License info Q
Mark Felder
feld at FreeBSD.org
Thu Nov 19 15:35:05 UTC 2015
On Wed, Nov 18, 2015, at 04:48, Fabian Keil wrote:
> Roger Marquis <marquis at roble.com> wrote:
>
> > I need to get license info from a batch of ports and packages.
> >
> > Problem is not all the specified ports/pkgs are installed or have license
> > info in their Makefile. Is there a reliable way to enumerate port or
> > package license strings, preferably without fetching a package tarfile?
>
> No. Also note that the "license information" in the Makefiles is often
> misleading[1] and thus not particular useful if you actually care about
> license compliance.
>
> Unfortunately reporting incorrect license information seems to be
> a waste of time so things are unlikely to improve any time soon:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195807
>
> Fabian
I spent a *lot* of time trying to correct the BSD licenses to be BSD2
BSD3 or BSD4CLAUSE. I did an /ok/ job. It was a super pain. My
conclusion is that we need to be very careful getting the licenses
defined correctly, but even then we cannot make any promises they are
correct. You can only license files, not "projects", so a license on a
port should be considered "best effort guidance" and not a promise of
accuracy.
If you are doing something that actually requires you to get licensing
information correct the only approach is to roll up your sleeves and
look at each software manually. Consider trying to play with Apache RAT
as well which -- rumor has it -- can do a decent job of programmatically
detecting licenses.
http://blog.feld.me/posts/2014/12/bsd-license-audit/
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the freebsd-ports
mailing list