From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id sCbwEKpsGmTqNwAASxT56A (envelope-from ) for ; Wed, 22 Mar 2023 03:49:14 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id MIj/EKpsGmSQcwAA9RJhRA (envelope-from ) for ; Wed, 22 Mar 2023 03:49:14 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 246663E76A for ; Wed, 22 Mar 2023 03:49:14 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1peoXA-0007Kh-Aq; Tue, 21 Mar 2023 22:49:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1peoX8-0007KV-I9 for guix-patches@gnu.org; Tue, 21 Mar 2023 22:49:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1peoX8-0002Zw-1a for guix-patches@gnu.org; Tue, 21 Mar 2023 22:49:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1peoX7-00029K-U0 for guix-patches@gnu.org; Tue, 21 Mar 2023 22:49:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61950] [PATCH] lint: Add 'copyleft' checker. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 22 Mar 2023 02:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61950 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Antero Mejr Cc: 61950@debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 61950-submit@debbugs.gnu.org id=B61950.16794533278237 (code B ref 61950); Wed, 22 Mar 2023 02:49:01 +0000 Received: (at 61950) by debbugs.gnu.org; 22 Mar 2023 02:48:47 +0000 Received: from localhost ([127.0.0.1]:33121 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1peoWt-00028l-9U for submit@debbugs.gnu.org; Tue, 21 Mar 2023 22:48:47 -0400 Received: from mail-qt1-f171.google.com ([209.85.160.171]:46676) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1peoWq-00028X-MT for 61950@debbugs.gnu.org; Tue, 21 Mar 2023 22:48:45 -0400 Received: by mail-qt1-f171.google.com with SMTP id c19so21158709qtn.13 for <61950@debbugs.gnu.org>; Tue, 21 Mar 2023 19:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679453319; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=hkrDKKaIeuyNPSzTDz8A4h0YcbIbUD+nWOWj0Hc+VhE=; b=cpz+yDZT9x+u855wtnlCFBUH6SjwBCma89M0x1z3SA4bS2pKsFIhq10emAzPcDm9kd Vfmi3QqXZJu+QK7//uQ8Q1NApPuM5xUAvSyfM/lTLCSnhyuVsio5vd2ynd3tSlPLdhpO 9kYg1niP978WK6Wb7DiurSVTuW3+ca99Tt15aXHPUf5Fe/zv5Ng7O7Qottcv2VKpxd5j DpnpZhnRQ/v9fewfiUHYKTCGNNRrNYR53sGeYCHf3c2j1WqBTB4gt0kV3LBth1A6CzzZ izkLpc7yDv7AdDIapyvfAYBbLF5o0GDf7dGRxVOeueGVHpw8FUXjva1pJOu5j6xWySLn Y3Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679453319; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hkrDKKaIeuyNPSzTDz8A4h0YcbIbUD+nWOWj0Hc+VhE=; b=NfO9H6ep3jB4H/uFXQ2qS/nSUqgktZj0gKIv5MQbOKx9UWxrR+saEJiLozNmJuB9UY bXG8L0BO1tDgFetWn7ofd0h9O/IpmDw96A4fNVHW6828PmQG9gP9vfSGNIGezOtkr1ZY seBCneVWhEGa66oPBsDiguhIlLxUdOMx0X+z5L7ol8Nc77cT9BtsW0c+WkXCLKls35zA q5QNvKxW61pVIxirh8dZNosoOO/xeBNmmBf/6F6UFQXJUlfaSyRLbFnTHCSXKlSIH7sf ySM/crD03eTxiSJ86/qEjPuz7DIA8wwjxz348jxH3YUL7NB98tfKCb7q1wDdKlzHD7bd RFzA== X-Gm-Message-State: AO0yUKVVbEYbDSUYyCLvP07OzNGVByIUiu+fhGyLyqfuh/IggzEcEbQ1 Wzb4socKii5j0t9cXmhKLIWMKJdyeFDp6A== X-Google-Smtp-Source: AK7set/nV5kWw5e4vAE+buE/5J3/d6SAFZ8KNAk096ZD8Xg9lC3Idyt5OUbHONH8Borr7n+0yO3/nA== X-Received: by 2002:ac8:57d1:0:b0:3bd:1a07:2086 with SMTP id w17-20020ac857d1000000b003bd1a072086mr3511743qta.36.1679453319000; Tue, 21 Mar 2023 19:48:39 -0700 (PDT) Received: from hurd (dsl-10-130-195.b2b2c.ca. [72.10.130.195]) by smtp.gmail.com with ESMTPSA id u17-20020ac87511000000b003db71ab93e2sm8475326qtq.66.2023.03.21.19.48.