Hello,

I am looking into packaging AmberTools [1], suite of tools for molecular dynamics simulation. AmberTools is GPL, but it is shipped inside a
tarball of a larger piece of software called Amber [2]. To get the
tarball one has to put in their name and institution in a form [2], but
there is no text implying agreeing with any licensing requirements or
similar next to the "Download" button. In addition, details entered in
the form are not stored in the downloaded tarball (otherwise checksums
would not match).

Inside the tarball, AmberTools are localized in AmberTools/ directory. Top-level README says:

<README>
Except as noted below, Amber 22 is provided under a license that has restrictions on its use and redistribution. You should not use Amber 22
unless you have executed a license agreement with UCSF. Consult that
license to see the provisions that apply.

The files in the "AmberTools" subdirectory are covered by a separate, open source, license; see ./AmberTools/LICENSE for more information.
</README>

My question: Is it OK to extract AmberTools from Amber tarball and
package for Debian main?

[1] https://ambermd.org/AmberTools.php
[2] https://ambermd.org/GetAmber.php#ambertools

Best,
Andrius

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Niels,

Thanks for prompt reply.

On 2022-08-30 17:40, Niels Thykier wrote:

From the description you have provided, I would assume yes with the
following assumptions:

 1) By "Extract AmberTools" you mean repackage the orig tarball.

Yes, that is what I meant.

 2) AmberTools consists entirely of open sourced files that have a
    compatible license. Probably it does, but I would double check that     no non-free files made their way into AmberTools.

Absolutely.

(Plus of course that AmberTools does not Depend or Build-Depend on any non-free components whether third-party or from ambermd.org)

Right, this was implied.

For reference, I did not check the upstream site.

ACK.

Best,
Andrius

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Andrius Merkys:

Hello,

[...]

My question: Is it OK to extract AmberTools from Amber tarball and
package for Debian main?

[1] https://ambermd.org/AmberTools.php
[2] https://ambermd.org/GetAmber.php#ambertools

Best,
Andrius

From the description you have provided, I would assume yes with the
following assumptions:

1) By "Extract AmberTools" you mean repackage the orig tarball.
2) AmberTools consists entirely of open sourced files that have a
compatible license. Probably it does, but I would double check that
no non-free files made their way into AmberTools.

(Plus of course that AmberTools does not Depend or Build-Depend on any
non-free components whether third-party or from ambermd.org)

For reference, I did not check the upstream site.

Thanks,
~Niels

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

The easiest way to do the tarball cleaning is with Files-Excluded in the copyright file, uscan will involve something (mkorigtargz?) that uses it to repack. That's a technical answer to the technical side of the question.

On the "policy"/legal question of whether it's permissible to package the internal open source in this larger source for the Debian project, I have
no specific opinion but it sounds complicated. You might gauge upstream's feelings by asking if they can provide a tarball with just the open source parts. If not, even if your interpretation of the license situation is that
you can package the inner code, it may not be worth it if it's fought by upstream. (E.g. they may see their more restrictive license as "additional terms" on top of the license in the inner files, thus basically creating a non-open source license.) Of course I am not a lawyer, just noting that
it's much more pleasant to package when upstream is cooperative or at least
not hostile :)

Good luck!

Ryan


On Tue, Aug 30, 2022, 9:46 AM Andrius Merkys <merkys@debian.org> wrote:

Hi Niels,

Thanks for prompt reply.

On 2022-08-30 17:40, Niels Thykier wrote:

From the description you have provided, I would assume yes with the following assumptions:

1) By "Extract AmberTools" you mean repackage the orig tarball.

Yes, that is what I meant.

2) AmberTools consists entirely of open sourced files that have a
compatible license. Probably it does, but I would double check that
no non-free files made their way into AmberTools.

Absolutely.

(Plus of course that AmberTools does not Depend or Build-Depend on any non-free components whether third-party or from ambermd.org)

Right, this was implied.

For reference, I did not check the upstream site.

