mate-screensaver license issue.

[darkshram]

If you have read Slashdot, if not, do it now. Lots of years ago GNOME developers copied code from Xscreensaver (BSD license), released it as GPLv2 and removed the authorship of Jamie Zawinski. Therefore [cinnamon/mate/xfce4]-screensaver, which are forks of gnome-screensaver violate Xscreensaver license and Zawinski's copyright.

[lukefromdc]

This might not be possible to resolve other than by literally taking down the repo for mate-screensaver and ceasing to offer that package unless ALL contributors can be reached and agree to a common license. To arbitrarily "relicense" the copied code from Xscreensaver and remove the authorship is in fact a BSD license violation by GNOME. Thus, we (and GNOME, and Cinnamon) need to either remove that code entirely and make the screensaver work without it, get permission from Zawinski to distribute the code under the GPLv2 license with his name back on it, or get permission from EVERY OTHER CONTRIBUTOR to relicense the entire screensaver under the BSD license.

If none of that can be done and a working version of mate-screensaver cannot be made with the offending code removed, we could drop the existing screensaver, fork xscreensaver and add back needed features (mostly themes), fork another screensaver that does not have a license issue, or not offer or support a screensaver at all until contributors can agree to a license resolution that permits distribution.

[raveit65]

We should ignore this report.

[lukefromdc]

We should at least put Jamie Zawinski's name back on the code. The license mess is decades old and may be unresolvable. We could I suppose directly ask Jamie what to do about this, though with no contact info and not being on a lot of popular communication channels I would not know how to go about this.

[lukefromdc]

This discussion came out of yet another screensaver crash (vs cinnamon-screensaver) made possible by the complexity of gnome-screensaver and all its forks that link against complex libraries: https://www.jwz.org/xscreensaver/toolkits.html

Also https://www.jwz.org/blog/2021/01/i-told-you-so-2021-edition/ Kids typing keys randomly crashed cinnamon-screensaver to the desktop, their family reported this and it is considered a high-priority security issue. Then of course there is the problem that X itself is difficult to write a safe screenlocker for...

[lukefromdc]

https://gitlab.gnome.org/Archive/gnome-screensaver/-/commit/a92d2415810723eb394558ba1aa61f7a6d62611d is GNOME's commit removing the credit, saying "not much left of that." Question is, is ANY of that old code still present whatsoever, 16 years after that commit? If not, resolution is simple: add back credit for the ideas and be done with it.

[rbuj]

The files from xscreensaver include the license notice below Pre 4-clause license (note wikipedia says "Prior BSD License" isn't GPL compatible in summary box):

https://github.com/mate-desktop/mate-screensaver/blob/01bdaecbc1fcaabdcd30d00ea0001464e631f690/src/setuid.c#L1-L14

The FSF reports that Xscreensaver is released under the X11 license (aka MIT license)

• https://directory.fsf.org/wiki/Xscreensaver#tab=Details

which is compatible with the GPL license:

• https://www.gnu.org/licenses/license-list.html.en#X11License

Debian reported that Pre 4-clause license (original "BSD License") is Other_1

• https://metadata.ftp-master.debian.org/changelogs//main/x/xscreensaver/xscreensaver_5.45+dfsg1-1_copyright

I don't think there is any conflict, though I think it's best to get in touch with him to fix it in order to avoid any misunderstanding, we can advise him to replace the license with one below:

• https://directory.fsf.org/wiki/License:X11
• https://directory.fsf.org/wiki/License:BSD-3-Clause

[rbuj]

Another different issue is whether the authors of gnome-screensaver copied more code and they did not include the actual authorship as discussed on this twitter thread: https://twitter.com/jonmccann/status/1345237884283088897 , publishing code with a different license.

https://github.com/mate-desktop/mate-screensaver/blob/01bdaecbc1fcaabdcd30d00ea0001464e631f690/src/gs-fade.c#L1-L22

[lukefromdc]

OK, mate-session-manager now supports xscreensaver since https://github.com/mate-desktop/mate-session-manager/commit/071933646ef80fff6295b581376d018ba8ddc39a

