On Sat, 9 Feb 2019 15:35:38 -0500 Luke <g...@hyperbola.info> wrote: > I would also like to see an updated audit of the code to ensure that > the licensing issues mentioned previously have been fully resolved. > There are still quite a number of open license bugs on their bug > tracker: > https://bugs.chromium.org/p/chromium/issues/list?can=2&q=licensecheck As I understand this points out files that don't have copyright headers.
In general I don't know if it makes sense to review each files for copyright information or not. When adding new packages, I usually still do some basic checks to understand what the precise license is, as a GPLv2-only file will then make the combined work GPLv2-only. I'm also assuming that files lacking a licenses statements defaults to the project license. I also check for known potential issues like nonfree firmwares and such when applicable. Is that enough or am I supposed to do more checks? However given the amount of projects that were combined into such browsers it would at least make sense to make sure that the licenses of each projects are compatible with each others. In the past[2], there was even a combination of the 4-clause BSD license with the LGPLv2. I'm not familiar enough with the LGPL licenses family, was that compatible? The 4-clause BSD license now seem gone[2], however there is still a combination of the Apache 2.0 license with one GPL-2.0 only license for jquery.hotkeys.js. Is the combination of the files covered by the GPLv2-only and the Apache2 not considered a combined work in that case? Also some files/projects are under the LGPLv2.1 while some other are under the Apache2 license. Is that compatible? What is the combined license of such browsers? Note that I personally don't want to use the chromium browser to browser the web, however as a lot of packages depend on qt5-webengine, it would be nice to fix this issue in order not to stop being able to use theses packages. In some cases qt5-webengine may be used to access local resources like documentation, so if some of the nasty features like DRM are removed, and that it is not used to access resources over the Internet, as I understand, there would not be any privacy harm. References: ----------- [1]https://bugs.chromium.org/p/chromium/issues/attachmentText?aid=95103 [2]https://metadata.ftp-master.debian.org/changelogs/main/c/chromium-browser/chromium-browser_70.0.3538.110-1_copyright Denis.
pgp_7G6m22RlB.pgp
Description: OpenPGP digital signature