Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Le 06/09/2009 02:34, Thomas Anderson a écrit : Ciaran's really not making homework up for gentoo. Why, remi stated himself that we have homework to do(and we sometimes don't do that homework) I did, but I also stated upstream might have some homework to do themselves. Here's a list of things that : - COPYING automagically copied by automake (that would make the file be GPL-2+ or GPL-3+) - code stolen from other projects under a non-compatible/viral license - bundled libraries - code that's so old, no-one really knows what the original license (XFree86/Xorg) is or who the copyright holders are (Mozilla) And I haven't even had my morning coffee yet. Even if _we_ do our homework, all those reasons above might mislead us into thinking a package has license ABC, while in fact it's under license ABC+ and XYZ. I don't see how a new EAPI will help us with all the aforementioned issues. And for the proposed LICENSE sets to work correctly, the whole tree needs to be audited, and each new _version_ of each package needs to be rigorously checked if we want to provide something users can _trust_. Cheers, Rémi
[gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Zac Medico posted on Fri, 04 Sep 2009 18:06:09 -0700 as excerpted: That seems like a reasonable solution. So, an ebuild can do something like LICENSE=@GPL-2+ and that will expand to whatever the definition of the GPL-2+ license group happens to be. When a new version of GPL license comes out, we simple add it to that group, and none of the corresponding ebuilds have to be updated. That sounds like a very good EAPI-4 candidate. =:^) -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
On Friday 04 of September 2009 22:08:02 Ciaran McCreesh wrote: On Fri, 04 Sep 2009 22:04:46 +0200 Rémi Cardona r...@gentoo.org wrote: Having tools to manipulate those variables is very misleading since users will (rightfully) assume that we've done our homework and that upstream did too. Why not use EAPI 4 to make sure people have done that homework then? Because it won't make *upstream* do their homework. I suppose you volunteer to make this homework for Gentoo to fulfill new EAPI requirements as I assume your lawyer skills equals the will to propose yet another EAPI. Therefore I fully support this idea. -- regards MM signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
On Sat, 5 Sep 2009 16:03:25 +0200 Maciej Mrozowski reave...@poczta.fm wrote: Why not use EAPI 4 to make sure people have done that homework then? Because it won't make *upstream* do their homework. If upstream won't tell you the licence under which something is distributed, how does Gentoo know whether it's allowed to mirror source tarballs or include the package on binary CDs? -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
On Sat, Sep 05, 2009 at 04:03:25PM +0200, Maciej Mrozowski wrote: On Friday 04 of September 2009 22:08:02 Ciaran McCreesh wrote: On Fri, 04 Sep 2009 22:04:46 +0200 R?mi Cardona r...@gentoo.org wrote: Having tools to manipulate those variables is very misleading since users will (rightfully) assume that we've done our homework and that upstream did too. Why not use EAPI 4 to make sure people have done that homework then? Because it won't make *upstream* do their homework. I suppose you volunteer to make this homework for Gentoo to fulfill new EAPI requirements as I assume your lawyer skills equals the will to propose yet another EAPI. Therefore I fully support this idea. -- regards MM What is your point? If your goal is to come across as a bitter person with a lot of hate then you've succeeded. Tone it down please as you're not contributing anything useful to the discussion like that. Ciaran's really not making homework up for gentoo. Why, remi stated himself that we have homework to do(and we sometimes don't do that homework) so unless you're just trying to pick a fight I don't see what you're trying to say. Please don't do that. Regards, Thomas -- - Thomas Anderson Gentoo Developer / Areas of responsibility: AMD64, Secretary to the Gentoo Council - pgpJDFjjFKKHd.pgp Description: PGP signature
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Le 03/09/2009 23:27, Mounir Lamouri a écrit :
But the content of the license is the same. That only means you can use
a newer one.
I mean we do not need a new license file for that. It's up to upstream
to write somewhere if it's GPL-2 or GPL-2+, am I right ?
