| 1 |
>>>>> On Thu, 7 Sep 2017, Rich Freeman wrote: |
| 2 |
|
| 3 |
>>> Do we routinely confirm that any site we list in SRC_URI has |
| 4 |
>>> permission to redistribute files? That seems like a slippery |
| 5 |
>>> slope. |
| 6 |
>> |
| 7 |
>> We don't, and for a package that comes with a license (as the vast |
| 8 |
>> majority of packages does) it normally isn't necessary. |
| 9 |
|
| 10 |
> Why isn't this necessary? How do you know the person issuing the |
| 11 |
> license actually has the right to issue it? |
| 12 |
|
| 13 |
Don't you think there is a difference between downloading a package |
| 14 |
that has a known upstream and that is also carried by other distros, |
| 15 |
and downloading a license-less package from a random location on the |
| 16 |
internet? |
| 17 |
|
| 18 |
>> The package in question doesn't come with any license though, which |
| 19 |
>> means that only the copyright holder has the right to distribute |
| 20 |
>> it. So I believe that some extra care is justified, especially when |
| 21 |
>> the upstream location of the distfile has changed. |
| 22 |
|
| 23 |
> Why? We don't redistribute anything that is copyrighted. |
| 24 |
|
| 25 |
Users download the file, and I think that we are responsible to have |
| 26 |
only such SRC_URIs in our ebuilds from where they can obtain the |
| 27 |
package without being exposed to potential legal issues. |
| 28 |
|
| 29 |
> Are you arguing that merely linking to the file is illegal? If so, |
| 30 |
> then you better get the list archives purged. |
| 31 |
|
| 32 |
Arguably, items in SRC_URI aren't even hyperlinks. And no, I don't |
| 33 |
think that such linking is illegal. IANAL, though. |
| 34 |
|
| 35 |
>> We don't know this for sure unless we ask the author. So whoever is |
| 36 |
>> interested in keeping the package in the tree should sort these |
| 37 |
>> issues out. |
| 38 |
|
| 39 |
> Perhaps if we want to enforce a policy like this we should take the |
| 40 |
> time to actually write the policy down. As far as I can tell Gentoo |
| 41 |
> has no such policy currently. |
| 42 |
|
| 43 |
The old Games Ebuild Howto [1] has this: |
| 44 |
|
| 45 |
| LICENSE |
| 46 |
| |
| 47 |
| The license is an important point in your ebuild. It is also a |
| 48 |
| common place for making mistakes. Try to check the license on any |
| 49 |
| ebuild that you submit. Often times, the license will be in a |
| 50 |
| COPYING file, distributed in the package's tarball. If the license |
| 51 |
| is not readily apparent, try contacting the authors of the package |
| 52 |
| for clarification. [...] |
| 53 |
|
| 54 |
I propose to add the paragraph above to the devmanual's licenses |
| 55 |
section. |
| 56 |
|
| 57 |
Ulrich |
| 58 |
|
| 59 |
[1] https://wiki.gentoo.org/wiki/Project:Games/Ebuild_howto#LICENSE |
Archives