[Bug 224526] [security][feature suggestion] Closed source binaries need to be labeled in ports, and explicitly allowed by users

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224526

Jan Beich <jbeich at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jbeich at FreeBSD.org

--- Comment #1 from Jan Beich <jbeich at FreeBSD.org> ---
Licensing framework already provides something similar via
LICENSES_GROUPS_ACCEPTED=OSI. Maybe the default license should be NONE (added
by review D7816). Binary blobs are often not allowed to be redistributed at
all, comercially or in different packaging. FreeBSD mirroring and CD/DVD media
relies on redistribution. If NONE for old ports is too restrictive maybe a
pre-commit hook to disallow *new* ports without LICENSE defined would be
better.

(In reply to Yuri Victorovich from comment #0)
> One other such port is security/1password-client.

Just mark it as LICENSE=NONE or RESTRICTED=yes until maintainer documents
redistribution agreement with the vendor. Also, an open source client exists -
https://www.icculus.org/1pass/

(In reply to Yuri Victorovich from comment #0)
> All linux ports should be labeled with
> CONTAINS_CLOSED_SOURCE_BINARY=yes, because they generally contain
> binaries.

linux-* infra ports have their source publically available (required by GPL,
see SRC_DISTFILES). Another example: emulators/i386-wine*, misc/compat*x or
www/nspluginwrapper.

-- 
You are receiving this mail because:
You are on the CC list for the bug.