#16039 closed defect (bug) (fixed)
Copyright Problem: Original Copyright Statement, Licensing Information and Disclaimer removed from kses.php
Reported by: | hakre | Owned by: | |
---|---|---|---|
Milestone: | 3.1 | Priority: | normal |
Severity: | blocker | Version: | 3.1 |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description
Copyright Problem: Original Copyright Statement, Licensing Information and Disclaimer removed from kses.php
The wordpress core makes use of a library called kses by Ulf Harnhammar.
The original copyright and licensing statements as well as the disclaimer have been removed from the file in the wordpress package (/wp-includes/kses.php).
With such a removal, the conditions (GPL) to distribute the copyrighted work are not met (see §1).
Additionally, the conditions to create a derivate of the software are not met (see §2).
As explained, the conditions for distribution were not met by the committing author (r649) - but the work has been distributed from wordpress.org servers since ca. 2003-12-23 / Wordpress 1.0-alpha-2.
To the best of my knowledge and according to all publicly available licensing terms, this was and still is an attempt of distribution other than the expressly provided by/under the license. Which terminates "your" rights under that license (see §4).
Suggested Actions:
IANAL, but as those rights terminated automatically, the original copyright holder should be contacted by wordpress.org to learn how to gain GPL compliance again. Next to communicating with the author(s), the project should decide how to deal with the code in question. More information about GPL Compliance is available here.
Attachments (3)
Change History (21)
#2
@
14 years ago
Ulf (original kses author) here. Thanks to Christian for telling me about this bug.
License violations are serious stuff, but I believe that it was a mistake in this case and not an attempt to rip me off. Therefore, I grant WordPress the right to continue to use the kses library under GPL v2 or later, if you put back the Copyright and Disclaimer information at the top of the file. (Please remove my postal address in Uppsala though, it's not valid anymore.)
Best,
Ulf Härnhammar - Huddinge - Sweden
http://advogato.org/person/metaur/ (includes my obfuscated email address)
#4
@
14 years ago
- Keywords has-patch added
Tag: FIXIPO
Related: #14944; #15769
Full Report: Kses, GPL, Copyright, Licensing and Disclaimer
#6
@
14 years ago
Patch for 2.9 incl. security fixes is available here (probably of use for downstream users): #16042
#11
@
14 years ago
I also asked the original author (important for downstream users):
Would it be okay to have this for the past as well, when the ZIP packes on
wordpress org get the right headers?
http://wordpress.org/download/release-archive/
This would help for the many linux distributions who once got the old packages
that violate copyright (and distributed all over the planet).
He answered:
Yes, that's OK. When it's fixed in the latest releases of the various
stable branches, I don't consider it a violation if there are older
releases that omits the Copyright.
That guy is really nice. Hope to see a release soon.
#12
@
14 years ago
I also emailed the original author, and he agreed that putting the update in 3.1 was fine. Snippet from our email thread:
Jane: I'm hoping that you agree the above plan -- to get the 3.1 release out as soon as possible with the license update on the expected timetable -- is the best course of action (compared to doing a separate dot release in a week and then releasing 3.1 a day later). Could you let me know how you feel about this approach?
Ulf: Yes, that sounds fine.
I'm thrilled to have my code used as a part of the great and popular WordPress project
So, let's proceed with plan to update files with 3.1 for the license text, per author approval above.
#13
@
14 years ago
Okay, good this is clarified and approved. This leaves some air for the realted issues as well.
#15
@
14 years ago
The patches I added here were made in the best intention to gain license conformity. They have been written based on feedback I could get from the original author.
As I've learned after creating the patches, the author does not allow to relicense the library under GPL which would be needed to publish it with the worpdress package. I tried to get allowance to relicense KSES under GPL instead of GPLv2+ but the original author has neglected me being able of relicensing.
Therefore me providing patches here does not mean that those patches solve all licensing problems regarding KSES.
The original author told me that he is still in contact with Automattic and is waiting for feedback. So probably there still is some chance to solve this.
#16
@
14 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
Related: [17301] - package term set to GPL v2+ now, compatible with KSES (GPL alone was not).
I've notifed Ulf Härnhammar via mail, awaiting response.