[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about multiple licenses
|
From: |
Dave Love |
|
Subject: |
Re: Question about multiple licenses |
|
Date: |
Tue, 12 Sep 2017 23:13:42 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Ludovic Courtès <address@hidden> writes:
>> Well, from what I know about copyright, that isn't the licence of glibc,
>> which is the sum of all the licences involved, and you'd have to know
>> how to find them if you didn't just unpack the tarball. With pack
>> output in a lot of cases you don't have the information.
>
> Right, ‘guix pack’ makes things more complicated—although I would argue
> that, contrary to Dockerfiles and the like (which nobody seems to
> complain about),
Well,
they should -- I think there should be something from GNU on
the topic -- and it's what motivated the Fedora
policy to separate %licence. That's supposed to go into containers as
I understand it, c.f. %doc, which isn't in spec files.
> Guix makes it easier to do provenance tracking since
> there’s an unambiguous source → binary mapping.
Right, though the binary can be under a subset licence, e.g. when
un-shipped tests are under a different licence.
> How do Debian and Fedora determine the relevant files to copy? We could
> investigate ways to do that, but it won’t scale unless we have a mostly
> automated way to do it.
The submitter and reviewer have to put the right stuff in the package
definition -- %license for Fedora and the copyright file for Debian.
That should be checked to first order with licensecheck (automated in
the "fedora-review" tool). You might be able to automate cross-checking
with Debian and Fedora to some extent.
> (It won’t scale to the size of Stackage, CPAN, Pypi, etc. either…)
>
> Thoughts?
I think it has to be got right even if they don't do so. There's plenty
imported to Fedora and Debian from those.