Adding licensing info to my ports: some questions
gtodd at bellanet.org
Wed Jan 18 21:35:02 UTC 2012
On 01/18/2012 04:34, Johan van Selst wrote:
> Nikola Lečić wrote:
>> Anyway, it wasn't clear from the bsd.licenses.mk that we should
>> use 'multi' in situations of 'any later version'. This means that
>> all licensing info of eg. GPL2+ ports must be updated when GPL4
> No, we should not use this. Not just because of the potential of
> having to check and correct every port when GPLv4 appears. In my
> book, "licenced under GPLv2 or GPLv3" is something fundamentally
> different from "licenced under GPLv2 or any later version". The
> licence framework should be able to make this distinction.
> Another issue is that the licence infrastructure seems to be making
> statements about the licence of an application, while the committers
> only tend to look at individual source packages. What would be the
> licence of an application whose source is published under BSD
> licence, but that is linked with both GPv3 and OpenSSL-libraries?
> I tend to agree with Doug and others that it is probably better to
> scrap the entire idea. Making assertions about licences and what is
> accepted is a hairy field, best left to experts.
I hope this effort is not completely abandoned since it does seem to
offer an easy way to get a general sense of the license status of a
system, jail or vm. What about a more explicitly "passive" approach that
does not make assertions about an application's overall license (c.f.
linking issues) or the user's acceptance but just makes such license
files as do exist easier to find?
If such a simple "license tracking" feature is useful (even if not
suitable for management, compliance, budgeting, license acceptance and
the like) then something that would grab the locations of license
documents in a port's source files and copies the relevant files into a
default license location /usr/local/share/licenses/<port>/ would be
enough. Would this ports knob feature (LICENSE_<>=) disappear if the
project were scrapped?
I doubt this simpler approach would be "ITIL compliant" ;) but since
that is not a goal and the bulk of anything to do with licenses involves
lawyers anyway, the ports/pkg system should probably try to do as little
as possible regarding claims and interpretation. Surely keeping copies
of licenses in an easy to find location doesn't equate to making any
legal claim ? NB: I am not a lawyer :)
ls -1 /usr/local/share/licenses/*/LICENSE | wc -l
ls -1 /usr/local/share/licenses/*/* | grep -E "MIT|BSD" |wc -l
ls -1 /usr/local/share/licenses/*/* | grep -E "LGPL*|GPL*" |wc -l
Of course, the above system has 1200 ports installed so there's a ways
to go before one could say tracking was happening :)
More information about the freebsd-ports