ACK.

Best,
Andrius

<div dir="auto"><div>The easiest way to do the tarball cleaning is with Files-Excluded in the copyright file, uscan will involve something (mkorigtargz?) that uses it to repack. That&#39;s a technical answer to the technical side of the question.<div dir=
"auto"><br></div><div dir="auto">On the &quot;policy&quot;/legal question of whether it&#39;s permissible to package the internal open source in this larger source for the Debian project, I have no specific opinion but it sounds complicated. You might
gauge upstream&#39;s feelings by asking if they can provide a tarball with just the open source parts. If not, even if your interpretation of the license situation is that you can package the inner code, it may not be worth it if it&#39;s fought by
upstream. (E.g. they may see their more restrictive license as &quot;additional terms&quot; on top of the license in the inner files, thus basically creating a non-open source license.) Of course I am not a lawyer, just noting that it&#39;s much more
pleasant to package when upstream is cooperative or at least not hostile :)</div><div dir="auto"><br></div><div dir="auto">Good luck!</div><div dir="auto"><br></div><div dir="auto">Ryan </div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_
attr">On Tue, Aug 30, 2022, 9:46 AM Andrius Merkys &lt;<a href="mailto:merkys@debian.org">merkys@debian.org</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Niels,<br>

Thanks for prompt reply.<br>

On 2022-08-30 17:40, Niels Thykier wrote:<br>
&gt; From the description you have provided, I would assume yes with the<br> &gt; following assumptions:<br>
&gt; <br>
&gt;  1) By &quot;Extract AmberTools&quot; you mean repackage the orig tarball.<br>

Yes, that is what I meant.<br>

&gt;  2) AmberTools consists entirely of open sourced files that have a<br> &gt;     compatible license. Probably it does, but I would double check that<br>
&gt;     no non-free files made their way into AmberTools.<br>

Absolutely.<br>

&gt; (Plus of course that AmberTools does not Depend or Build-Depend on any<br> &gt; non-free components whether third-party or from <a href="http://ambermd.org" rel="noreferrer noreferrer" target="_blank">ambermd.org</a>)<br>

Right, this was implied.<br>

&gt; For reference, I did not check the upstream site.<br>

ACK.<br>

Best,<br>
Andrius<br>

</blockquote></div></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Aug 30, 2022 at 12:00:39PM -0500, Ryan Pavlik wrote:

The easiest way to do the tarball cleaning is with Files-Excluded in the copyright file, uscan will involve something (mkorigtargz?) that uses it to repack. That's a technical answer to the technical side of the question.

Even better, probably:

Files-Excluded: *
Files-Included: AmberTools

On the "policy"/legal question of whether it's permissible to package the internal open source in this larger source for the Debian project, I have
no specific opinion but it sounds complicated. You might gauge upstream's feelings by asking if they can provide a tarball with just the open source parts. If not, even if your interpretation of the license situation is that you can package the inner code, it may not be worth it if it's fought by upstream.

Exactly.
It wouldn't be the first time that we package something that the
original developers never intended to, only to find ourself in some sort
of passive-agressive situation, with some sort of hostile upstream. At
which point, I would wholeheartedly recommend you don't even start...

Instead, if they are happy with you packaging this, they might just be
happy enough to extract AmberTools and distribute it in some nicer way
not requiring identification on a website…

