Hello Fedora Legal,
a piece of software was recently discovered in Fedora Copr and it is now causing a contention about whether it should be allowed to be there or not. I am kindly asking for your ruling.
The project in question is here:
https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/
And its upstream:
https://github.com/yuezk/GlobalProtect-openconnect
Both the upstream project and the package that is built in Copr claim to be under the GPLv3 license.
The package provides several executables:
/usr/bin/gpauth
/usr/bin/gpclient
/usr/bin/gpgui-helper
/usr/bin/gpservice
All of these seem to be compiled from the mentioned upstream sources. So far, no problem. However, when executing some of them (with the exception of gpclient) the following tarball is being downloaded to the user machine:
INFO gpgui_helper::updater] Downloading file: https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v2.1.4/gpgui_x86_64.bin.tar.xz
It contains just a single binary called gpgui which is licensed under a proprietary license and developed in a private repository, according to the author:
https://github.com/yuezk/GlobalProtect-openconnect/issues/296#issuecomment-1905168220
When running the program, it says it is a 10-day trial and prompts for buying a license here
https://yuezk.lemonsqueezy.com/checkout
I would like to ask you whether this is just a shady practice (but OK from a legal perspective) or whether this is a violation of either GPLv3 or Copr conditions
https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr
Thank you very much for your help,
Jakub
a piece of software was recently discovered in Fedora Copr and it is now causing a contention about whether it should be allowed to be there or not. I am kindly asking for your ruling.
The project in question is here:
https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/
And its upstream:
https://github.com/yuezk/GlobalProtect-openconnect
Both the upstream project and the package that is built in Copr claim to be under the GPLv3 license.
The package provides several executables:
/usr/bin/gpauth
/usr/bin/gpclient
/usr/bin/gpgui-helper
/usr/bin/gpservice
All of these seem to be compiled from the mentioned upstream sources. So far, no problem. However, when executing some of them (with the exception of gpclient) the following tarball is being downloaded to the user machine:
INFO gpgui_helper::updater] Downloading file: https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v2.1.4/gpgui_x86_64.bin.tar.xz
It contains just a single binary called gpgui which is licensed under a proprietary license and developed in a private repository, according to the author:
https://github.com/yuezk/GlobalProtect-openconnect/issues/296#issuecomment-1905168220
When running the program, it says it is a 10-day trial and prompts for buying a license here
https://yuezk.lemonsqueezy.com/checkout
I would like to ask you whether this is just a shady practice (but OK from a legal perspective) or whether this is a violation of either GPLv3 or Copr conditions
https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr
Thank you very much for your help,
Jakub
-- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
