Wolfgang Wiedmeyer <w...@wiedmeyer.de> writes: > The last weeks I was successful in getting rid of prebuilt binaries from > the source. I could build the necessary GCC/LLVM and jack/jill > toolchains from source and reduce the general amount of prebuilt > binaries by also replacing them with software that already comes with > Debian. I did not yet have the time to include all of this in my > public repositories, though.
Yay! > While working on this, some questions came up, which I want to ask the free > software experts on this list. A lot of this prebuilt binaries are > accompanied with very little or not easy accessible information and I am > wondering if this is enough to be compliant with free software licences. It depends on the license. For BSD licensed code, I don't believe you have to include source code or build instructions if you ship a binary. For GPLv3 licensed code, the situation is quite different, where the license talks about availability of source code and build tools. > An example: Is it enough to place a text file along the binary which > only includes a pointer to a source code directory and the hint that the > binary can be built using this source code, but no further instructions > how the binary can build using that source code are included? Also, > there might be no > information from exactly which version of the source code the binary was > built. Even looking at git logs might not help to identify the exact > version. I don't think it is possible to answer this conclusively without knowing the license involved. In general, I think it is best to consider actual cases so everyone can inspect the source code and licenses included. Can you give names and pointers to what binary in the Android source tree you are thinking of? > Another example: A jar file is not accompanied with any hint at > all. Opening the jar reveals a version.property that includes a > hash. With a bit experience one might know that this hash belongs to a git > commit. However, the actual repository with this commit cannot be > identified going through the jar. Only by searching the web, some > experience with the Android platform/toolchain build system and guessing > From the name of the jar, one might be able to identify the > repository. Then the build instructions are still missing and it is > investigative work and again experience necessary in order to figure out > how the jar might have been build from the source code. I believe this also depends on the license. > Last question: What if some these jars were built using a non-free java > version? I believe it is possible to have free software that is built with a non-free compiler. The license for the software itself, and that of the compiler, has to permit redistribution though. /Simon
signature.asc
Description: PGP signature
_______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