Yes, that's for upstream to figure out. For instance, the kernel is
GPL-2 only while some other pacakges are 2+.
I don't want to sound like an ass, but that's why I think we shouldn't
bother too much with LICENSE and all that stuff.
We're not _lawyers_. None of us can guarantee that :
1) the LICENSE field in our ebuilds are correctly set according to what
upstream says.
2) that the actual code of the package is indeed under that license and
not tainted by some other code.
For instance, I'm still working on migrating all the X11 packages to the
MIT license (mainly for cleaning purposes), but in fact, each and
every package should have its own license file (like today) because the
MIT license requires that we acknowledge all major contributions to the
code. Therefore, using a template like ${PORTAGE}/licences/MIT does is
probably not a good idea from a legal point of view.
And the X code being over 15 years old, only God knows who we should be
thanking for this million lines of code.
While you're idea is very nice on paper, actually doing it requires much
_much_ more work than just adding operators and sets to portage.
Rémi
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
On Friday 04 September 2009 16:01:41 Rémi Cardona wrote:
For instance, I'm still working on migrating all the X11 packages to the
MIT license (mainly for cleaning purposes), but in fact, each and
every package should have its own license file (like today) because the
MIT license requires that we acknowledge all major contributions to the
code. Therefore, using a template like ${PORTAGE}/licences/MIT does is
probably not a good idea from a legal point of view.
Is that really a problem? I admit to not being around for the original design
decisions, but I would assume that the purpose of having LICENSE in ebuilds
is to tell users what licence the package is under (whether or not it's
accurate is a different matter), and the purpose of having the licences
themselves in the tree is so that it's easy for users to look them up and
decide whether they want to accept the conditions or not. For that purpose,
the exact list of credits is irrelevant. Also, I'm not a lawyer, but I would
think that the licence's requirement for credit is satisfied by the credits
being included in the source code - it doesn't require acknowledgement when
merely talking about the software or stating the fact that it's under a
particular licence, just when distributing it.
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Le 04/09/2009 20:52, David Leverton a écrit : Is that really a problem? To me, it's not. :) I admit to not being around for the original design decisions, but I would assume that the purpose of having LICENSE in ebuilds is to tell users what licence the package is under (whether or not it's accurate is a different matter), and the purpose of having the licences themselves in the tree is so that it's easy for users to look them up and decide whether they want to accept the conditions or not. For that purpose, the exact list of credits is irrelevant. That was just an example to show that unless we go through a precise and thorough audit of all the packages we offer, the LICENSE variable is _informational_ at best. Having tools to manipulate those variables is very misleading since users will (rightfully) assume that we've done our homework and that upstream did too. I don't intend to stop anyone from creating new tools, but I just want us all to realize the limits of what is being done here. Cheers, Rémi
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
On Fri, 04 Sep 2009 22:04:46 +0200 Rémi Cardona r...@gentoo.org wrote: Having tools to manipulate those variables is very misleading since users will (rightfully) assume that we've done our homework and that upstream did too. Why not use EAPI 4 to make sure people have done that homework then? -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Duncan wrote: Sebastian Pipping posted on Tue, 01 Sep 2009 04:21:49 +0200 as excerpted: However I do notice that GPL-2+ could make things easier. Why not introduce a license group for it like @GPL-2+ or so, instead? That would be transparent and use existing means. I've always thought Gentoo needed plus versions of the versioned licenses, anyway. GPL-2, GPL-2+, GPL-3, and GPL-3+, should all be different licenses, because really, they are. AFAIK, GPL-2 and GPL-2+ are not different, may you tell me more about that ? Thanks, Mounir
