From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 06 12:05:43 2023 Received: (at 61950) by debbugs.gnu.org; 6 Mar 2023 17:05:43 +0000 Received: from localhost ([127.0.0.1]:43521 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pZEHP-0006DQ-40 for submit@debbugs.gnu.org; Mon, 06 Mar 2023 12:05:43 -0500 Received: from mout-p-201.mailbox.org ([80.241.56.171]:41150) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pZEHM-0006D7-EU for 61950@debbugs.gnu.org; Mon, 06 Mar 2023 12:05:42 -0500 Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4PVlMJ6kfFz9sSZ; Mon, 6 Mar 2023 18:05:32 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1678122332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kU0a15NHUfbsSZYxEbY6cJQ8UMUxpWmDt4q0V5FerUg=; b=m376yAZ8WUs0miAj4ywIyb95cx6cPt5dbfl2yHalsS55Kd/fXOhdNHilFm0mObeEn7zFKa RKzRABOXBRSUOJEQ1Xv5PmPTCCj/ndatsK7vvBacMfErjH9l9Aq3FikrNzDrzxo6NXyee6 5+8ZZ+NhyIhF8dW1cDuyHBjWpb38rA630wyO0V0LjDdp4uq6b03jynE46VCecpk5U7/2FB uU9c5wiO8Jahd3rlpLng07xGeCVOh65O7kRlcRmx6U00CNLxfXe0NTPFUmML3FJ6Z/lxXL IxvRe+EDPx8cZVZFW6E39jLk6lSdrepWsvhduOtne0aqOvqbesgHmvEL1upCcQ== References: <20230304041458.32761-1-antero@mailbox.org> <87lek9anaz.fsf@gnu.org> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1678122330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kU0a15NHUfbsSZYxEbY6cJQ8UMUxpWmDt4q0V5FerUg=; b=j8xEZ0mYml0RPpGPj1PskVRejNTqIvFz3pduHStHORejPLjnw65mynJKr6O9IOZYUuZCa2 RkO9mYsHVb1fgwdl68iClVnvyyFTkSulAEwqDrQHrnb/IQ2lJqVSGcObc3+Vdv7Wq4zrXP eTi51gJm3v1SjR0Y65d0+pVgBjnsF1WaADCr/8DPfWfr3XfQLPdVK3o+vi3I9SCoWZVmn0 dRo3p1s05X+CF+mKJA3sT9qwxL9Psn9PD38i2Wfe2BWfR54iA7LwNw047MHkkHjLWkf7bA btHNhvB6AAbS6bzG666RNFSun2Fcu5GceX4I2B2eN8g8kXOJmJfNeL44t3Dotw== From: Antero Mejr To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#61950] [PATCH] lint: Add 'copyleft' checker. Date: Mon, 06 Mar 2023 16:21:02 +0000 In-reply-to: <87lek9anaz.fsf@gnu.org> Message-ID: <87o7p5u7y2.fsf@mailbox.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-MBO-RS-META: kk1hkiijgm8p99pgzdaatyfbmksngwje X-MBO-RS-ID: b0a74fb2c43bc7eb859 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 61950 Cc: 61950@debbugs.gnu.org, Antero Mejr X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Ludovic Court=C3=A8s writes: > 1. It=E2=80=99s entirely fine for, say, a BSD-3 package to link against > Readline (GPLv3+). The combination is effectively GPLv3+, but > that=E2=80=99s perfectly valid legally speaking. It's fine for FOSS packages, but if you have proprietary-licensed Guix package where the code can't be open-sourced, bringing in a GPL dependency is an issue. This copyleft linter goes along with the other patch where guix lint exits 1. So you can do something like this in a CI pipeline: 'guix lint -c copyleft my-proprietary-package' to block developers from adding copyleft dependencies to a non-free package. > 2. It=E2=80=99s tempting to view devise a =E2=80=9Clicensing calculus= =E2=80=9D of sorts and > automate assessments of licensing compatibility. However, I think > it=E2=80=99s overestimating both law and our own licensing annotatio= ns: how > law applies in a specific case isn=E2=80=99t entirely clear until on= e goes > to court, and our =E2=80=98license=E2=80=99 fields fail to represent= all the > relevant nuances anyway (subcomponents having different licenses, > dual/multiple licensing, etc.). True, this linter check is basic and would not constitute legal advice. It's more of a broad "software license auditing" sort of thing, to allow engineers to do quick compliance checks. In my experience it's useful for development in regulated applications of software. Thanks for the feedback, lmk what you think.