Overview
Request 1182541 review
This package with free GeoLite2 DB need for work mmdblookup, nginx-module-geoip2, php-maxminddb and more packages.
- Created by 13ilya
- In state review
- Supersedes 1181752
-
Open review for
opensuse-review-team
- Open review for openSUSE:Factory:Staging:adi:37
-
Open review for
dec16180
are we sure we can just redistribute the files? IIRC you normally have to register for that and download it with their tool.
I'm sure!
https://dev.maxmind.com/geoip/geolite2-free-geolocation-data#license
I've done the attribution, I've done the license CC-BY-SA-4.0.
Legally, I've met all the conditions.
every service that than is using the DB files installed via your package needs to have that attribution.
No services are installed with this package.
This probably means services like Amazone that provide a running service with something.
Otherwise, if we take it literally, then even using a registered and downloaded database together with mmdblookup, which clearly does not have this attribution in its code, is a violation.
this isn't the first CC-BY-SA package in openSUSE, so the case has probably been greenlit by the lawyers already.
Request History
13ilya created request
This package with free GeoLite2 DB need for work mmdblookup, nginx-module-geoip2, php-maxminddb and more packages.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
staging-bot set openSUSE:Factory:Staging:adi:37 as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:adi:37"
staging-bot staged request
Picked "openSUSE:Factory:Staging:adi:37"
licensedigger accepted review
ok
darix declined request
1. if redistribution would be ok why do we need use files from a 3rd party git repository?,,2. it seem that the person shares the files after they downloaded them with their own license key:,,https://github.com/P3TERX/GeoLite.mmdb/blob/main/.github/workflows/GeoLite.yml#L46,,I am all for shipping those files. But not in a form that would tarnish the good relationship that we had with them so far.,,so from what i can see: we should ship the download tool to fetch the files and point people how they can get a license for the files.
13ilya reopened request
@darix
1 Legal side of the issue.
Because the project, which itself is a fork of GeoIP, does not have its own repository for free downloading.
2 Years ago it was, but now for residents of Russia to register and get the key is impossible!
In this case, based on the license CC-BY-SA, which they are forced to inherit from GeoIP, they can not explicitly prohibit it, so they came up with such a trick with a subscription and key. But they do not forbid it, provided that the attribution and the license are respected.
https://dev.maxmind.com/geoip/geolite2-free-geolocation-data#license
So legally this package is legal and complies with all licenses!
2 The technical side of the issue.
As I said earlier, the 3 packages I use actually have many more, mmdblookup, php8-maxminddb and nginx-module-geoip2 require one of the maxmind-compatible databases to work without which they are simply not functional!
And it is the distribution's job to ensure that the packages' dependencies are up-to-date and functional if the license allows it. So from a technical point of view this package is essential!
3 Moral side of the issue.
The situation with MaxMind and the GeoLite2 database is similar to the situation with RedHat and the CentOS repository.
RedHat also does not want, according to the GPL-license, to share packages through the CentOS repository, but can not prohibit it explicitly, so it comes up with a hook with CentOS Stream, to bypass the license.
At the same time, SUSE is not shy to spoil relations with RadHat and joins the OpenELA https://openela.org alliance, one of whose tasks is to maintain a CentOS-compatible repository, the source material for which is the CentOS Stream repository, and even, based on this repository, presents its paid product SUSE Liberty Linux https://www.suse.com/products/suse-liberty-linux to support CentOS 7.
And there is nothing about any unwillingness to spoil relations with RadHat Corporation!
I think that if the situation with RadHat and CentOS is acceptable, then the situation with MaxMind and GeoLite2 should definitely be acceptable!
darix added dec16180 as a reviewer
can you please clarify if the inclusion is ok and that the github repository and us are not violating the TOS/license
@darix : Could be a situation like the infamous RHEL SRPMS ("GPL'd but not immediately accessible by arbitrary parties")
+1 I'm preparing a reply to darix right now, and in the point about morality I just see a clear analogy with RedHat Corporation and CentoOS....
@darix
1 Legal side of the issue.
Because the project, which itself is a fork of GeoIP, does not have its own repository for free downloading. 2 Years ago it was, but now for residents of Russia to register and get the key is impossible! In this case, based on the license CC-BY-SA, which they are forced to inherit from GeoIP, they can not explicitly prohibit it, so they came up with such a trick with a subscription and key. But they do not forbid it, provided that the attribution and the license are respected. https://dev.maxmind.com/geoip/geolite2-free-geolocation-data#license So legally this package is legal and complies with all licenses!
2 The technical side of the issue.
As I said earlier, the 3 packages I use actually have many more, mmdblookup, php8-maxminddb and nginx-module-geoip2 require one of the maxmind-compatible databases to work without which they are simply not functional! And it is the distribution's job to ensure that the packages' dependencies are up-to-date and functional if the license allows it. So from a technical point of view this package is essential!
3 Moral side of the issue.
The situation with MaxMind and the GeoLite2 database is similar to the situation with RedHat and the CentOS repository. RedHat also does not want, according to the GPL-license, to share packages through the CentOS repository, but can not prohibit it explicitly, so it comes up with a hook with CentOS Stream, to bypass the license.
At the same time, SUSE is not shy to spoil relations with RadHat and joins the OpenELA https://openela.org alliance, one of whose tasks is to maintain a CentOS-compatible repository, the source material for which is the CentOS Stream repository, and even, based on this repository, presents its paid product SUSE Liberty Linux https://www.suse.com/products/suse-liberty-linux to support CentOS 7.
And there is nothing about any unwillingness to spoil relations with RadHat Corporation! I think that if the situation with RadHat and CentOS is acceptable, then the situation with MaxMind and GeoLite2 should definitely be acceptable!
I wouldnt call it a fork. GeoIP2 and MaxMinddb are from the same company.
there is a legal free download by registering and requesting a free license key.
that you can not get a license now is tough for you, but nothing that would make it ok to bypass their provided way to obtain the databases.
in any case the opensuse-review-team discussed this in the daily standup meeting and forwarded it to legal for clarification.