Warnings security

[petterreinholdtsen]

Tell the compiler to help us with security and portability. Fix some errors detected this way.

[gardners]

Hi Petter, Can you please confirm that you are offering your patches under both BSD and GPL licenses so that we have a record of this for future reference? Thanks again for your work on this, Paul.

[petterreinholdtsen]

[gardners]

Hi Petter, Can you please confirm that you are offering your patches under both BSD and GPL licenses so that we have a record of this for future reference?

Yes, I am happy to license my patches for serval-dna as BSD and GPL. :)

Thanks again for your work on this,

No worries. I hope I can get it working with my local mesh. Still learning mesh technology setup and usage. :)

Happy hacking Petter Reinholdtsen

[petterreinholdtsen]

Is it useful that I spend time keeping warnings out of the code? I hope the fixes will make it into the official codes soon. I updated the patch to the current source, and a few warnings had been introduced in the new code since the first time I looked at this.

[gardners]

Hello,

Yes, please do keep identifying issues with the code. We have limited developer resources at this end at the moment, and most of us have been travelling lately, and so I apologise for the slow rate of ingestion.

I will poke the guys about this again when they come back in this afternoon, at least so that we get the extra warnings showing when they compile here, so that we stop any more entering.

Paul.

On Thu, Oct 31, 2013 at 3:52 AM, petterreinholdtsen < notifications@github.com> wrote:

Is it useful that I spend time keeping warnings out of the code? I hope the fixes will make it into the official codes soon. I updated the patch to the current source, and a few warnings had been introduced in the new code since the first time I looked at this.

— Reply to this email directly or view it on GitHubhttps://github.com/servalproject/serval-dna/pull/70#issuecomment-27415091 .

[petterreinholdtsen]

As a month have passed, I am getting less eager to keep the branch up to date. Perhaps it is better for you to just ask the compiler for more warnings when you feel ready for it and fix the problems detected at your own pace?

[gardners]

Hello,

My apologies that we have not been able to tackle this more adequately so far. We are flat out with obligations under our existing grants, as well as my current teaching obligations. I quite understand if you let the branch lapse for the time being. Be assured that we will look at addressing this important matter properly at our first opportunity.

Paul.

On Sun, Dec 1, 2013 at 9:27 AM, petterreinholdtsen <notifications@github.com

wrote:

As a month have passed, I am getting less eager to keep the branch up to date. Perhaps it is better for you to just ask the compiler for more warnings when you feel ready for it and fix the problems detected at your own pace?

— Reply to this email directly or view it on GitHubhttps://github.com/servalproject/serval-dna/pull/70#issuecomment-29563036 .

[quixotique]

I am working to pull in this work, which we definitely want! I have been flat out with grant obligations, but have not forgotten this pull request.

Before I can pull it, I have to do some copyright and license housekeeping on Serval DNA. I have to make sure that there are proper copyright and license messages on all our source code files. I have to include the text of the GPL2 in a new LICENSE-GPL2.md file. I then have to add "servald copyright" and "servald license gpl2" commands in order to comply with GPL2 (including the full text of the licence in the binary).

Once that is done, I can pull your changes. Unless you indicate otherwise, I assume you will use the 2-clause BSD public license. I will have to ensure that all source files containing your changes bear a copyright message with your name (would be best if you did this, actually). I will have to put the text of the 2-clause BSD license into a LICENSE-BSD.md file, and add a "servald license bsd" command. I will also have to change the "servald copyright" message to include your copyright notice, with a note to the effect that you license all your code in Serval DNA to the public under the BSD license, and Serval Project Inc licenses all code, incuding yours, to the public under GPL2.

[quixotique]

Hi Petter, I am just about ready to pull your code. Could you please put a copyright and license notice at the top of every source file you have changed (but not Makefile.in). Assuming you will go with the 2-clause BSD public license, your comment should be situated immediately below the Serval Project's copyright block, and could look something like:

/*
Portions Copyright (C) 2013 Petter Reinholdtsen
All rights reserved

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

Once this is done I will pull your changes.

