[Exherbo-dev] The state of the LICENCES field

Elias Pipping pipping at lavabit.com
Sun Oct 2 18:22:43 BST 2011


the LICENCES field is in a rather poor state.

That is in part due to the fact that an exheres with


looks nicer than one with


and takes less effort than

    BSD-3 [[ note = [ foo.c bar.h ] ]]
    MIT   [[ note = [ buz.m gargle.f ] ]]

whilst actually being the least desirable of the three (unless of
course the package is actually under the BSD-3 license).

It is, furthermore, possible to miss that a project has changed which
licence it is available under. A lot of people do not even care about
licences, be they part of upstream, users, or developers.

The most important reason, however, is that the world of software
licences is a horrible mess itself. Not all projects come with a
COPYING or LICENCE/LICENSE file. Some have notes in every file. Or
just in some files. Sometimes one file has been relicenced as BSD-2
while others are still BSD-4, etc.

There is no canonical way to retrieve the (conglomerate of) licence(s)
of a project from its tarball.

We cannot afford not to care about licences, however, if we mean to
distribute binaries of packages. OpenSSL's license comes to mind.

In particular, we need to get LICENCES right for any package that is
part of the stages.

What we could do is wipe the clean slate and add


to packages for now, and replace that with proper licences for
packages that we have reviewed throroughly afterwards. But that is
rather drastic.

What we could also do is add an annotation that a licence has been
verified. This would also allow us to add a note about what version
was last checked. The syntax could be

    BSD-3 [[ note = [ foo.c bar.h ] ]]
    MIT   [[ note = [ buz.m gargle.f ] ]]
  ) [[ last-checked = 2.7.3 ]]"

The annotation last-checked would only be valid on blocks.

With this proposal as well,


would be acceptable for packages that are not part of the stages.


Elias Pipping

More information about the Exherbo-dev mailing list