Permission to Use RawTherapee in Government

rangerdavid · November 18, 2019, 10:37pm

I’m a park ranger with the National Park Service, Department of the Interior. I’m trying to get our computer administrators to accept RawTherapee as an approved software application and install it on some of our computers, but they have asked for a letter from the developer specifically stating that the software can be used by the government before they’ll install it.

Can someone provide permission, by email or otherwise, for me and other federal government staff, to use your software in non-profit, public sector work?

…just a small part of the red tape to get this working…

Much appreciated.

darix · November 18, 2019, 10:48pm

This is the license under which you can use it.

github.com

Beep6581/RawTherapee/blob/dev/LICENSE.txt

    RawTherapee - A powerful, cross-platform raw image processing program.
    Copyright (C) 2004-2012 Gabor Horvath <hgabor@rawtherapee.com>
    Copyright (C) 2010-2021 RawTherapee development team.

    RawTherapee is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    RawTherapee is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.

                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

This file has been truncated. show original

As long as your government work does not violate any of the terms of the license, you can be a happy user of the software.

rangerdavid · November 18, 2019, 10:50pm

darix,

Sadly, I need the developer(s) themselves to specifically contact me; I’ve provided this license to our IT staff and they still want a permission letter.

Have pity on us public servants, this is what we have to deal with sometimes…

heckflosse · November 18, 2019, 11:17pm

@rangerdavid

Dave, I am one (of many) developers of RawTherapee. As a developer I (being not a lawyer) absolutely can’t tell you whether you are allowed to use RawTherapee for your purposes.

Your admins (and lawyers) should be able to tell you (based on the RT GPL license and their knowledge).

For my point of view there’s not reason not to use it, but I don’t know the background…

Regards, Ingo

rangerdavid · November 19, 2019, 12:15am

@heckflosse

Thank you, I’ll take that as a “so far as I know, go for it.”

Herein lies the problem of a strongly hierarchical organization asking a broadly distributed collaborative organization for something authoritative. It just doesn’t work that way!

darix · November 19, 2019, 12:28am

your problem is not the hierarchy.

afre · November 19, 2019, 12:32am

Perhaps print the licence and this thread on bonded paper.

rangerdavid · November 19, 2019, 12:39am

Exactly! Already PDF’ed this thread and sent it on up. We’ll see what happens…

gadolf · November 19, 2019, 12:39am

@rangerdavid Isn’t this enough?

rangerdavid · November 19, 2019, 12:52am

Sadly, a quick read of that memorandum, and it looks like that’s for how the government should participate in releasing proprietary code as open source code, or collaborate in open source projects. It doesn’t speak to using open source code or compiled applications, or specifically to being able to use GPL(x) licensed code, in more general terms. I’ll forward it anyway…

Thank you.

ldj · November 19, 2019, 1:15am

Hi Dave,
I’m a contractor to the USGS at EROS (Earth Resources Observation and Science), where we archive and process satellite images (primarily from the Landsat missions). I’m a scientific software developer working with the algorithms for processing the satellite imagery into various levels of characterization, calibration, and correction. We’ve been using GPL’ed software in our systems and applications for decades. In fact, we work primarily on Linux systems (CentOS), and the sysadmins will install any packages that we require. We live and breathe Open Source. So I’d be surprised if RawTherapee, Darktable, GIMP, QGIS, or any Open Source application would be an issue /from a licensing standpoint/. I would think the only issues may be with some managers who don’t understand or “trust” Open Source, confusing it with some of the crappy freeware/shareware out there.
Having said that, I feel your pain. We had management meetings back around 2000 where we spent months convincing the government contracting officers that Open Source is legal and safe to use in our environment.

Entropy512 · November 19, 2019, 2:01am

Here’s my background: I spent 10 years working for a government contractor (Lockheed Martin).

Understandably, there were serious concerns about integrating GPL software as part of any deliverable. However, in the case of RawTherapee, in nearly any use case (and definitely yours) it falls into the category of a tool, not a component of a deliverable product.

As a tool - we even had approval to use GPL software (although there needed to be a fairly long approval process that included a security review) in our labs which were processing classified data.

But like Lowell, I feel your pain. I had one situation where we wanted to include OpenSSL as part of a deliverable. The license of OpenSSL happens to be such that it was legal to do this. However, our internal legal compliance team were F**ing lazy and relied on an automated tool that basically grepped the source code for various keywords. The end result of this tool concluded that OpenSSL was under both the actual OpenSSL license and the GPL - because of files in the source code distribution that explicitly called out the GPL as being incompatible and them matching that keyword! It took MONTHS of the engineering team “vehemently disagreeing” with legal before we could get a human in the legal department to actually sit and read the fscking license.

As someone who has a minor contribution (so far, planning on more in the future) to RT and is hence a small-time copyright holder, my interpretation is exactly in line with @heckflosse - Read the license terms, if there is nothing in those terms that is problematic for your use case - go ahead! (In general, for any government user merely using the software as a tool with no modification and no redistribution as a component of a deliverable, there are no problems I would expect).

In fact, the nature of the license is such that even if an RT contributor objected to government use - as the software is licensed under the GPL and thus their contribution is a “derivative work” which falls under the GPL - they could not object to government use as a contributor doing so would violate section 10 of the GPL:

You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.

