New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VirtualBox Extension Pack do not use requireFile (to prevent PUEL violations) anymore #672
Comments
OK, everything is now working fine after a reboot. By speaking about the commit 6c86398, and the remark by @vcunat:
The reason of the requireFile is that the virtualbox extension pack is licensed under a specific license which restricts its use to evaluation and personal use (see https://www.virtualbox.org/wiki/VirtualBox_PUEL for details).
The requireFile is here to force the user be be aware of these restrictions (or at least to take him to the page where the license is mentioned) by manually going to the website. By removing it, there is no more prevention of potential violations of the PUEL. Is there a way to force a user to accept a license in NixOS ? If yes, it may be an alternative and compliant solution. |
I have updated the subject in order to be consistent with my latest posts... |
@bbenoist: thanks for clarifying. At the very least we should modify the license when using extensions (probably "unfree-redistributable"?). I don't understand law at all (moreover, IMO it gets complicated in international setting like here). Certainly feel free to change it (but leave a comment there why it's so, please). |
I've noted this in 5a3f9c0 already, but maybe we should add a message attribute to And I'm not a lawyer as well, which is why I used |
Ah, I didn't read logs. It should be redistributable, IMO the only question is make user "accept EULA". I don't know... but we also don't print the GPL and others when installing packages (maybe they are less restrictive, but still). |
@vcunat: No problem, as I also asked myself the same question when installing it the first time and had an answer, it seemed natural to relay you this answer. I am too not a lawyer but have to take care of such weird licence-related issues as I am using it in a company... Anyway, such reads can be quite funny when finding such clauses (from the PUEL):
More seriously, the PUEL (available at https://www.virtualbox.org/wiki/VirtualBox_PUEL ) stipulates that:
Which seems to be meaning that the only way to be compliant to the license is not only to accept its license but that any end-user downloads the binaries from the official "Downloads page". Also, on a different side of the problem, the licensing FAQ (available at https://www.virtualbox.org/wiki/Licensing_FAQ) contains this Q/A:
Which means that the derivation containing the extension pack can not be distributed through a nix channel because of containing binaries licensed under the PUEL. From what I have understood of the problem, the only solution to use in order to be compliant is to force the end-user to download it from the "Downloads page" of virtualbox.org. As the license does not clearly stipulates if the thing can be done manually or automatically, I see here two possible solutions:
Following my habits of "searching how issue X has been handled in Arch ™ ", it seems that their point of view is to let its users download it by themselves: https://wiki.archlinux.org/index.php/VirtualBox_Extras#Extension_pack I must say that such licensing restrictions are IMO a loss of time for its end users, but we unfortunately do not have the choice to comply with. |
OK, so this way? vcunat@05cfc11 I tested that nix finds the file if one runs the command as the message suggests. |
LGTM 👍 edit: However I'd word it like this:
(I'm not a native speaker either, but it probably isn't as terse as your version) |
Not really. According to what I have previously quoted, any end-user must download the binaries from the Downloads page:
By using nix-prefetch-url, you still not respect literally the license because the end users will not have to go to the page: nix-prefetch-url is directly using the binary download url. As I agree that this rule seems to be nonsense, we must respect their conditions whatever useless they are. Even if counting downloads directly on the downloaded file rather than passing through a dedicated page is technically possible, this does not mean that virtualbox.org is counting this way...
In summary, you must use the "ambiguous" solution which is automatic but potentially buggy (depends of a dynamic page) or ask the user to go to the download page and find the URL or dowload the file by himself. So, to my mind, the message should be:
with only using a filename variable in the nix-prefetch-url instead of url. My side would have added this:
but I fear misinterpretations 😨 It would be nice to have a method to quantify the total number of hours lost in the world by such licensing restrictions, maybe this would help lawyers to make some more realistic and user-friendly licenses 😡 There even exists some US restriction preventing some software to be used in certain people resigin in countries listed in the US OFAC such as Cuba, Iran, North Korea, Sudan, and Syria which has several issues (see http://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/ for an example with sourceforge)... 😵 |
The commit bbenoist@9be289d is compliant with my POV. |
I see, feel free to push it (extpackRevision is redundant, but it doesn't matter). |
@vcunat OK, I will do it. |
Closing, continue discussion in pull requests #675 |
The direct download was unfortunately not compliant with the VirtualBox Extension Pack's Personal Use and Evaluation License (PUEL) which stipulates that any end-user should fetch the binaries from the official Downloads page. See NixOS/nixpkgs#672 and http://www.virtualbox.org/wiki/VirtualBox_PUEL for more info.
I cannot run any of my virtual machines under the virtualbox version 4.2.14 updated yesterday by the commit 6c86398. This occurs even after discarding eventual savestates.
Error message:
Details:
Everything is working fine if I revert this commit and switch back to the version 4.2.12.
Did you someone ever had such an issue after upgrading virtualbox ?
The text was updated successfully, but these errors were encountered: