Bug #7742

Non-DFSG compliant images in the Tails OpenPGP Applet

Added by nodens 2014-08-04 11:05:30 . Updated 2016-11-21 16:31:32 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2014-08-04
Due date:
% Done:

100%

Feature Branch:
Type of work:
Graphics
Blueprint:

Starter:
Affected tool:
OpenPGP Applet
Deliverable for:

Description

SVG Images included in the Tails OpenPGP Applet are licensed under CC-BY-SA 2.0. PNG licensing is unclear.

This license is not compatible with DFSG and this is usually considered a Serious bug by debian.

Theses images seem to be modified from the Tango Icon set, before it was released to public domain.
According to intrigeri (see Feature #6507) :
> I think these files were initially imported from seahorse-plugins 2.30.1-3 (commit df9d7209). I’ve checked its source, and it indeed lacks provision for the license these files are under.

Options :

  1. Convince upstream to relicense these images
  2. Modify these and use clause 4b of CC-BY-SA 2.0 to upgrade the license to a later version (3.0 is fine)
  3. redo these from a more recent Tango icon set (in the public domain)

Other packages from Debian seem affected : https://lists.debian.org/debian-devel/2014/08/msg00073.html.


Subtasks


Related issues

Related to Tails - Bug #7406: OpenPGP Applet system tray icon should be themable Rejected 2014-06-12
Blocked by Tails - Feature #10190: Install OpenPGP Applet from Debian Resolved 2016-03-16

History

#1 Updated by nodens 2014-08-04 11:05:48

  • blocks Feature #6507: Package our OpenPGP applet for Debian and maintain it there added

#2 Updated by nodens 2014-08-04 11:07:29

  • related to Bug #7406: OpenPGP Applet system tray icon should be themable added

#3 Updated by intrigeri 2014-08-04 11:16:19

  • Assignee changed from intrigeri to nodens
  • Type of work changed from Debian to Upstream

nodens, what’s needed from me on that one?

#4 Updated by nodens 2014-08-04 12:38:01

intrigeri wrote:
> nodens, what’s needed from me on that one?

Nothing since you corrected the type of work :)

Unless you have an idea of who to contact about this : the seahorse upstream maintainers I suppose ?

Concerning the PNG, I think conversion could be considered as derivative work (IANAL, of course). If that’s the case, and Alan has indeed created them, then we can upgrade the license under which they are distributed to CC-BY-SA 3.0 which resolve the issue for the PNG files. I’ll ask him.

Thanks !

#5 Updated by intrigeri 2014-08-04 14:01:23

> Unless you have an idea of who to contact about this : the seahorse upstream maintainers I suppose ?

Rather directly get in touch with the copyright holders: they are the ones who have the power to relicense their work.
Still, it would be useful to inform Seahorse upstream (if they’re still shipping these files) of the ongoing process.

#6 Updated by nodens 2014-08-06 13:40:31

I couldn’t find any contact information in the SVG files other than the name.

Creator : Andreas Nilsson
Contributor : Jakub Steiner

Jakub Steiner seems to be “jimmac” on github, I’ll contact him.

#7 Updated by nodens 2014-08-06 15:58:53

  • Assignee changed from nodens to intrigeri
  • QA Check set to Info Needed

Jakub just answered :

> Hi.
> The original artwork these derivatives are based on come form the
> tango-icon-theme which has been relicensed from ccbysa2 to public
> domain so you are free to relicense them as you please.
>
> cheers

So I guess we can just change the string in the SVG to a license more suitable for Debian :
even if the original artwork has not been relicensed, this amount to a relicensing by a contributor - we’ll just do the work in the file ourselves.

intrigeri, is that OK for you ?

#8 Updated by nodens 2014-08-06 16:00:12

  • % Done changed from 0 to 50

#9 Updated by nodens 2014-08-06 16:59:11

Note : I didn’t contact seahorse maintainer, since seahorse-plugins have been replaced by seahorse-nautilus : there is no icons there.

