When I posted about the hwids data I was not expecting to find what I just found today, and honestly, I’m wondering if I’m always looking for stuff under rocks.
My reason to split out the ID databases off their respective utilities (pciutils and usbutils) was simple enough: I didn’t need to deal with the two utilities, both of which are GPL-2, when the database themselves are available under the BSD 3-clauses license; it was just a matter of removing code, and avoiding auditing of projects that we don’t need to rely upon.
The fact that it was still a pet peeve of mine to not have an extra package taking care of it, rather than bundling them, was just an added bonus.
So after creating a silly placeholder which is fine for our needs here, with the blessing of Greg I created a new package, sys-apps/hwids (I wanted to call it hwdata, but we have both gentoo-hwdata and redhat-hwdata that install very different stuff), which has its own repository and with a live ebuild that simply fetches the files out of the respective website. I’m going to update the package weekly, if there are changes, so that we always have a more up-to-date version of it, and we won’t be needing the network cron scripts at all either.
I’ve also updated lshw to support the split package, so that it doesn’t install its own ids files anymore… of course that is only half the work done there, since the lshw package has two more datafiles: oui.txt and manuf.txt. The latter comes out of Wireshark, while the former is downloaded straight from IEEE’s Public OUI registry and that’s where the trouble starts.
The problem is that while you’re free to download the oui.txt file, you won’t find any kind of license on the file itself. I’ve sent a request to IEEE for some clarification on the matter and their answer is a clear “you cannot redistribute that file” (even though Ulrich, while not a lawyer, pointed out that it’s factual information which might not be copyrightable at all — see Threshold of originality for further details.
So why would I care about that single file given that lshw is a minor package by itself, and shouldn’t matter that much? Well, the answer is actually easy to give: bluez also contains a copy of it. And we’re redistributing that for sure, at least in source form. Sabayon is actually distributing binaries of it.
Interestingly enough, neither Debian’s lshw package nor their Bluez one do install the oui.txt file and I wouldn’t be surprised if their source archives have been neutered made Free by removing the distributed copy of the file.
What should we do about this? Unfortunately, that’s one question I don’t have an answer for myself yet, but I guess it should be clear enough that you can’t always assume that what upstream declares to be the case… actually is the case, especially for what concerns licensing. And this is the reason why, even though we don’t have any problem with releasing the source of all the GPL’d packages we have, we’d like to reduce as much as possible the amount of licenses I have to go through.