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Mar 2023 19:48:38 -0700 (PDT) From: Maxim Cournoyer References: <20230304041458.32761-1-antero@mailbox.org> <87lek9anaz.fsf@gnu.org> <87o7p5u7y2.fsf@mailbox.org> Date: Tue, 21 Mar 2023 22:48:37 -0400 In-Reply-To: <87o7p5u7y2.fsf@mailbox.org> (Antero Mejr's message of "Mon, 06 Mar 2023 16:21:02 +0000") Message-ID: <87iletijqy.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1679453354; a=rsa-sha256; cv=none; b=iJGNWthknxezXaQYof6ev2Xvlc6VQUcPzvzxrq9elnwDq2iGTCLwlepI/ij13TOKodnUGB ytHkUpYJJpXEJMqcCTGaZH4trf9zL8leMUVKky4MlR1Sa4NdlrGsbs2x9aYE8y/IiZivCZ LlLZ0jfwYTnEPONhj9qnfZ45HNeQiVqWcx0rmWv3KyK55xwQca6nfwiTBoWL4L2KlGppwF K90lzoK6PnIbdpZ+eL7StGmCPPAzEIneJ/EKnTfDUo3xp3CVOlEHkMssl+wuVS/qXdU7xp ooN0RZnDBv/N2M/ofhpnp7DhY28/wjtcE4XERKGbZkLWhFoEhd5Sk94TboMMDA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=cpz+yDZT; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1679453354; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=hkrDKKaIeuyNPSzTDz8A4h0YcbIbUD+nWOWj0Hc+VhE=; b=F6yGUyW0zLvEh8iWA+0ggOWjLRf7NIfOjZkYF+7MEQwCCt1kNXsm68wNOvR1acJoIDjJ5c vSlo12lgHU+gGWqvbl6NXPjK7Ymy4DDQWb/w8gmnq+hXc/Yk0KCEmCMgLqNcdBQWE/eyQ8 IpvUIYV1lOZkaARpRFDtnmZWG1OGhf4u+FhMgdeRXqH9Uz5FBQynQOFvvWqeLkBxsrj7xT BKsmTnglR4MqjjuwXKr/fpV3L0DkDcaNY6qJGTJbzoDlTI6DCBGhMOB1lwykuH3++9uzGz 16C/3eDMxzTNcCMEWGz0XGfquYMhwLa5Oobo1cButjA23FCnBa3v5p81Z4IIVA== X-Migadu-Spam-Score: 5.75 X-Spam-Score: 5.75 X-Migadu-Queue-Id: 246663E76A Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=cpz+yDZT; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn1.migadu.com X-TUID: 7ec7a0LS5teu Hello Antero, Antero Mejr writes: > Ludovic Court=C3=A8s writes: > >> 1. It=E2=80=99s entirely fine for, say, a BSD-3 package to link against >> Readline (GPLv3+). The combination is effectively GPLv3+, but >> that=E2=80=99s perfectly valid legally speaking. > > It's fine for FOSS packages, but if you have proprietary-licensed Guix > package where the code can't be open-sourced, bringing in a GPL > dependency is an issue. > > This copyleft linter goes along with the other patch where guix lint > exits 1. So you can do something like this in a CI pipeline: > > 'guix lint -c copyleft my-proprietary-package' > > to block developers from adding copyleft dependencies to a non-free packa= ge. I think that goes against the spirit of the GNU project: it's a tool that helps finding licensing concerns for proprietary software, with the end goal of weeding out GPL components. We may be better off if no such tool exists and more companies embrace the idea that is GPL instead of helping them spot GPL dependencies so they can rewrite them under some non-copyleft license. >> 2. It=E2=80=99s tempting to view devise a =E2=80=9Clicensing calculus= =E2=80=9D of sorts and >> automate assessments of licensing compatibility. However, I think >> it=E2=80=99s overestimating both law and our own licensing annotati= ons: how >> law applies in a specific case isn=E2=80=99t entirely clear until o= ne goes >> to court, and our =E2=80=98license=E2=80=99 fields fail to represen= t all the >> relevant nuances anyway (subcomponents having different licenses, >> dual/multiple licensing, etc.). > > True, this linter check is basic and would not constitute legal advice. > > It's more of a broad "software license auditing" sort of thing, > to allow engineers to do quick compliance checks. In my experience > it's useful for development in regulated applications of software. > > Thanks for the feedback, lmk what you think. I think I'd rather not see this tool in Guix, but I think it could live happily as a channel or as an extension. --=20 Thanks, Maxim