On Mon, 30 May 2022 12:11:48 -0400 Tyler Dence <[email protected]> wrote:
> Perhaps, if it would ease mirror operator's minds (especially our > commercial partners), it might be wise to put a "readme.txt" or > "sources.txt" file in the root of the mirrored directory explaining > how/where one might obtain the sources? Yes, I think that would be wise. The GPLv3 allows pointing to another server where the sources can be obtained in order to fulfill the article 6 obligation. However, the GPLv2 does not seem to allow that, instead requiring a 'written offer' that would basically be a promise from the operator to anyone who obtains the compiled software from their mirror. They would promise to provide a copy of the source code to them at a later date, up to three years in the future. I can see some theoretical issues with that. In practice though, I have never heard of an open source mirror operator who has faced legal threads because they were mirroring GPL-licensed software. What would be even better of course is if more (preferably all) mirrors would start mirroring the source packages alongside the binary packages. As I said in my previous email, other Linux distributions do this too. A quick comment on those commercial partners you mention: it is not at all my intention to fearmonger Arch sponsors (or anyone contributing mirror capacity) into rethinking their involvement in this great community project. Sorry if it might seem this way :(
pgpGTRQsNvLLH.pgp
Description: OpenPGP digital signature
