| 1 |
On Sunday, August 26, 2018 7:09:41 AM EDT Paweł Hajdan, Jr. wrote: |
| 2 |
> On 26/08/2018 12:53, Mart Raudsepp wrote: |
| 3 |
> > The common issue here is that upstream COPYING files really do only |
| 4 |
> > talk about one of the versions. And then you get to validate or source |
| 5 |
> > files to be sure that they do have a "or later" clause in them. And |
| 6 |
> > then on each bump you ideally should validate it again, etc, that no |
| 7 |
> > sources without "or later" allowance are in there... |
| 8 |
> |
| 9 |
> Yup, precise tracking of license metadata can be a pain. |
| 10 |
> |
| 11 |
> I'm not really sure if that level of it is worth for us as a distro. For |
| 12 |
> _importing_ other project's source code directly into one's project |
| 13 |
> precise license compatibility matters a lot. That's not the scenario |
| 14 |
> we're in. I see LICENSES as mostly a mechanism for end users to accept |
| 15 |
> or reject EULAs etc, and I'm curious what are other common scenarios. |
| 16 |
> |
| 17 |
> Michał, could you elaborate on why not distinguishing more precisely |
| 18 |
> between these GPL variants in LICENSES is a _problem_ ? I can certainly |
| 19 |
> see the information is not always accurate, but it's not obvious to me |
| 20 |
> how severe is the downside, what are the consequences in practice. |
| 21 |
|
| 22 |
I can say that if the licenses are habitually misidentified, I could not use |
| 23 |
Gentoo's portage tree in my job without extensive and ongoing revalidation of |
| 24 |
the license metadata. |
| 25 |
|
| 26 |
There are, in fact, automated tools for advising about the license disposition |
| 27 |
of these types of things, examining source files for unfortunate edits and |
| 28 |
variants and flagging them, etc. It might be an interesting task at some point |
| 29 |
to point some of these tools at portage, look for incorrect metadata and file |
| 30 |
bug reports. |
| 31 |
|
| 32 |
Not suggesting this is a worthwhile approach up front, but it might be a |
| 33 |
useful tool in the future for dealing with license metadata quality as a |
| 34 |
chronic issue. (Which, in turn, is useful for commercial consumption and |
| 35 |
participation.) |
Archives