#10 Updated by intrigeri 2014-08-09 15:31:14

> Jakub just answered :

> The original artwork these derivatives are based on come form the tango-icon-theme which has been relicensed from ccbysa2 to public domain so you are free to relicense them as you please.

Great start! Unfortunately, I doubt that things really works this way. IANA, but I think that a license change (towards a more permissive license) for the material on which a derivative work was created:

  1. allows the author of the derivative work to relicense this derivative work to something more permissive themselves;
  2. but, does not allow anyone else to do the same.

If the copyright holders of the derivative work are not interested in relicensing it, then an option could be to take the unmodified icons from tango-icon-theme, if they are close enough to what we want.

#11 Updated by intrigeri 2014-08-09 15:31:50

  • Assignee changed from intrigeri to nodens
  • QA Check deleted (Info Needed)

#12 Updated by intrigeri 2014-08-09 15:33:16

  • Subject changed from Images in the Tails OpenPGP Applet are licensed under CC-BY-SA 2.0, which is non free according to DFSG to Non-DFSG compliant images in the Tails OpenPGP Applet

#13 Updated by nodens 2014-08-12 13:07:02

  • Assignee changed from nodens to intrigeri

intrigeri wrote:
> > Jakub just answered :
>
> > The original artwork these derivatives are based on come form the tango-icon-theme which has been relicensed from ccbysa2 to public domain so you are free to relicense them as you please.
>
> Great start! Unfortunately, I doubt that things really works this way. IANA, but I think that a license change (towards a more permissive license) for the material on which a derivative work was created:
>
> # allows the author of the derivative work to relicense this derivative work to something more permissive themselves;
> # but, does not allow anyone else to do the same.
>
> If the copyright holders of the derivative work are not interested in relicensing it, then an option could be to take the unmodified icons from tango-icon-theme, if they are close enough to what we want.

I agree with you (sort of): the icon set we use isn’t in the public domain, and even the contributor can’t relicense the image under anything other than a cc-by-sa > 2.0 license. The thing is, he made it clear that he wouldn’t bother.
However, since he’s ok with the relicensing stuff, maybe we could just s/2.0/3.0 in the image file ourselves if he’s ok with it : The contributor would be allowed to do it even under cc-by-sa-2.0, and we just do the technical work under his authority, since he can’t be bothered to do it himself. I’ll ask him and see what he says, but won’t update the file for now.

The tango-icon theme miss the locket in it, etc. I think it’s trivial for anyone familiar with vector graphics to take the locket etc from our current set and put it in the “note” tango icons.

This last solution, has the added advantage of refreshing the icon look a bit.

Both solutions aren’t mutually exclusive : we could use the first and then change the icon set later if someone is willing to take up this task.

Regarding the PNG files, Alan just confirmed me that the icons were converted to grayscale and exported to PNG format. Since this is derivative work, we can relicense the PNG without issue to CC-BY-SA 3.0.

Last but not least, this issue didn’t generate a lot of response on debian-devel. I guess maintainers are more inclined to work on the upcoming freeze than license issues right now. The only answers are saying that a lot of packages are affected, but the non-DFSG compliance of CC-BY-SA 2.0 is a thing of the past (IMO it’s not, but it’s clear that very few people bother now).

#14 Updated by intrigeri 2014-08-16 14:54:50

> I’ll ask him and see what he says, but won’t update the file for now.

Any chance we get a public statement from the copyright holder?

#15 Updated by nodens 2014-08-16 20:25:30

I couldn’t contact the author listed in the SVG file.

I asked Jakub (contributor, and so allowed to upgrade the license) to send an e-mail allowing us to upgrade the license in his guise to tails-dev mailing list, he hasn’t answered yet.

#16 Updated by nodens 2014-08-18 08:14:36

Here is Jakub response…

> Simple solutions are great, except when they don’t work. I am not the
> author of said images, only a co-author of the base set (the parts
> that aren’t horribly fuzzy).

