bug#26256: [PATCH 5/6] gnu: Add userspace-rcu.

[Marius Bakke]

Marius Bakke <address@hidden> writes:

> Marius Bakke <address@hidden> writes:
>
>> Ludovic Courtès <address@hidden> writes:
>>
>>> Marius Bakke <address@hidden> skribis:
>>>
>>>> * gnu/packages/linux.scm (userspace-rcu): New variable.
>>>
>>> [...]
>>>
>>>> +    (license
>>>> +     ;; This library is distributed under LGPL2.1+, but includes some 
>>>> files
>>>> +     ;; covered by other licenses. The LICENSE file has full details.
>>>> +     (list license:lgpl2.1+
>>>> +           license:gpl3+                         ; most tests are gpl2+; 
>>>> tap.sh is gpl3+
>>>> +           license:bsd-2                         ; 
>>>> tests/utils/tap/tap.[ch]
>>>> +           license:expat                         ; urcu/uatomic/*
>>>> +           ;; A few files use different variants of the MIT/X11 license.
>>>> +           (license:x11-style "file://LICENSE"
>>>> +                              "See LICENSE in the distribution for 
>>>> details.")))))
>>>
>>> It’s a case where it’d be enough to put lgpl2.1+ and gpl3+ IMO, since
>>> that’s what effectively applies to the resulting work.
>>
>> Is this also true for the source code archive itself? As an end user,
>> looking at the license list and deciding to `guix build -S`, I would
>> expect the contents to match what's in the package definition.
>>
>> Is this a distinction we should make? I.e. "source" license vs "product"
>> license. For Ceph, this would be the current license list in the first
>> instance and just lgpl2.1 and gpl2 for the built product.
>
> Thinking more about this, the "output license" for Ceph would include
> BSD-{2,3} as well (some erasure code stuff), but you catch my drift.
>
> It makes sense to focus on the license you accept by using the package,
> and mention whatever other source licenses that may be present as
> source code comments instead.

Sorry for spamming this discussion, but it's something that I haven't
seen discussed before and it's good to clarify a few of these points.

Ceph is also a prime example of a complex package covering lots of
licenses. Some of the ".so" files installed by Ceph are produced by
BSD-style code. However, they link to the main ceph libraries, which are
LGPL2.1. IIUC, LGPL2.1 "trumps" BSD here because of the strong copyleft.

Ceph also installs some erasure code ".so" files that do *not* link
against Ceph (as verified with readelf and ldd). They are covered by a
BSD-style license. These should then be mentioned separately, methinks,
because they are installed by this package and used by some of the
(L)GPL code.

Most of the Python libraries in Ceph are actually LGPL2.1+. These use
the main Ceph libraries, which are LGPL2.1 (no plus). AFAIU, the latter
still "wins", or should LGPL2.1+ be mentioned separately?

Please correct me if I'm wrong in any of these assumptions :-)

Perhaps the manual could be improved with a few clarification points,
although it's a complex issue that will vary on a case-by-case basis.

signature.asc
Description: PGP signature