From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alex Vong <alexvong1995@gmail.com>
Subject: Re: Question about multiple licenses
Date: Mon, 11 Sep 2017 19:29:03 +0800
Message-ID: <87lglliidc.fsf@gmail.com>
References: <681c721c.AEQAPExWoDUAAAAAAAAAAAOtZhgAAAACwQwAAAAAAAW9WABZoSX-@mailjet.com>
	<87mv6kj7i7.fsf@gmail.com> <873786zlsb.fsf@albion.it.manchester.ac.uk>
	<87h8wiy0ic.fsf@gnu.org> <874lseqy4m.fsf@albion.it.manchester.ac.uk>
	<87zia246lw.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51051)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alexvong1995@gmail.com>) id 1drMu3-0000ID-OG
	for guix-devel@gnu.org; Mon, 11 Sep 2017 07:29:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alexvong1995@gmail.com>) id 1drMu0-0000Ro-HO
	for guix-devel@gnu.org; Mon, 11 Sep 2017 07:29:23 -0400
In-Reply-To: <87zia246lw.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Sun, 10 Sep 2017 22:54:35 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org, Dave Love <fx@gnu.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> Dave Love <fx@gnu.org> skribis:
>
>> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>>
>>> Dave Love <fx@gnu.org> skribis:
>>>
>>>> Alex Vong <alexvong1995@gmail.com> writes:
>>>>
>>>>> Based on the above general argument, I think we should list all the
>>>>> licenses instead of just GPLv2+ since it would be inaccurate to say t=
hat
>>>>> the whole program is under just GPLv2+.
>>>>
>>>> Indeed.  Not only do you need to list the licences (according to all
>>>> "legal advice" I've seen for distributions), but normally also
>>>> distribute the relevant licence texts, even for permissive licences if
>>>> they require that (e.g. BSD).  I raised this recently, as it's not
>>>> generally being done, so some Guix binary packages appear to be
>>>> copyright-infringing.
>>>
>>> There=E2=80=99s no such thing as a =E2=80=9CGuix binary package=E2=80=
=9D though, which makes it
>>> different from traditional distros.
>>>
>>> In Guix a package is a Scheme object that refers to the source and build
>>> method of upstream software.
>>
>> Sure, but if you use guix pack and distribute the result, it seems
>> clearly a copyright infringement, because even BSD requires
>>
>>   2. Redistributions in binary form must reproduce the above copyright
>>      notice, this list of conditions and the following disclaimer in the
>>      documentation and/or other materials provided with the distribution.
>
> [...]
>
>> Well, from what I know about copyright, that isn't the licence of glibc,
>> which is the sum of all the licences involved, and you'd have to know
>> how to find them if you didn't just unpack the tarball.  With pack
>> output in a lot of cases you don't have the information.
>
> Right, =E2=80=98guix pack=E2=80=99 makes things more complicated=E2=80=94=
although I would argue
> that, contrary to Dockerfiles and the like (which nobody seems to
> complain about), Guix makes it easier to do provenance tracking since
> there=E2=80=99s an unambiguous source =E2=86=92 binary mapping.
>
Does 'guix pack' currently included the source that uses to build the
pack? Will including the source signaficantly increases the size of the
pack? Or should we add a flag for building a "source pack"?

> How do Debian and Fedora determine the relevant files to copy?  We could
> investigate ways to do that, but it won=E2=80=99t scale unless we have a =
mostly
> automated way to do it.
>
> (It won=E2=80=99t scale to the size of Stackage, CPAN, Pypi, etc. either=
=E2=80=A6)
>
> Thoughts?
>
> Ludo=E2=80=99.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlm2c4AACgkQxYq4eRf1
Ea4YZg/+IspSf7zeAJ/+4fcppPCUADokkm5cI5W4yRvewxAQEx9HgIbPE4BfAqdv
fAnOo5qrAgRmBMkKrAP1+oMTuwXJ5kbo3UPXnfF5JHwPHyNtFTprxyq6vOe1F07M
TgykY8Ir6kOIiYFMaS7VL+jxgJYNMi5DVWQ7hg0Ac59r0SiM++A+/QiilNIdyle9
f0DvTECGrEndIo5IOF+SaDHjujVt9IB2D4rrjBnJesUwfqV1PgBlcpZvKGm1VYNP
txfemkNI/gMem8PUAn3GPerEeQIeEwdau27Z2PQ6Ynh18RIWUePg2waOsIpOahJa
EadZca9aPVa2FlRQ7033KeIq2Hy0kAD8R3AkqRx2jtmOwh6yHM4YIH76TE6AZ7u/
Bdk4AqfJoo+YA5G9AOzbx74KEvcCpgU4k1+BRlyJA9Ue+p1pG5+drUGXusNdRKo+
hSEp12kslCPVGh8Dqp2diBZDY8AsMv2QWvVmmCmUERx8/qrc88t/zgEXlkGXkDTS
KEBPwgYpWNM7eGk9Xz6SNo5VXcplrxlHWJDkHrkMl8ujrp6i0UW2V1hdiMHmK3pa
Ygt+kqhivOdI/ejennvvR0RG3kd//fKqlNYaDClZIQaNxXBTsU4nhwXJ5XW0MmEL
OTdZlUgyw8qVXEcZ4qQdPBU+kUwH4nR2jSaxIoknzfMrEGtzpd4=
=FHUe
-----END PGP SIGNATURE-----
--=-=-=--