Date: Tue, 06 Feb 2018 17:20:23 -0600 From: Mark Felder <feld@FreeBSD.org> To: "Matt A. Tobin" <email@mattatobin.com> Cc: freebsd-ports@freebsd.org, portmgr@FreeBSD.org Subject: Re: FreeBSD Palemoon branding violation Message-ID: <1517959223.1994642.1261988768.09B8C4F5@webmail.messagingengine.com> In-Reply-To: <CAJYhh2MmPLVtu-J%2BYv4T2%2BpQT2gsb%2B6ihT4O77Hu59gbt2QZQQ@mail.gmail.com> References: <20180206222137.GA78935@skeletor.feld.me> <CAJYhh2MNcmyufTtd4cR2cDJggP_F1LQJnEBQt6GGf9Ue%2BA02Vw@mail.gmail.com> <1517957355.1979237.1261954552.348FEC74@webmail.messagingengine.com> <CAJYhh2MmPLVtu-J%2BYv4T2%2BpQT2gsb%2B6ihT4O77Hu59gbt2QZQQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok I will start working on this. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225717 Thanks On Tue, Feb 6, 2018, at 17:07, Matt A. Tobin wrote: > Alright, if that is the case, then yeah you can just disable branding. If > you run into troubles, i can help on this.. Or if you wanna come up with > new branding I can also help with this. > > Peace. > > > *Matt A. Tobin* > @mattatobin <http://twitter.com/mattatobin> on Twitter > > On Tue, Feb 6, 2018 at 5:49 PM, Mark Felder <feld@freebsd.org> wrote: > > > > > > > On Tue, Feb 6, 2018, at 16:36, Matt A. Tobin wrote: > > > Greentings, > > > > > > It would be awesome if you could build it closer to our official build > > > configuration. Something more akin to > > > http://developer.palemoon.org/Developer_Guide:Build_ > > Instructions/Pale_Moon/Linux#head:Mozconfig_Files > > > > > > Patches to anywhere in the codebase to accommodate our in-tree code for > > BSD > > > systems to get a positive build is totally permitted. If that means > > libvpx > > > or nss needs an in-tree patch then that is totally fine. > > > > > > In fact, if you do the patches in such a way as it won't interfere with > > > other platforms via proper ifdef we would gladly accept them up the line. > > > We were close to having this in the past but the contributor would not > > make > > > clean patches that didn't fundamentally bust other platforms and we had > > to > > > back it all out. > > > > > > We do want to work with platforms and projects but we also don't want our > > > rights to be trampled on any more than you would want yours to be. > > Frankly, > > > we didn't want the OpenBSD people to remove the port either but that was > > > their decision to escalate a situation beyond reason over a couple of > > > perhaps poor phrasing choices. > > > > > > The Mozilla Public License is clear in its provisions and grants and > > > protections for covered code. The Pale Moon Redistribution License > > actually > > > extends rights and permissions beyond what the MPL allows but has its own > > > conditions that need to be met. None of these are insane or out of line > > and > > > are there so that users of the software know they are getting what the > > name > > > and logo claim it to be. > > > > > > However, given all that if you guys are going to follow suit and not > > going > > > to follow point 8 of the Redist License you ask under point 10 for > > special > > > permission to use trademarked branding and perhaps find a happy medium > > > between which libs are absolutely required to satisfy the Pale Moon > > feature > > > set and what ones can get by with using system libs. > > > > > > The decision is yours. Please make it a good one. > > > > > > > > > > [ I do not speak on behalf of the project ] > > > > Two problems: > > > > 1) You're not the upstream for any of these codebases: sqlite, nspr, nss, > > png, icu... As such there will be no effort made to submit you patches. You > > are welcome to retrieve our patches from the FreeBSD ports tree and apply > > them to your codebase if you so choose. Many man hours were spent adjusting > > these projects to work with FreeBSD's expectations; spending more to > > appease your private forks of these projects is unconscionable. > > > > 2) Shared system libraries exist for a reason and we intend to use them. > > > > 3) It will be beyond tedious to track down which vulnerabilities your > > browser is shipping. A CVE in nss or sqlite3 will not show up automatically > > for Palemoon in the results of our "pkg audit" tool unless someone has the > > ambition to peek into your codebase and see which extra copy of those > > libraries are being used. > > > > Building with your libraries is the wrong way to ship this software for > > our users. > > > > Do we need to disable your branding only or also stop using the name? If > > both, we will likely remove the port and suggest users upgrade to > > www/waterfox if they want an alternative to Firefox. > > > > > > -- > > Mark Felder > > ports-secteam & portmgr member > > feld@FreeBSD.org > > -- Mark Felder ports-secteam & portmgr member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1517959223.1994642.1261988768.09B8C4F5>