From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Question about multiple licenses Date: Sun, 10 Sep 2017 22:54:35 +0200 Message-ID: <87zia246lw.fsf@gnu.org> References: <681c721c.AEQAPExWoDUAAAAAAAAAAAOtZhgAAAACwQwAAAAAAAW9WABZoSX-@mailjet.com> <87mv6kj7i7.fsf@gmail.com> <873786zlsb.fsf@albion.it.manchester.ac.uk> <87h8wiy0ic.fsf@gnu.org> <874lseqy4m.fsf@albion.it.manchester.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47827) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dr9Fa-0006dC-J7 for guix-devel@gnu.org; Sun, 10 Sep 2017 16:54:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dr9FZ-0006zC-NP for guix-devel@gnu.org; Sun, 10 Sep 2017 16:54:42 -0400 In-Reply-To: <874lseqy4m.fsf@albion.it.manchester.ac.uk> (Dave Love's message of "Thu, 07 Sep 2017 17:20:09 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Dave Love Cc: guix-devel@gnu.org Dave Love skribis: > Ludovic Court=C3=A8s writes: > >> Dave Love skribis: >> >>> Alex Vong writes: >>> >>>> Based on the above general argument, I think we should list all the >>>> licenses instead of just GPLv2+ since it would be inaccurate to say th= at >>>> the whole program is under just GPLv2+. >>> >>> Indeed. Not only do you need to list the licences (according to all >>> "legal advice" I've seen for distributions), but normally also >>> distribute the relevant licence texts, even for permissive licences if >>> they require that (e.g. BSD). I raised this recently, as it's not >>> generally being done, so some Guix binary packages appear to be >>> copyright-infringing. >> >> There=E2=80=99s no such thing as a =E2=80=9CGuix binary package=E2=80=9D= though, which makes it >> different from traditional distros. >> >> In Guix a package is a Scheme object that refers to the source and build >> method of upstream software. > > Sure, but if you use guix pack and distribute the result, it seems > clearly a copyright infringement, because even BSD requires > > 2. Redistributions in binary form must reproduce the above copyright > notice, this list of conditions and the following disclaimer in the > documentation and/or other materials provided with the distribution. [...] > Well, from what I know about copyright, that isn't the licence of glibc, > which is the sum of all the licences involved, and you'd have to know > how to find them if you didn't just unpack the tarball. With pack > output in a lot of cases you don't have the information. Right, =E2=80=98guix pack=E2=80=99 makes things more complicated=E2=80=94al= though I would argue that, contrary to Dockerfiles and the like (which nobody seems to complain about), Guix makes it easier to do provenance tracking since there=E2=80=99s an unambiguous source =E2=86=92 binary mapping. How do Debian and Fedora determine the relevant files to copy? We could investigate ways to do that, but it won=E2=80=99t scale unless we have a mo= stly automated way to do it. (It won=E2=80=99t scale to the size of Stackage, CPAN, Pypi, etc. either=E2= =80=A6) Thoughts? Ludo=E2=80=99.