Re: Question about multiple licenses

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about multiple licenses

From:	Ludovic Courtès
Subject:	Re: Question about multiple licenses
Date:	Sun, 10 Sep 2017 22:54:35 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Dave Love <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>
>> Dave Love <address@hidden> skribis:
>>
>>> Alex Vong <address@hidden> writes:
>>>
>>>> Based on the above general argument, I think we should list all the
>>>> licenses instead of just GPLv2+ since it would be inaccurate to say that
>>>> the whole program is under just GPLv2+.
>>>
>>> Indeed.  Not only do you need to list the licences (according to all
>>> "legal advice" I've seen for distributions), but normally also
>>> distribute the relevant licence texts, even for permissive licences if
>>> they require that (e.g. BSD).  I raised this recently, as it's not
>>> generally being done, so some Guix binary packages appear to be
>>> copyright-infringing.
>>
>> There’s no such thing as a “Guix binary package” though, which makes it
>> different from traditional distros.
>>
>> In Guix a package is a Scheme object that refers to the source and build
>> method of upstream software.
>
> Sure, but if you use guix pack and distribute the result, it seems
> clearly a copyright infringement, because even BSD requires
>
>   2. Redistributions in binary form must reproduce the above copyright
>      notice, this list of conditions and the following disclaimer in the
>      documentation and/or other materials provided with the distribution.

[...]

> Well, from what I know about copyright, that isn't the licence of glibc,
> which is the sum of all the licences involved, and you'd have to know
> how to find them if you didn't just unpack the tarball.  With pack
> output in a lot of cases you don't have the information.

Right, ‘guix pack’ makes things more complicated—although I would argue
that, contrary to Dockerfiles and the like (which nobody seems to
complain about), Guix makes it easier to do provenance tracking since
there’s an unambiguous source → binary mapping.

How do Debian and Fedora determine the relevant files to copy?  We could
investigate ways to do that, but it won’t scale unless we have a mostly
automated way to do it.

(It won’t scale to the size of Stackage, CPAN, Pypi, etc. either…)

Thoughts?

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Question about multiple licenses, Dave Love, 2017/09/01
- Re: Question about multiple licenses, Alex Vong, 2017/09/02
  - Re: Question about multiple licenses, Dave Love, 2017/09/07
- Re: Question about multiple licenses, Arun Isaac, 2017/09/03
- Re: Question about multiple licenses, Ludovic Courtès, 2017/09/04
  - Re: Question about multiple licenses, Dave Love, 2017/09/07
    - Re: Question about multiple licenses, Ludovic Courtès <=
    - Re: Question about multiple licenses, Alex Vong, 2017/09/11
    - Re: Question about multiple licenses, Andy Wingo, 2017/09/11
    - Re: Question about multiple licenses, Dave Love, 2017/09/12
    - Re: Question about multiple licenses, Dave Love, 2017/09/12

Prev by Date: Re: Please put the system-configuration into the image
Next by Date: Re: missing licence files and incomplete licence lists
Previous by thread: Re: Question about multiple licenses
Next by thread: Re: Question about multiple licenses
Index(es):
- Date
- Thread