Arch Linux

I'd suggest AllowLicense or something like that instead. To me, "RestrictLicense gpl" would mean that you DON'T want to allow gpl licenses, the opposite of what you intend. (RestrictToLicense would be better, but still confusing.)

This is a good idea though.

AllowLicenses sounds better:

AllowLicenses * (all licenses, the default)
AllowLicenses gpl bsd foo bar

One question though... should we be able to "AllowLicenses custom" ?

I think custom should be a question, "this package has a custom license, are you sure you want to install it?"

Custom is going to be so different that it won't really make sense to blanket it.

Perhaps it could pe possible to mark that certain licences should be asked about. For instance, "AllowLicenses * !cppl ?apache ?custom" would allow all licences, except that cppl would be forbidden, and the user would be queried every time he tried to install something under the Apache or a custom licence.

There should propably be some predefined licence sets, e.g. "AllowLicenses opensource" might allow all OSI-approved licences and ask about any custom ones.

i agree with BLK, there should be some predefined license sets e.g. we can use "Free", "non-Free" and more categories from here: http://www.gnu.org/licenses/license-list.html

i found that GNU arranged licenses in categories much better than anyone else :-)

I like BLK's idea of AllowLicenses, like in rc.conf:

AllowLicenses=(* !some_other_license)

Are there any licenses with spaces in them? then maybe we should use AllowLicenses=(* !'QPL protected license'). This seems very complex though.

And what to do if a package have multiple licenses, like firefox?

I find what most people who want this want it for is to block non-free software from their system. currently there is no way to determine based on the license field with 100% certainty if a package is non-free. usually it will have a 'custom' license, but all that actually means is that only one package uses the license. It does not necessarily say anything about the terms of that license. Maybe with package categories (FS#7132) we could have a "nonfree" category, and allow an option to ban or warn about packages from given categories. We might have "gpl-incompatable" as well. An option to restrict based just on licenses would be good too though, as not everyone may be satisfied by the standard categories.

What about not caring and have the user check for himself.

One of Arch Linux's strong points (imo) is that it doesn't really care about the licensing, making it very accessible for newbies, especially when it comes to certain media, etc...

I agree that it would be nice for some kind of automated checking / filtering of licences to be done by pacman, to enable the user to set up these kinds of preferences. It certainly won't interfere with anyone who isn't interested in this functionality :-)

And as for "custom" - I like the idea of replacing it with "custom-free" and "custom-nonfree" according to something like the GNU lists as arnuld suggested.

I would be great if pacman helped system administrators choose which software licenses they want to install. Is this on the roadmap?

We could use the same approach as Parabola and use a non-free package package to block all non-free software. I'm in favour of a less strict interpretation of free software than Parabolas has. In my opinion non-free should primarily based on the software license itself. This means that for example Firefox and Thunderbird would be allowed. Users can easily edit the list of allowed software with ABS. You can find Parabol's your-freedom PKGBUILD here: https://projects.parabolagnulinux.org/abslibre.git/tree/libre/your-freedom

This can be accomplished with a hook.

How? Do you mind providing an example?

I have only been able to locate this scarce documentation: https://wiki.archlinux.org/index.php/User:Allan/Pacman_Hooks

For the record, the canonical documentation is now in the manpages, see alpm-hooks(5).

You could use a PreTransaction hook with NeedsTargets and AbortOnFail, that looks at the list of packages on stdin and inspects their license field using expac. This would only work on packages located in a repository and installed with pacman -S though.
There is no way to get arbitrary metadata from a package via a hook.

You could also use expac to get the information from installed packages in a PostTransaction hook, but then all you can provide is a warning after the package was successfully installed.

Thanks, I think that will do fine :)