So back to square one.

#17 Updated by intrigeri 2014-09-22 11:16:26

  • Assignee changed from intrigeri to nodens
  • Type of work changed from Upstream to Communicate

#18 Updated by nodens 2014-09-27 07:16:18

  • Assignee deleted (nodens)
  • % Done changed from 50 to 70
  • Type of work changed from Communicate to Graphics

Hi there,

since communication with upstream is difficult (the problem being finding the correct upstream and getting him to respond), I thought I had a better time to recreate icons from the last version of the Tango Icon Library (which is CC0, aka Public Domain).

I am not an artist. I just used inkscape and copy/paste/resize. These icons look OK to me, but I’d like someone - more skilled than I am - to check my work.

I kept “Public Domain” as a license, but we could relicense it using whatever we like (the same as the rest of the code, that is GPL/Artistic could be easier). I’d like input on this as well.

The work is available on the OpenPGP Applet repo, in the bugfix/7742-Non-DFSG_compliant_images branch :
https://git-tails.immerda.ch/nodens/openpgp-applet/?h=bugfix%2F7742-Non-DFSG_compliant_images

I’d love some input - or better, patches :)

Cheers,

#19 Updated by sajolida 2014-09-29 02:41:56

  • QA Check set to Ready for QA

#20 Updated by sajolida 2014-10-02 09:12:49

  • Assignee set to sajolida

#21 Updated by sajolida 2014-10-02 09:41:33

  • Assignee deleted (sajolida)
  • QA Check changed from Ready for QA to Pass

I looked at them from the Git web interface and they seem to be similar enough to be safe (they are very similar). I didn’t manage to try them live in Tails though…

#22 Updated by nodens 2014-11-24 14:33:52

  • Assignee set to nodens

#23 Updated by nodens 2014-11-28 12:03:04

Just merged it in my OpenPGP applet repository [1], so changing status.

[1] https://git-tails.immerda.ch/nodens/openpgp-applet/

#24 Updated by nodens 2014-11-28 12:03:26

  • Status changed from Confirmed to Fix committed

#25 Updated by nodens 2014-11-28 12:04:11

  • Assignee deleted (nodens)

#26 Updated by nodens 2014-11-28 12:04:31

  • % Done changed from 70 to 100

#27 Updated by BitingBird 2015-01-04 17:39:10

  • Affected tool set to OpenPGP Applet

#28 Updated by BitingBird 2015-01-08 04:38:12

Should I set milestone 1.3 ? I guess we’ll take the latest version from the Applet then, so the fixes will be included. (idem Bug #8319)

#29 Updated by intrigeri 2015-01-08 10:32:16

> Should I set milestone 1.3 ? I guess we’ll take the latest version from the Applet then, so the fixes will be included.

I see no emergency in taking this specific change. We’ll get it for free when we install OpenPGP applet from Debian. Now, if someone feels differently and wants to do the work, I’m not going to veto it :)

#30 Updated by anonym 2015-03-31 19:18:14

Can we mark this ticket as resolved? I don’t get it.

#31 Updated by intrigeri 2015-03-31 19:26:17

> Can we mark this ticket as resolved?

No. It’s not resolved in the version we ship, only in the independently developed OpenPGP Applet.

#32 Updated by nodens 2015-08-18 12:21:22

  • blocked by deleted (Feature #6507: Package our OpenPGP applet for Debian and maintain it there)

#33 Updated by intrigeri 2015-08-19 02:47:06

  • blocks Feature #6507: Package our OpenPGP applet for Debian and maintain it there added

#34 Updated by intrigeri 2015-09-14 02:21:33

#35 Updated by intrigeri 2015-09-14 02:21:44

  • blocked by deleted (Feature #6507: Package our OpenPGP applet for Debian and maintain it there)

#36 Updated by nodens 2016-11-21 16:31:32

  • Status changed from Fix committed to Resolved

The version shipped in Tails is now the one that’s fixed.