Dave Love <fx@gnu.org> writes:

> Indeed.  Not only do you need to list the licences (according to all
> "legal advice" I've seen for distributions), but normally also
> distribute the relevant licence texts, even for permissive licences if
> they require that (e.g. BSD).  I raised this recently, as it's not
> generally being done, so some Guix binary packages appear to be
> copyright-infringing.
>
Yes, I think Debian has a /usr/share/doc/PKG/copyright file for each
package PKG. Also, it includes the /usr/share/common-licenses/
directory, so that those copyright files can refer to the common
licenses without copying them verbatimly.

>> Also, in this particular case, since ASL2.0 is incompatible with GPLv2,
>> we actually need to take advantage of the "or later" clause, and
>> "upgrades" it to "GPLv3+". Listing the license as GPLv2+ would confuse
>> the user that GPLv2 covers the program, but in fact it is "effectively"
>> GPLv3.
>
> This possibly depends on whether the licence information refers to the
> source or binary package.  Fedora explicitly says binary, for instance.
>
I am unaware of this distinction. Maybe a website explaining this would
be helpful.

> For what it's worth, the information for Fedora and Debian packagers is
> <https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License:_field>
> and
> <https://www.debian.org/doc/debian-policy/index.html#copyright-debian-copyright>.
> They're not necessarily consistent, and things may be somewhat different
> for GNU, but they provide a reasonable indication of the legalities.

I think we should improve the status quote by documenting the license
accurately in the license field. What do you think?