

(In [17186]) Update @author tag contact info. Props hakre. see #16039

comment:11 @hakre5 years ago

I also asked the original author (important for downstream users):

Would it be okay to have this for the past as well, when the ZIP packes on
wordpress org get the right headers?

http://wordpress.org/download/release-archive/

This would help for the many linux distributions who once got the old packages
that violate copyright (and distributed all over the planet).

He answered:

Yes, that's OK. When it's fixed in the latest releases of the various
stable branches, I don't consider it a violation if there are older
releases that omits the Copyright.

That guy is really nice. Hope to see a release soon.

comment:12 @jane5 years ago

I also emailed the original author, and he agreed that putting the update in 3.1 was fine. Snippet from our email thread:


Jane: I'm hoping that you agree the above plan -- to get the 3.1 release out as soon as possible with the license update on the expected timetable -- is the best course of action (compared to doing a separate dot release in a week and then releasing 3.1 a day later). Could you let me know how you feel about this approach?

Ulf: Yes, that sounds fine.
I'm thrilled to have my code used as a part of the great and popular WordPress project


So, let's proceed with plan to update files with 3.1 for the license text, per author approval above.

comment:13 @hakre5 years ago

Okay, good this is clarified and approved. This leaves some air for the realted issues as well.

comment:14 @hakre4 years ago

Related: #16100

comment:15 @hakre4 years ago

The patches I added here were made in the best intention to gain license conformity. They have been written based on feedback I could get from the original author.

As I've learned after creating the patches, the author does not allow to relicense the library under GPL which would be needed to publish it with the worpdress package. I tried to get allowance to relicense KSES under GPL instead of GPLv2+ but the original author has neglected me being able of relicensing.

Therefore me providing patches here does not mean that those patches solve all licensing problems regarding KSES.

The original author told me that he is still in contact with Automattic and is waiting for feedback. So probably there still is some chance to solve this.

Last edited 4 years ago by hakre (previous) (diff)

comment:16 @hakre4 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Related: [17301] - package terms set to GPL v2+ now, compatible with KSES (GPL alone was not, KESES always was GPL v2+).

Last edited 4 years ago by hakre (previous) (diff)

comment:17 @markjaquith4 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Good comment, but why did you reopen? If you have a legitimate reason to reopen, please state it in your comment.

comment:18 @hakre4 years ago

There was no reason to reopen it, I only entered a comment and wasn't aware this changed. Probably an issue with the new trac interface?

Note: See TracTickets for help on using tickets.