[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: License auditing
From: |
Alex Griffin |
Subject: |
Re: License auditing |
Date: |
Thu, 04 Aug 2016 09:40:51 -0500 |
On Thu, Aug 4, 2016, at 09:23 AM, Ludovic Courtès wrote:
> Strictly speaking it’s wrong, but I think it better reflects the intent
> of the authors (I think authors who throw a GPLv3 ‘COPYING’ file without
> bothering to add file headers probably think that GPLv3 and maybe later
> versions apply, but not previous versions.)
Ah, I guess that seems more reasonable when the whole situation is laid
out.
> I suppose many package violations could be detected using Guix, but
> you’re right that subtle cases like this one can go undetected.
>
> In the end, we’re talking about legal documents whose interpretation
> isn’t as formal as we would like. So I suspect that no single tool can
> provide what you want—there is no “license calculus”. Tools like
> Fossology go a long way, but AFAIK they are no substitute for proper
> manual auditing.
I know it can't and shouldn't be fully automated, but we can still build
useful tools to help us.
--
Alex Griffin
- Re: License auditing, (continued)
Re: License auditing, Philippe Ombredanne, 2016/08/04
Re: License auditing, Philippe Ombredanne, 2016/08/04