Ed W wrote: > Hi, how do others handle open source licence compliance when building > some base system using gentoo?
Review the packages that get built, and adhere to their licenses. It can be a fair bit of work. > In particular I guess simply capturing the ebuilds is not sufficient > and it's necessary to capture and distribute all the source and > patch files used to create a build. How do you build your system? If you use catalyst, the open source gold standard citizen publishes spec files, snapshot, toolchain and toolchain source. > The emerge tool doesn't obviously give a way to capture this stuff. First step is to analyze licenses. emerge does know the license for a package, and it is available in /var/db/pkg/ after install. > I looked in the eclasses, particularly the epatch file and I'm not > clear that I can easily hook into that. If you have patches which use a different license than the package they modify then you have more work to do. Portage doesn't help here. A good start would be to add record of all patches applied by emerge. Indeed add it into the epatch command. > Whilst the above is largely targeting GPL type licences, are there > other things I should consider for other licences? Yes. You obviously need to adhere to all licenses used by the packages in your system. :) > Other things I need to ensure I distribute for GPL? Read the licenses, really. > Any pointers to (simple) documentation on how one can be a > compliant open source citizen..? It's not simple. You have to learn the requirements of each license and see if and how they allow themselves to be combined. There are businesses doing exactly that. If you want to DIY I think you just have to start by reading the licenses. You may or may not want an IP lawyer sitting beside you while doing it. //Peter
