Closed kmk3 closed 2 years ago
It's quite simple. There are two different pieces of information: the owner of the address, and the country hosting the address.
The owner (Amazon, Cloudflare etc.) is in the static ip map file. The country information comes from running geoiplookup utility if it is installed on the computer. We don't keep any country info in the static ip map. Nothing from geoip database is in our file. GPLv2 as the rest of the project should do it.
@netblue30 commented on Feb 2:
It's quite simple. There are two different pieces of information: the owner of the address, and the country hosting the address.
The owner (Amazon, Cloudflare etc.) is in the static ip map file. The country information comes from running geoiplookup utility if it is installed on the computer. We don't keep any country info in the static ip map. Nothing from geoip database is in our file. GPLv2 as the rest of the project should do it.
I see, I misunderstood the part about geoip. So the only thing that comes from geoip is the country information and that is generated only at runtime. I read #4867 again and now it makes sense to me. Sorry for the confusion.
General
@reinerh commented on Jan 19:
@netblue30 commented on Jan 20:
I don't exactly understand everything that was involved when generating static-ip-map, but from what I'm reading, to me it looks like that file could possibly be considered a derivative work of geolite2/geoip-database (I'm not sure). In which case, the license of the original database and of static-ip-map would have to be compatible with each other and also with GPLv2+ as used by firejail.
In any case, I would keep the same license as the original database to avoid license proliferation and also to allow contributions to go both ways (especially since static-ip-map isn't a major part of firejail anyway).
Also, if it is potentially a derivative work, the original copyright notice(s) probably have to be distributed along with the data to comply with the license. I'd also distribute the original license file as well for good measure.
Which License
Are you sure that that is the license that applies in this case?
The Debian package for geoip-database only mentions CC-BY-SA-4.0 and CC-BY-3.0 as the licenses. From https://sources.debian.org/src/geoip-database/20191224-3/LICENSE.txt/:
Also, copyright information for completeness: https://sources.debian.org/src/geoip-database/20191224-3/COPYRIGHT.txt/:
According to GNU, CC-BY-SA-4.0 is only compatible with GPLv3+:
https://www.gnu.org/licenses/license-list.en.html#ccbysa
Also there is no entry of OpenDataLicense in the GNU license comment list:
https://www.gnu.org/licenses/license-list.en.html
AFAIK OpenDataLicense is also a copyleft license (and copyleft licenses are usually incompatible with each other by default due to their nature of disallowing further restrictions), so GPL compatibility seems unclear to me.
I think that the lack of a clear answer could cause issues for anyone using firejail under GPLv2-only. I suspect that SailfishOS may be one such case (Cc: @spiiroin @Tomin1).
Suggestion
Anyway, my suggestion would be to remove static-ip-map for now to avoid shipping it in 0.9.68 (since the release already in RC stage and since the feature was added rather recently) and then try to figure this out after the release.