[petterreinholdtsen]

[Andrew Bettison]

Hi Petter, I am just about ready to pull your code. Could you please put a copyright and license notice at the top of every source file you have changed (but not Makefile.in). Assuming you will go with the 2-clause BSD public license, your comment should be situated immediately below the Serval Project's copyright block, and could look something like:

The changes I have done are the obvious changes any C programmer would do to get rid of compiler warnings after asking the compiler to provide more warnings. I fail to see how the changes in question can be copyrightable. Examples like the change in nacl/src/crypto_scalarmult_curve25519_ref/smult.c where my change is to remove an unused variable, or commandline.c where I add two null initializers involve no creative effort whatsoever. But whatever. If this requirement is what you want to express to your contributors, I can waste some time claiming copyright to trivial one-liners.

New draft is pushed.

I find this exercise quite stupid, and based on a completely different understanding of copyright law than my own. Or perhaps it is just another example on how copyright law no longer make sense and its reach have been pushed beyond all reasonable limits.

Happy hacking Petter Reinholdtsen

[gardners]

Hello Petter,

On Sun, Dec 8, 2013 at 4:13 AM, petterreinholdtsen <notifications@github.com

wrote:

[Andrew Bettison]

Hi Petter, I am just about ready to pull your code. Could you please put a copyright and license notice at the top of every source file you have changed (but not Makefile.in). Assuming you will go with the 2-clause BSD public license, your comment should be situated immediately below the Serval Project's

copyright block, and could look something like:

The changes I have done are the obvious changes any C programmer would do to get rid of compiler warnings after asking the compiler to provide more warnings. I fail to see how the changes in question can be copyrightable. Examples like the change in nacl/src/crypto_scalarmult_curve25519_ref/smult.c where my change is to remove an unused variable, or commandline.c where I add two null initializers involve no creative effort whatsoever. But whatever. If this requirement is what you want to express to your contributors, I can waste some time claiming copyright to trivial one-liners.

New draft is pushed.

I find this exercise quite stupid, and based on a completely different understanding of copyright law than my own. Or perhaps it is just another example on how copyright law no longer make sense and its reach have been pushed beyond all reasonable limits.

Thanks for bearing with us on this.

We also agree that the process is stupid, however, copyright law is stupid in many ways and in many countries, and thus the need for us to make sure that the copyright on all contributions is clear, so that there can be no problems later. We did contemplate pulling the changes in as being obvious and trivial, but we wanted to acknowledge your contributions, which left us with the copyright issue to sort out. Of course, if iOS and Windows Mobile didn't have anti-GPL provisions, none of this would be necessary, and it is only our humanitarian imperative that we want to help people who find themselves using closed operating systems during disasters that makes us follow this path.

Oh for a world where this could all be much simpler, but sadly, we are not there today.

Thank you again for your patience with our unusual situation, Paul.

Happy hacking Petter Reinholdtsen

—

Reply to this email directly or view it on GitHubhttps://github.com/servalproject/serval-dna/pull/70#issuecomment-30060246 .

[quixotique]

Hi Petter, Thank you for adding those copyright comments. I agree with you that this process seems stupid, and personally I feel that it is a waste of time that should be spent on "real" work. Were it not for some fairly recent and unpleasant legal misadventures, we would probably be taking a relaxed approach to your contributions. However, we have learned how lawyers and the legal system works. Common sense may well prevail before a judge, but IP legal attacks seldom end up before a judge, as the victim generally does not have pockets deep enough to get to that stage. In the absence of a rich benefactor, our best defence against aggressive lawyers is nit-picking attention to detail. The kind of diligence we are putting you through is gold in the bank for an organisation like the Serval Project. Also, you are our first contributor who declined to sign the copyright assignment agreement (a decision which we fully understand and support), so we have had to work out this process as we go. Andrew

[quixotique]

Manually pulled into the warnings branch. Now working to close the remaining warnings.