From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.devel Subject: Re: non-gnu elpa issue tracking Date: Thu, 10 Dec 2020 02:58:57 +0300 Message-ID: References: <20201209125516.lenqswi7fhiscbr2@E15-2016.optimum.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="7796"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0 (3d08634) (2020-11-07) Cc: Boruch Baum , Emacs-Devel List To: Stefan Kangas Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Dec 10 09:34:04 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1knHOl-0001vA-Qm for ged-emacs-devel@m.gmane-mx.org; Thu, 10 Dec 2020 09:34:03 +0100 Original-Received: from localhost ([::1]:52528 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1knHOk-0001C3-MO for ged-emacs-devel@m.gmane-mx.org; Thu, 10 Dec 2020 03:34:02 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:34858) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1knHND-0007uV-K3 for emacs-devel@gnu.org; Thu, 10 Dec 2020 03:32:27 -0500 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:34095) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1knHN9-0007Rh-J6 for emacs-devel@gnu.org; Thu, 10 Dec 2020 03:32:26 -0500 Original-Received: from localhost ([::ffff:41.202.241.31]) (AUTH: PLAIN securesender, TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 000000000001E525.000000005FD1DD14.000012BE; Thu, 10 Dec 2020 01:32:20 -0700 Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -3 X-Spam_score: -0.4 X-Spam_bar: / X-Spam_report: (-0.4 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:260633 Archived-At: * Stefan Kangas [2020-12-10 00:48]: > MELPA requires a "GPL compatible license", according to > > https://github.com/melpa/melpa/blob/master/CONTRIBUTING.org That does not matter really. It is not specific and software is distributed from various authors without license or notice about where is license located. Author could still hypothetically say, no, I did not give you the software and it is clear there was no license. But there was Copyright sign that it was reserved. Very clear. And that packages are distributed without license from MELPA also shows that there is no clear policy. Reference: https://www.gnu.org/licenses/license-list.html#NoLicense It is mind bending. Even if they require from authors GPL compatible license, nothing prevents MELPA to distribute proprietary software. I know it is improbable intention, but that can happen. Case that software have been conveyed from MELPA to users without license is already legally serious issue. Practically less. But we have to look at legal view points. I know it is confusing and that practically all of those authors do make free software. But without explicitly given license it is not free. Additinally, the claim that MELPA requires GPL compatible license is fine but not proven to factually be so for all packages. In other words one cannot rely on MELPA to do the proper legal verification. We have Linux kernel that was meant to be free and requires GPL code but it is not free really due to inclusion of those proprietary blobs. Then we have for similar reason fully free GNU/Linux operating systems endorsed by FSF on www.gnu.org Among them, several have their tracking systems where developers inspect what is free, what is not free, and may exclude software for reasons of freedom or non-conclusive licenses. Example is pip Python package manager that includes many UNKNOWN licenses. That is non-free and such package cannot drive people to non-free software and is excluded from some of those OS-es. So if you find some package on MELPA and there is no license, then maybe there is license in the original package and headers and package need to be improved, so it is better looking into their original repositories. It can be that MELPA changed some packages or did not take the license properly.