[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about multiple licenses
|
From: |
Alex Vong |
|
Subject: |
Re: Question about multiple licenses |
|
Date: |
Mon, 11 Sep 2017 19:29:03 +0800 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> Dave Love <address@hidden> skribis:
>
>> Ludovic Courtès <address@hidden> writes:
>>
>>> Dave Love <address@hidden> skribis:
>>>
>>>> Alex Vong <address@hidden> writes:
>>>>
>>>>> Based on the above general argument, I think we should list all the
>>>>> licenses instead of just GPLv2+ since it would be inaccurate to say that
>>>>> the whole program is under just GPLv2+.
>>>>
>>>> Indeed. Not only do you need to list the licences (according to all
>>>> "legal advice" I've seen for distributions), but normally also
>>>> distribute the relevant licence texts, even for permissive licences if
>>>> they require that (e.g. BSD). I raised this recently, as it's not
>>>> generally being done, so some Guix binary packages appear to be
>>>> copyright-infringing.
>>>
>>> There’s no such thing as a “Guix binary package” though, which makes it
>>> different from traditional distros.
>>>
>>> In Guix a package is a Scheme object that refers to the source and build
>>> method of upstream software.
>>
>> Sure, but if you use guix pack and distribute the result, it seems
>> clearly a copyright infringement, because even BSD requires
>>
>> 2. Redistributions in binary form must reproduce the above copyright
>> notice, this list of conditions and the following disclaimer in the
>> documentation and/or other materials provided with the distribution.
>
> [...]
>
>> Well, from what I know about copyright, that isn't the licence of glibc,
>> which is the sum of all the licences involved, and you'd have to know
>> how to find them if you didn't just unpack the tarball. With pack
>> output in a lot of cases you don't have the information.
>
> Right, ‘guix pack’ makes things more complicated—although I would argue
> that, contrary to Dockerfiles and the like (which nobody seems to
> complain about), Guix makes it easier to do provenance tracking since
> there’s an unambiguous source → binary mapping.
>
Does 'guix pack' currently included the source that uses to build the
pack? Will including the source signaficantly increases the size of the
pack? Or should we add a flag for building a "source pack"?
> How do Debian and Fedora determine the relevant files to copy? We could
> investigate ways to do that, but it won’t scale unless we have a mostly
> automated way to do it.
>
> (It won’t scale to the size of Stackage, CPAN, Pypi, etc. either…)
>
> Thoughts?
>
> Ludo’.
signature.asc
Description: PGP signature