ludo@gnu.org (Ludovic Courtès) writes: > Dave Love skribis: > >> Ludovic Courtès writes: >> >>> Dave Love skribis: >>> >>>> Alex Vong writes: >>>> >>>>> Based on the above general argument, I think we should list all the >>>>> licenses instead of just GPLv2+ since it would be inaccurate to say that >>>>> the whole program is under just GPLv2+. >>>> >>>> Indeed. Not only do you need to list the licences (according to all >>>> "legal advice" I've seen for distributions), but normally also >>>> distribute the relevant licence texts, even for permissive licences if >>>> they require that (e.g. BSD). I raised this recently, as it's not >>>> generally being done, so some Guix binary packages appear to be >>>> copyright-infringing. >>> >>> There’s no such thing as a “Guix binary package” though, which makes it >>> different from traditional distros. >>> >>> In Guix a package is a Scheme object that refers to the source and build >>> method of upstream software. >> >> Sure, but if you use guix pack and distribute the result, it seems >> clearly a copyright infringement, because even BSD requires >> >> 2. Redistributions in binary form must reproduce the above copyright >> notice, this list of conditions and the following disclaimer in the >> documentation and/or other materials provided with the distribution. > > [...] > >> Well, from what I know about copyright, that isn't the licence of glibc, >> which is the sum of all the licences involved, and you'd have to know >> how to find them if you didn't just unpack the tarball. With pack >> output in a lot of cases you don't have the information. > > Right, ‘guix pack’ makes things more complicated—although I would argue > that, contrary to Dockerfiles and the like (which nobody seems to > complain about), Guix makes it easier to do provenance tracking since > there’s an unambiguous source → binary mapping. > Does 'guix pack' currently included the source that uses to build the pack? Will including the source signaficantly increases the size of the pack? Or should we add a flag for building a "source pack"? > How do Debian and Fedora determine the relevant files to copy? We could > investigate ways to do that, but it won’t scale unless we have a mostly > automated way to do it. > > (It won’t scale to the size of Stackage, CPAN, Pypi, etc. either…) > > Thoughts? > > Ludo’.