Re: License violations for dependencies of Rust and Go programs?

On Wed, 2023-09-27 at 10:41 -0400, John Thorvald Wodder II wrote: > So was this problem previously known but under-acknowledged, or was it simply > not brought up before now?  I find it surprising that Debian would allow so > many license violations to get this far.  Is fixing the tooling to handl

Re: License violations for dependencies of Rust and Go programs?

On Wed, 2023-09-27 at 11:03 -0400, John Thorvald Wodder II wrote: > On further inspection, it turns out that bat itself compiles the text > of its NOTICE file into the binary, and the text is displayed when > running `batcat --acknowledgements`, so bat's Apache 2.0 license is > being followed.  If

Re: License violations for dependencies of Rust and Go programs?

* On 9/27/23 21:10, Sam Hartman wrote: >> "Mihai" == Mihai Moldovan writes: > > Mihai> In this case, we're "just" talking about missing notices for > Mihai> dependencies that are pulled in, which might not be nice, but > Mihai> also, realistically, nobody would really care about o

Re: License violations for dependencies of Rust and Go programs?

> "Mihai" == Mihai Moldovan writes: Mihai> In this case, we're "just" talking about missing notices for Mihai> dependencies that are pulled in, which might not be nice, but Mihai> also, realistically, nobody would really care about or try to Mihai> enforce it (unless somebody

Re: License violations for dependencies of Rust and Go programs?

* On 9/27/23 16:41, John Thorvald Wodder II wrote: > On 2023 Sep 26, at 20:36, Paul Wise wrote: >> Your analysis is correct, some extra context for this problem: >> >> The problem you have identified applies to other statically linked >> languages too, so I have updated the wiki page to link to it

Re: License violations for dependencies of Rust and Go programs?

On 2023 Sep 26, at 22:09, Paul Wise wrote: > > On Tue, 2023-09-26 at 14:20 -0400, John Thorvald Wodder II wrote: > >> - bat (In addition to the type of problem discussed above, the source code >> for >> bat has an Apache 2.0 `NOTICE` file, yet this is not included in the .deb >> package.) >

Re: License violations for dependencies of Rust and Go programs?

On 2023 Sep 26, at 20:36, Paul Wise wrote: > Your analysis is correct, some extra context for this problem: > > The problem you have identified applies to other statically linked > languages too, so I have updated the wiki page to link to it. > > https://wiki.debian.org/StaticLinking So was thi

Re: License violations for dependencies of Rust and Go programs?

On Wed, 2023-09-27 at 05:24 +, Stephan Verbücheln wrote: > Are the upstream developers not already legally required to include all > this information into various places including their “Help-About” menu? It is definitely not common practice to document the copyright/license info of dependenc