--
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmMOWXYACgkQCBa54Yx2 K612Yw/9EmbaOpl/RWf4OJVpAP+cXBv36wRZsTc7KZBX608kUyZNwjTQ94U8yBMC QzvPFrqi9fkpjUMPy/0tpwdNkh68pZpMM9xbcmp6+XYR76R26OTM9zrxIKUIKexr 02KdBKmbARqtD/uvtiKg9hk0Jk7CS42DdfvSkPAIV6fdyL2hgE3AXN/scjKjTFgr yhRBWU7q5OnplMAPOWDiZLlb5SbDxnv9aOj5kN3rBRit9o72WceOGZ1NHAyXG19q UTmYK1FJZxy9dg14Z1fGgL3JirGWeN1/dzFmHxCNh0jkL7gZF49VhDj41Ee2LSH+ dBTvn8EkE4vQtbr5hf7j7OV2AbOpw0QSjcGbMjPA3/udQPTYFWo72XP2LLmz+7de mwHCU3ewPziOGViAyV/HEgJ2pixUyIgdcI3gwxMFrBOmzB4fr24FeDGkFMNg5dte vzghjqCBm57ZtFJZx0vR5fq0TSBBUOLSsUHpVc2uW7/mxCPOwUHxgv/HMfTb7q/L gxsaCgHGT0quHWukPNdDisIluECTO4DYJqA3AcfW/FWX4s1p28u

On Wed, Aug 31, 2022 at 07:44:55AM +0200, Thomas Dettbarn wrote:

Chipping in my 2 cents here...

On the "policy"/legal question of whether it's permissible to package
the internal open source in this larger source for the Debian project, I have no specific opinion but it sounds complicated. You might

I do. Remember the GPL's mantra: "Free as in speech". The software should be available for anyone,
without any obstacles in obtaining it. To me, it is clearly a violation of its own license.

That's not what the licenses, including GPL, usually say, no.

Having to register to download software is not free software. It is open source. That is a difference.

No.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmMO+ZEtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh DrsP/jZy/oy/26rl3fOd3uqGy9RXGAJN5fM0BVoLO0PmfhQO7CN32bXRlBZP2Cms IJ0xAvmCyl0KpU2UNgGN/owntG8wJq+2t0CQOfXcbHvfEim/nop+0mBKOULB3Jyp JsJRDHwBbnM3Dl73i1+wYdn+towFbCriMQi+qISpd8a20u21ghwCgd3Ygo7N89In 3nRLSTF9BlS5QjHtxloGWyVmr1n2GMAZM1oXslpmjfnzxpvYXnev8Yo6bl3Js4E5 QRNiUaVn/KSU2OBcb66aQE+yzI7kfc0lEjN+UdKgR4S30FJNOXH9EykmTiCrLBQB LDbf59xKhLG0dTL2T9SzQZXWF0NMteLCCVkxQufn7mmVwg8UqY+D/AjKbCcarHyR we6VGkjVCugsJQRf7iBS8KvQ2d7xrShhCNsGOq9w0ZleloRrVWwEYn2ISCIAxwXX mrqUOywY4efvf3EPQVURsidZENjn7r5xapZDXSewIbcLfq/Os8N+GLcpddP4LTWo z8tlNX/6rsFeR357Vq3ZhAJa33w04d5ojAG90zGkaq2hdQu078KDjv/xGDilvtWT +zdK4zJQAh82iqQKAbwe4CJ2BVdJ8VwEW6WgJNFQJoCQLy8k0zuwEYbQ1sqAyIfd 9MMmENN5FxueLysFbSnXZyBPHtMPoMx4//JokrCA/rntmQkx
=KH/B
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Chipping in my 2 cents here...

On the "policy"/legal question of whether it's permissible to package
the internal open source in this larger source for the Debian project,
I have no specific opinion but it sounds complicated. You might

I do. Remember the GPL's mantra: "Free as in speech". The software
should be available for anyone,
without any obstacles in obtaining it. To me, it is clearly a violation
of its own license.

Granted, you might be able to download the part, safely cut it out of
whatever proprietary software
is around it, but the next distribution (Redhat, Arch, FreeBSD) might
run into the same issue.

Thus, finding a way to make the AmberTools downloadable without the need
to register is the better solution. Either by asking NICELY, or by
making it available on a different website.

gauge upstream's feelings by asking if they can provide a tarball with
just the open source parts. If not, even if your interpretation of the license situation is that you can package the inner code, it may not
be worth it if it's fought by upstream. (E.g. they may see their more restrictive license as "additional terms" on top of the license in the
inner files, thus basically creating a non-open source license.) Of
course I am not a lawyer, just noting that it's much more pleasant to
package when upstream is cooperative or at least not hostile :)\

Having to register to download software is not free software. It is open source. That is a difference.
(Also not a lawyer. ;) )



Thomas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-08-31 07:44:55 +0200 (+0200), Thomas Dettbarn wrote:
[...]

Granted, you might be able to download the part, safely cut it out
of whatever proprietary software is around it, but the next
distribution (Redhat, Arch, FreeBSD) might run into the same
issue.

[...]

While not ideal, that would be far from the first time distros used
the source code supplied by other distros as a basis for their own
packages.
--
Jeremy Stanley

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmMPXD9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WCmHJBAAt9J17jGuSNoe6XVfSkXWaUNXLaLvqz8JJtlpoi+2CklYKADPbiD87/2g xpmGj+/7qhqACXYtrwZLeu3c2dP8CWlAKeX7gj5EFDQK8TuQJ0ffyg7LNeJ2DDly VN4xFZF0jPFR/xlD8chko7nAj8o1fOlB4B7izK/insTlv4icZ0E9mYlLxrtsUIbC cpdgA9irRB/bnsCXuP5a1BBvkglRW1hdFUxyKANzJ+SKQfIAslhzKgYZmgb7kzOW zsS+sZXlwFN2ZjLlCiIq9h5BrQgI+U6iIAkhUZkGE6DhwyjP4oTMajoh4eza/O8m SERmJu8A/rDRl7xo1gC1Hn2McoPhLYo/Ao2wZPECevdBLBdxXRSiz7DTSVKeDly2 lfTSQ6z3Vd+NFLUKspzh0ipvcXuKiz6RvXogAHy8NvJ8jn508jc1aHqwOvuOdMQp vkBxwnSVkbX7R9WsFekt4RDaWJstnenTZj9ipq6iwOS+Y9NPumEl+YAeuBbnAiiZ mvgNgr5ywBl6gwyyNRMk28k5JebmuJoxI8/pKYwKX+2RxyRs2+iaOZx5DtsXvrcZ z8QNseGDIzYmsf7e9LAb9q5OlkNgPIcN1Hl0LkTw1gMUmcB9HdnmhNJmkNI+FcYq SCl2ymWQ7AyTMSgd7Ueaf8Gk/bdaJWMBhoSfz1q2zCqKPUaSqpI=
=oFNy
-----END PGP SIGNATURE-----

--- SoupGate-Win32

Hello,

Thanks everyone for your answers!

On 2022-08-30 21:39, Mattia Rizzolo wrote:

On Tue, Aug 30, 2022 at 12:00:39PM -0500, Ryan Pavlik wrote:

The easiest way to do the tarball cleaning is with Files-Excluded in the
copyright file, uscan will involve something (mkorigtargz?) that uses it to >> repack. That's a technical answer to the technical side of the question.

Even better, probably:

Files-Excluded: *
Files-Included: AmberTools

I was not aware of Files-Included. This would greatly simplify repacking
the tarball, provided policy/legal side permits.

On the "policy"/legal question of whether it's permissible to package the
internal open source in this larger source for the Debian project, I have
no specific opinion but it sounds complicated. You might gauge upstream's
feelings by asking if they can provide a tarball with just the open source >> parts. If not, even if your interpretation of the license situation is that >> you can package the inner code, it may not be worth it if it's fought by
upstream.

Exactly.
It wouldn't be the first time that we package something that the
original developers never intended to, only to find ourself in some sort
of passive-agressive situation, with some sort of hostile upstream. At
which point, I would wholeheartedly recommend you don't even start...

Instead, if they are happy with you packaging this, they might just be
happy enough to extract AmberTools and distribute it in some nicer way
not requiring identification on a website…

Asking upstream seems a good way to start. This is what I will do.

Thanks again,
Andrius

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)