Hello Antero, Antero Mejr writes: > Ludovic Courtès writes: > >> 1. It’s entirely fine for, say, a BSD-3 package to link against >> Readline (GPLv3+). The combination is effectively GPLv3+, but >> that’s perfectly valid legally speaking. > > It's fine for FOSS packages, but if you have proprietary-licensed Guix > package where the code can't be open-sourced, bringing in a GPL > dependency is an issue. > > This copyleft linter goes along with the other patch where guix lint > exits 1. So you can do something like this in a CI pipeline: > > 'guix lint -c copyleft my-proprietary-package' > > to block developers from adding copyleft dependencies to a non-free package. I think that goes against the spirit of the GNU project: it's a tool that helps finding licensing concerns for proprietary software, with the end goal of weeding out GPL components. We may be better off if no such tool exists and more companies embrace the idea that is GPL instead of helping them spot GPL dependencies so they can rewrite them under some non-copyleft license. >> 2. It’s tempting to view devise a “licensing calculus” of sorts and >> automate assessments of licensing compatibility. However, I think >> it’s overestimating both law and our own licensing annotations: how >> law applies in a specific case isn’t entirely clear until one goes >> to court, and our ‘license’ fields fail to represent all the >> relevant nuances anyway (subcomponents having different licenses, >> dual/multiple licensing, etc.). > > True, this linter check is basic and would not constitute legal advice. > > It's more of a broad "software license auditing" sort of thing, > to allow engineers to do quick compliance checks. In my experience > it's useful for development in regulated applications of software. > > Thanks for the feedback, lmk what you think. I think I'd rather not see this tool in Guix, but I think it could live happily as a channel or as an extension. -- Thanks, Maxim