Hi Maxim, On 2026-05-26 at 17:38+09:00, Maxim Cournoyer wrote: > Nguyễn Gia Phong <[email protected]> writes: > > redistribution of [a package including some files > > or snippet under Expat] must [include] the license text etc. > > I don't think it matters whether we exhaustively mention all the > licenses in the 'license' metadata field of a package for legal reasons; > to comply with attribution clauses and other requirements: the source we > distribute satisfies should satisfy these alone.
I don't think it is done for legal reason either, but rather informative. The question now becomes, informative to whom? On 2026-05-26 at 17:38+09:00, Maxim Cournoyer wrote: > Nguyễn Gia Phong <[email protected]> writes: > > I've been associating the package-license field with redistributors. > > For them/me/us, something like an SBOM (REUSE.toml-like) declaration > > would be more useful. > > Yes, I don't think we should treat the 'license' field > as the exhaustive listing of all licenses that may be used > in the source of a software (like a Debian 'copyright' file > might define [...]). I think we can probably agree > that seeing all these listed in the 'license' field > of our git package would dilutes its usefulness, > when the main/effective license of the git project is gpl2. Though I'd agree that Git as a whole is copyleft, saying the license of Git is GPLv2 is technically incorrect IMHO. If the license field for git should be gpl2.0, package-license should be documented as license(s) the package is published under, in whole or part, listed in some certain order (?). Best wishes, Phong