[raveit65]

Sorry, x-screensaver will never start in fedora, see comments from x-screensaver maintainer https://bugzilla.redhat.com/show_bug.cgi?id=1918139 So, we can't remove mate-screensaver for the moment. We should ask first https://www.jwz.org/xscreensaver/bugs.html for proper licensing of mate-screensaver. If this isn't possible i will ask for myself at rhbz report or fedora-devel list to add the OnlyShowIn=mate entry to x-screensaver desktop file. So please do merge open PRs to remove mate-screensaver from MATE, until we know more.

[FOSSPCM]

The proper way to contact Jamie Zawinski is through email, and his contact page is here. Go ahead and contact him. I'm sure he will listen. By the way, Jamie Zawinski did say this:

"If they had asked me, 'can you dual-license this code', I might have said yes. If they had asked, 'can we strip your name off and credit your work as (C) William Jon McCann instead'... probably not."

[lukefromdc]

I am sent the email below to jwz@jwz.org asking what we should do about the license issue, given we inherited this from GNOME.

"Asking for guidance on how to handle the license mess on mate-screensaver inherited from when it was gnome-screensaver. I am no expert on the the legal issues of licensing, mostly having worked on getting the GTK 3 port to work right and some debugging.

https://github.com/mate-desktop/mate-screensaver/issues/243

Note that this commit to the mate session manager https://github.com/mate-desktop/mate-session-manager/commit/071933646ef80fff6295b581376d018ba8ddc39a allows xscreensaver to integrate into a MATE session, but it won't start on Fedora due to .desktop file issues. This blocked dumping mate-screensaver outright in favor of xscreensaver, so now we need to know what to do about the license issue, given we have different folks having made commits under different licenses."

[lukefromdc]

Here's the response I got:

As others have noted in that thread, untangling the license violation at this point is probably a lot more work than anyone sane would want to take on. If you want my opinion, you should just dump mate-screensaver. Delete the repo and salt the earth. That's also a good idea as mate-screensaver is buggy dangerous garbage, so, win-win all around?

Note that this commit to the mate session manager https://github.com/mate-desktop/mate-session-manager/commit/071933646ef80fff6295b581376d018ba8ddc39a allows xscreensaver to integrate into a MATE session, but it won't start on Fedora due to .desktop file issues. This blocked dumping mate-screensaver outright in favor of xscreensaver, so now we need to know what to do about the license issue, given we have different folks having made commits under different licenses.

Honestly, "we could not figure out how to make XScreenSaver launch" is not something that elicits a lot of sympathy from me, because that's.... just ridiculous.

Good luck I guess? :-)

-- Jamie Zawinski • jwz.org • dnalounge.com

[raveit65]

.......as mate-screensaver is buggy dangerous garbage

I would say this guy is a liar and wants to kill a competitive product.

[cwendling]

@raveit65 I would be very careful qualifying anything related to the subject at hand :)

This is a very heated subject that I believe I recon started off with a crash in GNOME-screensaver's greeter that lead to unlocking the session (because if the greeter crashes, the session unlocks). As I recall, I think some(body?) complained that it dated back to XScreensaver and IIRC kind of blamed JWZ, which he wasn't too happy about. Moreover as he has had a strong opinion on process separation that would inherently prevent the issue, and blamed all screenlockers that did not do this as insecure (to which I would agree he has a point: the more code runs in a critical component, the riskier). And it escalated. And the licensing issue arose, putting even more people on edge.

So yeah, all of this is a mess, and everybody kind of has a point from one perspective. Maybe a couple years ago JWZ would have been more keen on helping, but my guess is that this boat has sailed a while back. Maybe if mate-screensaver was redesigned to separate locking and greeter? I don't know and can't guess, but we end up fairly stuck here I guess.

[raveit65]

@raveit65 I would be very careful qualifying anything related to the subject at hand :)

I's Ok when you are are careful. But don't tell me what have to do or to say :P