From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id kDtgBocdBmTLKAAASxT56A (envelope-from ) for ; Mon, 06 Mar 2023 18:06:15 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 0KdoBocdBmTInQAAauVa8A (envelope-from ) for ; Mon, 06 Mar 2023 18:06:15 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DF27E902A for ; Mon, 6 Mar 2023 18:06:14 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pZEHk-0001nw-Ju; Mon, 06 Mar 2023 12:06:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pZEHi-0001hi-LZ for guix-patches@gnu.org; Mon, 06 Mar 2023 12:06:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pZEHi-00031j-6H for guix-patches@gnu.org; Mon, 06 Mar 2023 12:06:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pZEHi-0006Dw-20 for guix-patches@gnu.org; Mon, 06 Mar 2023 12:06:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61950] [PATCH] lint: Add 'copyleft' checker. Resent-From: Antero Mejr Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 06 Mar 2023 17:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61950 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 61950@debbugs.gnu.org, Antero Mejr Received: via spool by 61950-submit@debbugs.gnu.org id=B61950.167812234323900 (code B ref 61950); Mon, 06 Mar 2023 17:06:02 +0000 Received: (at 61950) by debbugs.gnu.org; 6 Mar 2023 17:05:43 +0000 Received: from localhost ([127.0.0.1]:43521 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pZEHP-0006DQ-40 for submit@debbugs.gnu.org; Mon, 06 Mar 2023 12:05:43 -0500 Received: from mout-p-201.mailbox.org ([80.241.56.171]:41150) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pZEHM-0006D7-EU for 61950@debbugs.gnu.org; Mon, 06 Mar 2023 12:05:42 -0500 Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4PVlMJ6kfFz9sSZ; Mon, 6 Mar 2023 18:05:32 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1678122332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kU0a15NHUfbsSZYxEbY6cJQ8UMUxpWmDt4q0V5FerUg=; b=m376yAZ8WUs0miAj4ywIyb95cx6cPt5dbfl2yHalsS55Kd/fXOhdNHilFm0mObeEn7zFKa RKzRABOXBRSUOJEQ1Xv5PmPTCCj/ndatsK7vvBacMfErjH9l9Aq3FikrNzDrzxo6NXyee6 5+8ZZ+NhyIhF8dW1cDuyHBjWpb38rA630wyO0V0LjDdp4uq6b03jynE46VCecpk5U7/2FB uU9c5wiO8Jahd3rlpLng07xGeCVOh65O7kRlcRmx6U00CNLxfXe0NTPFUmML3FJ6Z/lxXL IxvRe+EDPx8cZVZFW6E39jLk6lSdrepWsvhduOtne0aqOvqbesgHmvEL1upCcQ== References: <20230304041458.32761-1-antero@mailbox.org> <87lek9anaz.fsf@gnu.org> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1678122330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kU0a15NHUfbsSZYxEbY6cJQ8UMUxpWmDt4q0V5FerUg=; b=j8xEZ0mYml0RPpGPj1PskVRejNTqIvFz3pduHStHORejPLjnw65mynJKr6O9IOZYUuZCa2 RkO9mYsHVb1fgwdl68iClVnvyyFTkSulAEwqDrQHrnb/IQ2lJqVSGcObc3+Vdv7Wq4zrXP eTi51gJm3v1SjR0Y65d0+pVgBjnsF1WaADCr/8DPfWfr3XfQLPdVK3o+vi3I9SCoWZVmn0 dRo3p1s05X+CF+mKJA3sT9qwxL9Psn9PD38i2Wfe2BWfR54iA7LwNw047MHkkHjLWkf7bA btHNhvB6AAbS6bzG666RNFSun2Fcu5GceX4I2B2eN8g8kXOJmJfNeL44t3Dotw== Date: Mon, 06 Mar 2023 16:21:02 +0000 In-reply-to: <87lek9anaz.fsf@gnu.org> Message-ID: <87o7p5u7y2.fsf@mailbox.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-MBO-RS-META: kk1hkiijgm8p99pgzdaatyfbmksngwje X-MBO-RS-ID: b0a74fb2c43bc7eb859 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Antero Mejr X-ACL-Warn: , Antero Mejr via Guix-patches From: Antero Mejr via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-TUID: 3fH72+e0L+3h Ludovic Court=C3=A8s writes: > 1. It=E2=80=99s entirely fine for, say, a BSD-3 package to link against > Readline (GPLv3+). The combination is effectively GPLv3+, but > that=E2=80=99s perfectly valid legally speaking. It's fine for FOSS packages, but if you have proprietary-licensed Guix package where the code can't be open-sourced, bringing in a GPL dependency is an issue. This copyleft linter goes along with the other patch where guix lint exits 1. So you can do something like this in a CI pipeline: 'guix lint -c copyleft my-proprietary-package' to block developers from adding copyleft dependencies to a non-free package. > 2. It=E2=80=99s tempting to view devise a =E2=80=9Clicensing calculus= =E2=80=9D of sorts and > automate assessments of licensing compatibility. However, I think > it=E2=80=99s overestimating both law and our own licensing annotatio= ns: how > law applies in a specific case isn=E2=80=99t entirely clear until on= e goes > to court, and our =E2=80=98license=E2=80=99 fields fail to represent= all the > relevant nuances anyway (subcomponents having different licenses, > dual/multiple licensing, etc.). True, this linter check is basic and would not constitute legal advice. It's more of a broad "software license auditing" sort of thing, to allow engineers to do quick compliance checks. In my experience it's useful for development in regulated applications of software. Thanks for the feedback, lmk what you think.