Re: [gentoo-dev] [RFC] Solving the problem of huge number of wrong LICENSES=*GPL-[23]

[Rich Freeman]

On Mon, Aug 27, 2018 at 6:46 PM Michael Mol  wrote:
>
> I can say that if the licenses are habitually misidentified, I could not use
> Gentoo's portage tree in my job without extensive and ongoing revalidation of
> the license metadata.
>

Keep in mind that we're just talking about GPL-2 vs 2+ and GPL-3 vs
3+.  We're not talking about GPL vs BSD vs something that involves a
EULA.

Do you actually accept one of these without the other, such that you
would have problems if they had gotten confused?

-- 
Rich

Re: [gentoo-dev] [RFC] Solving the problem of huge number of wrong LICENSES=*GPL-[23]

[Michael Mol]

On Sunday, August 26, 2018 7:09:41 AM EDT Paweł Hajdan, Jr. wrote:
> On 26/08/2018 12:53, Mart Raudsepp wrote:
> > The common issue here is that upstream COPYING files really do only
> > talk about one of the versions. And then you get to validate or source
> > files to be sure that they do have a "or later" clause in them. And
> > then on each bump you ideally should validate it again, etc, that no
> > sources without "or later" allowance are in there...
> 
> Yup, precise tracking of license metadata can be a pain.
> 
> I'm not really sure if that level of it is worth for us as a distro. For
> _importing_ other project's source code directly into one's project
> precise license compatibility matters a lot. That's not the scenario
> we're in. I see LICENSES as mostly a mechanism for end users to accept
> or reject EULAs etc, and I'm curious what are other common scenarios.
> 
> Michał, could you elaborate on why not distinguishing more precisely
> between these GPL variants in LICENSES is a _problem_ ? I can certainly
> see the information is not always accurate, but it's not obvious to me
> how severe is the downside, what are the consequences in practice.

I can say that if the licenses are habitually misidentified, I could not use 
Gentoo's portage tree in my job without extensive and ongoing revalidation of 
the license metadata.

There are, in fact, automated tools for advising about the license disposition 
of these types of things, examining source files for unfortunate edits and 
variants and flagging them, etc. It might be an interesting task at some point 
to point some of these tools at portage, look for incorrect metadata and file 
bug reports.

Not suggesting this is a worthwhile approach up front, but it might be a 
useful tool in the future for dealing with license metadata quality as a 
chronic issue. (Which, in turn, is useful for commercial consumption and 
participation.)

Re: [gentoo-portage-dev] Avoid stripping ld.so ?

[Joakim Tjernlund]

On Thu, 2018-08-30 at 20:12 +0100, Sergei Trofimovich wrote:
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
> 
> 
> On Thu, 30 Aug 2018 07:37:16 +
> Joakim Tjernlund  wrote:
> 
> > > > Tweaking ebuild to expand STRIP_MASK for ld.so might help.
> > > 
> > > OK, can I use STRIP_MASK outside ebuilds, like in /etc/portage/make.conf 
> > > or
> > > in my profile? Something like STRIP_MASK="/lib64/ld-* /lib/ld-*"
> 
> I believe you can't. You would have to resort to /etc/portage/bashrc
> hacks to override ebuilds' value. Requesting new feature from dev-portage@
> sounds reasonable.
> 
> For example, add STRIP_MASK_USER to be controlled by user.
> 
> STRIP_MASK is normally used for cases when software breaks when
> stripped (examples: not-quite-ELF files, not-yet-linked .o files). Not
> something for convenience or niche purposes.
> 
> STRIP_MASK_USER might be a good way to fine-grain desired policy
> of stripping package on top of existing FEATURES=nostrip knob.

Yes, I like this idea with STRIP_MASK_USER

 Jocke