Hi, Nguyễn Gia Phong <[email protected]> writes:
[...] > It wouldn't apply to unused examples, but if a (commonly referred to as) > GPL-licensed work include some files or snippet under Expat, > redistribution of such work still need to comply > with the attribution clause of the Expat license > (there must be a copy of the license text etc.). I don't think it matters whether we exhaustively mention all the licenses in the 'license' metadata field of a package for legal reasons; to comply with attribution clauses and other requirements: the source we distribute satisfies should satisfy these alone. > I don't think the end-users are (legally) concerned > with free software licenses, so I've been associating > the package-license field with redistributors (e.g. cache servers, > developers running guix pack). For them/me/us, something > like an SBOM (REUSE.toml-like) declaration would be more useful. Yes, I don't think we should treat the 'license' field as the exhaustive listing of all licenses that may be used in the source of a software (like a Debian 'copyright' file might define; for example their 'git' package lists all these licenses: gpl2, gpl2+, zlib, expat, bsd-3, lgpl2.1+, isc, mingw-runtime, boost, dlmalloc, apache2.0, edl1.0 [0]). I think we can probably agree that seeing all these listed in the 'license' field of our git package would dilutes its usefulness, when the main/effective license of the git project is gpl2. [0] https://repo.or.cz/git/debian.git/blob/refs/heads/debian-stable:/debian/copyright -- Thanks, Maxim
