Re: [arch-general] Distribution license of package information on the website?
On 05/30/2018 02:55 PM, Guus Snijders via arch-general wrote: > Op di 29 mei 2018 21:18 schreef Hong Xu : > >> On 05/29/2018 10:27 AM, Giancarlo Razzolini via arch-general wrote: >>> Em maio 29, 2018 8:27 Eli Schwartz via arch-general escreveu: >>>> >>>> I'm of the opinion that there cannot be a license requirement for reuse >>>> at all, since it's not original enough, and explicitly clarify this in >>>> https://github.com/eli-schwartz/pkgbuilds#copyright >>>> > > > [...] > > > (IANAL) While every single PKGBUILD file may be trivial enough and thus > > does not require a license, the aggregation of them is actually >> significant. [...] > > > I >> think this can be eventually harmful for ArchLinux. For example, one can >> host an internal mirror for ArchLinux repositories without signing >> explicit agreement with the owner of the repository data. Even, as a >> user, downloading repository data is a form of reproducing. >> > > Ianal either (but also not an American), I fail to see how mirroring *free* > software can be harmful for that same free software. It's not as if "we" > are obliged (by contract or law) to ensure quality or something. With OSS > you get what you pay for; if your kitten gets eaten in the process, too > bad... > > Now, if we were talking about commercial software, that might be something > else. But AFAIK that has no real place in our repos. > > The harmful part is not about mirroring the software themselves, but the metadata created by package maintainers. Hong
Re: [arch-general] Distribution license of package information on the website?
On 05/29/2018 10:27 AM, Giancarlo Razzolini via arch-general wrote: > Em maio 29, 2018 8:27 Eli Schwartz via arch-general escreveu: >> >> I'm of the opinion that there cannot be a license requirement for reuse >> at all, since it's not original enough, and explicitly clarify this in >> https://github.com/eli-schwartz/pkgbuilds#copyright >> > > Well, I never thought about licensing PKGBUILD's. Honestly, I don't > think we need a license. > But, perhaps, considering the implications of this request, we can > discuss about one. I'm not > against it, and we currently have ways for someone to do this. > > Thinking from the technical standpoint, I just don't want our servers to > be even more hammered > with API requests than they are, specially the AUR. > > Regards, > Giancarlo Razzolini (IANAL) While every single PKGBUILD file may be trivial enough and thus does not require a license, the aggregation of them is actually significant. For now, let's see them as data files as they are in the database. without an explicit license, under the US copyright law, the owner has all rights reserved, including the right to "to reproduce the copyrighted work in copies or phonorecords" and to "distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending" (see [1]). I think this can be eventually harmful for ArchLinux. For example, one can host an internal mirror for ArchLinux repositories without signing explicit agreement with the owner of the repository data. Even, as a user, downloading repository data is a form of reproducing. It might be good if developers have to agree to license PKGBUILD files under a certain license when they are uploading packages (again, I Am Not A Lawyer). But someone should consult a lawyer to do all these... [1]: https://www.law.cornell.edu/uscode/text/17/106 Hong signature.asc Description: OpenPGP digital signature
[arch-general] Distribution license of package information on the website?
Hi everyone, I'm interested in collecting the metadata of all packages. I intend to do this by crawling the ArchLinux package listing pages (let me know if there is a better way!). However, on the package listing pages [1,2], I do not see any license information regarding how one can use these metadata. Can someone help me here? Thanks! [1]: https://www.archlinux.org/packages/ [2]: https://aur.archlinux.org/packages/ Hong signature.asc Description: OpenPGP digital signature