As a side note to the original poster - the NPS rocks. If any of you use trackpad/touchpad scrolling, I’ll be incredibly proud to have made some of your lives a little easier. You’re one of my favorite government agencies!

As a side note, @rangerdavid - are you based in any particular park? One of my college classmates worked for the NPS for years. They are now working for (if I recall correctly) an environmental nonprofit organization. They time as a ranger in Shenandoah and Yosemite, and are now back in the Shenandoah Valley working for the Valley Conservation Council.

ggbutcher · November 19, 2019, 2:16am

Here’s an approach to consider: If your PCOs have already authorized use of a particular Linux distro, you might be able to compel them to allow install of the RT package that “comes with” that distro. If you’re using Windows, sorry 'bout that…

Entropy512 · November 19, 2019, 2:23am

Ugh… You’ve gotten into the rather sore spot of distribution packaging (or lack thereof).

An ongoing issue for RT which @Morgan_Hardwood and others are working on improving.

And I suspect that while the NPS might use Linux on server backends, they (like many other United States government entities) are still stuck with Microsoft on the desktop.

(I mentioned labs processing classified data? Our security people had authority to self-certify Windows installations. But any Linux installation needed to go through months of reviews and paperwork by DSS.)

It was actually easier to get Wireshark installed on a Windows machine (as it was pre-approved software) than it was to get a new Linux machine approved.

ggbutcher · November 19, 2019, 3:16am

I thought it was worth a shot. My background is 20yrs Air Force acquisition, 18yrs on a weapon system program as a gov’t contractor. It’s recent observation, but I’ve seen Linux distros used in DoD systems in other than server applications. With the “demise” of Solaris, Linux is making inroads in workstation applications.

In defense of the PCOs, they’re just oriented to working under a contractual relationship: goods/services for consideration. A permission letter would give them what they need to abrogate that relationship. For a FOSS license to have the same weight in their eyes, it would have to explicitly address their subject use.

Morgan_Hardwood · November 19, 2019, 8:11am

To Whomever it May Concern

I, the Agent and Settler for Morgan H. Wood, the Individual not the Person, within the bounds of the RawTherapee licence agreement, the GNU General Public License Version 3, hereby explicitly grant permission for RawTherapee to be used, at your own risk, by the United States Government and its colonies, by Donald John Trump, Barack Hussein Obama II and III, the FBI, the CIA, the NSA, NASA, NCIS, Dr. Phil, the League of Nations, the National Parks Service including John Nores and Ranger David, the Department of Motor Vehicles, Joe Rogan, Nick Offerman, Elon Musk, and Klaus. This recognition does not extend to the Church of Scientology and affiliates.

But only on Tuesdays.

PanoMeister · November 19, 2019, 10:52am

This is great! Thanks for making my day!

Entropy512 · November 19, 2019, 2:11pm

Technically, as much as I’m sure we’d all like to stop the CoS from using RT - that would be a violation of section 10.

So is the Only on Tuesdays clause

(I know you were joking, because the whole request is silly, but these compliance officers can be excessively paranoid.)

Getting more seriously - I think everyone who is a contributor can agree that the license text at RawTherapee/LICENSE.txt at dev · Beep6581/RawTherapee · GitHub stands as our letter.

@rangerdavid - if that is insufficient for your compliance officer, I must ask why:
Does your compliance officer feel that some aspect of how you use the software would conflict with the terms laid out in the license?

Are they asking for a letter because they feel that an exemption is needed? What exemption are they looking for?

No single RT contributor has the authority to grant such an exemption to anyone, the GPLv3’s policy on derivative works ensures that. To grant an exemption, every single copyright holder (basically every contributor to RT) would have to approve alternative licensing. For this reason I have serious objections to supplying any sort of letter beyond the license text, as this letter could be misconstrued as an implied grant of some sort of exemption.

If they merely want a letter that says “comply with the terms of the license” - I object because it is silly and redundant and would set the precedent that the RT team gives silly and redundant letters, which would result in the team getting deluged with requests for redundant letters, which would mean we would spend all of our time writing letters and not developing the software.

I’m willing to give informal opinion on whether I think a particular use case would actually require some form of exemption. So far what @rangerdavid has described does not seem like it would require an exemption of any form. Is the compliance officer worried that program output would be consider a derivative work? See Frequently Asked Questions about the GNU Licenses - GNU Project - Free Software Foundation

patdavid · November 19, 2019, 4:16pm

Hi @rangerdavid!

I have had similar problems internally with the DoD, but I suspect the path to a solution might look different. (The Navy has been working with open source non-profits for almost two decades now.)

We have also had these types of requests in the GIMP team and haven’t really documented a strategy for dealing with it.

I think we might be able to help you get what you need better if we had an example of what the compliance officer might be looking for? Maybe see if they have an example or previous letter that they were happy with?

@Morgan_Hardwood - I’m also happy to try and draft something that might make a compliance officer happy.

Entropy512 · November 19, 2019, 4:58pm

At Lockheed, we eventually had an official FOSS approval process. The approval process was per-program, and the application for approval included a questionnaire including things such as:
What is the software?
What is its license? (but this would basically get ignored in favor of an automatic grep search, see my previous rant regarding false-positiving a GPL-incompatible piece of software as GPL)
Will this be made part of a customer deliverable or is it just being used as a tool?
Will anyone be modifying the software?

In general, approval for unmodified tools was pretty easy. Things got fun when we wanted to deploy something as part of a product.