Gentoo Archives: gentoo-dev

From: Roy Bamford <neddyseagoon@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] Solving the problem of huge number of wrong LICENSES=*GPL-[23]
Date: Sun, 26 Aug 2018 11:34:12
Message-Id: K4BlAGCD+DA1wuXQun2uMj@TEHLJOGtlg9VQqGHyhDBk
In Reply to: Re: [gentoo-dev] [RFC] Solving the problem of huge number of wrong LICENSES=*GPL-[23] by "Michał Górny"
1 On 2018.08.26 12:15, Michał Górny wrote:
2 > On Sun, 2018-08-26 at 13:09 +0200, Paweł Hajdan, Jr. wrote:
3 > > On 26/08/2018 12:53, Mart Raudsepp wrote:
4 > > > The common issue here is that upstream COPYING files really do
5 > only
6 > > > talk about one of the versions. And then you get to validate or
7 > source
8 > > > files to be sure that they do have a "or later" clause in them.
9 > And
10 > > > then on each bump you ideally should validate it again, etc, that
11 > no
12 > > > sources without "or later" allowance are in there...
13 > >
14 > > Yup, precise tracking of license metadata can be a pain.
15 > >
16 > > I'm not really sure if that level of it is worth for us as a distro.
17 > For
18 > > _importing_ other project's source code directly into one's project
19 > > precise license compatibility matters a lot. That's not the scenario
20 > > we're in. I see LICENSES as mostly a mechanism for end users to
21 > accept
22 > > or reject EULAs etc, and I'm curious what are other common
23 > scenarios.
24 > >
25 > > Michał, could you elaborate on why not distinguishing more precisely
26 > > between these GPL variants in LICENSES is a _problem_ ? I can
27 > certainly
28 > > see the information is not always accurate, but it's not obvious to
29 > me
30 > > how severe is the downside, what are the consequences in practice.
31 > >
32 >
33 > I'm not aware of any major implications. However, I think that if we
34 > provide for the distinction, the distinction should be used correctly.
35 >
36 > --
37 > Best regards,
38 > Michał Górny
39 >
40
41 Michał,
42
43 How far do you want to dig?
44 Every upstream file or do you trust the upstream top level licence?
45
46 What about bundled libs?
47 Do you trust upstream to have that that right too?
48
49 It looks like a lot of work for what is at most, a convenience to users.
50
51 What matters most is the licensing for things we distribute as binaries.
52 That would make an interesting and more manageable test case.
53
54 As has already been pointed out. Fixing it is one thing, keeping it fixed
55 is another.
56
57 --
58 Regards,
59
60 Roy Bamford
61 (Neddyseagoon) a member of
62 elections
63 gentoo-ops
64 forum-mods