From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: License auditing
Date: Thu, 04 Aug 2016 16:23:04 +0200
Message-ID: <87eg64vcjb.fsf@gnu.org>
References: <CAL1_im=8gC_Dq4YYn6vstB=vq6VPWPRvp65MgSedUiHYkO29DQ@mail.gmail.com>
	<20160803180342.GA11621@jasmine> <87poppy47o.fsf@gnu.org>
	<1470258703.2769072.685294401.7618CBA4@webmail.messagingengine.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47461)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1bVJYX-0002CR-Mm
	for guix-devel@gnu.org; Thu, 04 Aug 2016 10:23:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1bVJYS-0002oe-Ga
	for guix-devel@gnu.org; Thu, 04 Aug 2016 10:23:28 -0400
In-Reply-To: <1470258703.2769072.685294401.7618CBA4@webmail.messagingengine.com>
	(Alex Griffin's message of "Wed, 03 Aug 2016 16:11:43 -0500")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Alex Griffin <a@ajgrf.com>
Cc: guix-devel <guix-devel@gnu.org>, David Craven <david@craven.ch>

Hi,

Alex Griffin <a@ajgrf.com> skribis:

> On Wed, Aug 3, 2016, at 03:42 PM, Ludovic Court=C3=A8s wrote:
>> However, in Guix we encode such cases as =E2=80=98gpl3+=E2=80=99 (or sim=
ilar), rather
>> than =E2=80=98gpl1+=E2=80=99.
>
> That seems wrong and confusing.

Strictly speaking it=E2=80=99s wrong, but I think it better reflects the in=
tent
of the authors (I think authors who throw a GPLv3 =E2=80=98COPYING=E2=80=99=
 file without
bothering to add file headers probably think that GPLv3 and maybe later
versions apply, but not previous versions.)

> It means that if I'm writing a GPLv2 program, for example, then I
> cannot rely on Guix to search for legally compatible libraries to
> use. It also means we cannot implement a tool to automatically flag
> Guix package dependencies for possible license violations.

I suppose many package violations could be detected using Guix, but
you=E2=80=99re right that subtle cases like this one can go undetected.

In the end, we=E2=80=99re talking about legal documents whose interpretation
isn=E2=80=99t as formal as we would like.  So I suspect that no single tool=
 can
provide what you want=E2=80=94there is no =E2=80=9Clicense calculus=E2=80=
=9D.  Tools like
Fossology go a long way, but AFAIK they are no substitute for proper
manual auditing.

Thanks,
Ludo=E2=80=99.