>>>>> On Wed, 11 Mar 2026, Michael Orlitzky wrote: > Setting LICENSE="dubious $LICENSE" would indicate that there is enough > obvious LLM use that the license cannot be trusted, even if we don't > have a copy of the victims on our bookshelves to point to. The need > for every license in $LICENSE to be in $ACCEPT_LICENSE maps this > nicely onto the UI in my opinion.
So LICENSE="dubious" would imply mirror and bindist restrictions? If we have strong indications that a package violates sombody else's copyright, then we must not distribute the package at all. At least not if we want to stay on the safe side, legally. (And I wonder if any developer would actually add an ebuild for such a package.) Otherwise, our LICENSE variable is pretty much based on trust. So if we've done our due diligence then we list what is provided by upstream. Because it is (and always was) impossible to trace the origin of every line of the source code in detail. Ulrich
signature.asc
Description: PGP signature