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Le 03/09/2009 23:10, Mounir Lamouri a écrit : Duncan wrote: Sebastian Pipping posted on Tue, 01 Sep 2009 04:21:49 +0200 as excerpted: However I do notice that GPL-2+ could make things easier. Why not introduce a license group for it like @GPL-2+ or so, instead? That would be transparent and use existing means. I've always thought Gentoo needed plus versions of the versioned licenses, anyway. GPL-2, GPL-2+, GPL-3, and GPL-3+, should all be different licenses, because really, they are. AFAIK, GPL-2 and GPL-2+ are not different, may you tell me more about that ? GPL-2+ means GPL-2 GPL-3 GPL-4 ... Not quite the same thing as just GPL-2 Rémi
Re: [gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Rémi Cardona wrote: Le 03/09/2009 23:10, Mounir Lamouri a écrit : Duncan wrote: Sebastian Pipping posted on Tue, 01 Sep 2009 04:21:49 +0200 as excerpted: However I do notice that GPL-2+ could make things easier. Why not introduce a license group for it like @GPL-2+ or so, instead? That would be transparent and use existing means. I've always thought Gentoo needed plus versions of the versioned licenses, anyway. GPL-2, GPL-2+, GPL-3, and GPL-3+, should all be different licenses, because really, they are. AFAIK, GPL-2 and GPL-2+ are not different, may you tell me more about that ? GPL-2+ means GPL-2 GPL-3 GPL-4 ... Not quite the same thing as just GPL-2 But the content of the license is the same. That only means you can use a newer one. I mean we do not need a new license file for that. It's up to upstream to write somewhere if it's GPL-2 or GPL-2+, am I right ? -- Mounir
[gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Mounir Lamouri posted on Thu, 03 Sep 2009 23:27:34 +0200 as excerpted: Rémi Cardona wrote: Mounir Lamouri a écrit : Duncan wrote: Sebastian Pipping posted: However I do notice that GPL-2+ could make things easier. Why not introduce a license group for it like @GPL-2+ I've always thought Gentoo needed plus versions of the versioned licenses, anyway. GPL-2, GPL-2+, GPL-3, and GPL-3+, should all be different licenses, because really, they are. AFAIK, GPL-2 and GPL-2+ are not different, may you tell me more about that ? GPL-2+ means GPL-2 GPL-3 GPL-4 ... Not quite the same thing as just GPL-2 But the content of the license is the same. That only means you can use a newer one. I mean we do not need a new license file for that. It's up to upstream to write somewhere if it's GPL-2 or GPL-2+, am I right ? Let me quote a different reply of yours: Groups are not fixing the problem even for free aspect. If I have a package licensed to LGPL-2, it's not free approved but if it's LGPL-2+, it is. So I can't add LGPL-2 to @FSF-APPROVED, we agree ? While the license text is the same, but for the condition or greater which may be written before or after the license, as you point out, the effective difference can be quite large indeed. It's this difference that in practice, we're worried about here. And our labels don't specifically mean anything (aren't legally valid) anyway. Thus, IMO we need a GPL2+ license description (and others similar), which would incorporate the GPL2 license, with, probably, a clearly delineated explanation at the top, Gentoo license note: The authors license these works under the GPL-2 or later license. Following is the GPL-2 version. See also GPL-3, etc. Then a line of underscores or the like, clearly separating that note from the license. That would eliminate ambiguity and grouping problems such as you mention above, while, I believe, being legally solid -- as long as our note is clearly delineated from the actual license. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman
[gentoo-dev] Re: [RFC] Add operator + for licenses (EAPI-4 ?)
Sebastian Pipping posted on Tue, 01 Sep 2009 04:21:49 +0200 as excerpted: However I do notice that GPL-2+ could make things easier. Why not introduce a license group for it like @GPL-2+ or so, instead? That would be transparent and use existing means. I've always thought Gentoo needed plus versions of the versioned licenses, anyway. GPL-2, GPL-2+, GPL-3, and GPL-3+, should all be different licenses, because really, they are. Then again, there's the various waiver conditions, which I /do/ see are covered with separate licenses for many of them, already. But someone already mentioned a license audit, which in practical terms would be needed to really depend on the LICENSE variable in any case. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman
