1 |
On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny <mgorny@g.o> wrote: |
2 |
> W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman |
3 |
> napisał: |
4 |
>> On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller <ulm@g.o> wrote: |
5 |
>> > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: |
6 |
>> > |
7 |
>> > Don't you think there is a difference between downloading a package |
8 |
>> > that has a known upstream and that is also carried by other distros, |
9 |
>> > and downloading a license-less package from a random location on the |
10 |
>> > internet? |
11 |
>> |
12 |
>> Most upstreams do not do much checking about the ownership of their sources. |
13 |
>> |
14 |
>> Gentoo certainly doesn't - we don't even require developers to submit a DCO. |
15 |
>> |
16 |
>> Other projects like the Linux kernel require signing a DCO for each |
17 |
>> commit, but do not do any checking beyond this. I have no doubt that |
18 |
>> they would remove offending sources if they were contacted, but they |
19 |
>> do not actively go out and confirm authorship. |
20 |
>> |
21 |
>> > |
22 |
>> > > > The package in question doesn't come with any license though, which |
23 |
>> > > > means that only the copyright holder has the right to distribute |
24 |
>> > > > it. So I believe that some extra care is justified, especially when |
25 |
>> > > > the upstream location of the distfile has changed. |
26 |
>> > > Why? We don't redistribute anything that is copyrighted. |
27 |
>> > |
28 |
>> > Users download the file, and I think that we are responsible to have |
29 |
>> > only such SRC_URIs in our ebuilds from where they can obtain the |
30 |
>> > package without being exposed to potential legal issues. |
31 |
>> |
32 |
>> I'm not aware of any court rulings that have found downloading |
33 |
>> something like this to be illegal. |
34 |
>> |
35 |
>> > |
36 |
>> > > Perhaps if we want to enforce a policy like this we should take the |
37 |
>> > > time to actually write the policy down. As far as I can tell Gentoo |
38 |
>> > > has no such policy currently. |
39 |
>> > |
40 |
>> > The old Games Ebuild Howto [1] has this: |
41 |
>> > |
42 |
>> > > LICENSE |
43 |
>> > > |
44 |
>> > > The license is an important point in your ebuild. It is also a |
45 |
>> > > common place for making mistakes. Try to check the license on any |
46 |
>> > > ebuild that you submit. Often times, the license will be in a |
47 |
>> > > COPYING file, distributed in the package's tarball. If the license |
48 |
>> > > is not readily apparent, try contacting the authors of the package |
49 |
>> > > for clarification. [...] |
50 |
>> > |
51 |
>> > I propose to add the paragraph above to the devmanual's licenses |
52 |
>> > section. |
53 |
>> > |
54 |
>> |
55 |
>> We already know there isn't a license for redistribution. This |
56 |
>> doesn't speak about requiring us to ensure that those distributing our |
57 |
>> source files have the rights to do so. It merely says to check the |
58 |
>> license. We understand the license already. I don't see how this |
59 |
>> paragraph pertains to this situation. |
60 |
> |
61 |
> AFAIK you're a developer. So if you want to keep this package, then |
62 |
> please do the needful and take care of it yourself instead of |
63 |
> complaining and demanding others to do the work you want done. |
64 |
> |
65 |
|
66 |
Are you saying it is sufficient to just point the SRC_URI at the new |
67 |
URL and remove the mask? As far as I can tell that is all that needs |
68 |
to be done. Per the policy the license is readily apparent, so there |
69 |
is no need to contact the authors. |
70 |
|
71 |
-- |
72 |
Rich |