Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#776 - Distribute copyright notices with BSD-licenced packages

Attached to Project: Arch Linux
Opened by Oliver Burnett-Hall (olly-bh) - Sunday, 18 April 2004, 02:43 GMT
Last edited by Judd Vinet (judd) - Sunday, 18 April 2004, 18:16 GMT
Task Type Feature Request
Category System
Status Closed
Assigned To Judd Vinet (judd)
Architecture not specified
Severity Medium
Priority Normal
Reported Version 0.7 Wombat
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Packages licenced under BSD- and X11-style licences include an 'advertising clause' - when redistributed in either source or binary format the original copyright notice must be included.

For example, the (very long) OpenSSH licence can be found at http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=1.11.2.2

Arch, on the whole, does not seem to be distributing these license/copyright files and so, technically, is breaching the conditions of the licence. I'm not expecting that anyone's going to get sued for this, but as Good Members of the Open Source Community we ought to be doing everything possible to make sure we comply to both the spirit and the letter of the law.

Distributing BSD licences isn't as simple as with the GPL - there isn't a single BSD licence; it can vary with each package and will often reference an AUTHORS file - having a single /usr/share/licences/BSD file isn't enough.

Instead we need to make sure that PKGBUILD scripts make sure that any LICENSE/COPYING/AUTHORS/WHATEVER files that come with source tarballs get installed with the packages.

Adding (automatic or semi-automatic) functionality to makepkg to do this would be trivial (for a crude automatic version: 'find . -regex '.*/\(AUTHORS\|COPYING\|LICENSE\)' -exec cp {} /somewhere \;'), but we'd need to decide where the files would go.

The two obvious places (as /usr/share/doc is a no-go) would be /usr/share/{pkgname} or /usr/share/license/{pkgname}. I'd go for the former but I was outvoted on IRC :(

Thoughts?

- olly
This task depends upon

Closed by  arjan timmerman (blaasvis)
Sunday, 15 October 2006, 09:15 GMT
Reason for closing:  Implemented
Additional comments about closing:  please report packages without a license field :)
Comment by dorphell (dorphell) - Sunday, 18 April 2004, 06:13 GMT
In the process of being taken care of..
Comment by Oliver Burnett-Hall (olly-bh) - Wednesday, 21 April 2004, 23:12 GMT
Any chance of some details of how this will be done?
Comment by Judd Vinet (judd) - Monday, 26 April 2004, 03:43 GMT
Automating this step in makepkg seems to be the best solution, but I'd like to save on space as much as possible here. For example, I'd like to install only one copy of the GPL and have each package link to that one file.

But it sounds like I can't do that with BSD-licensed software, since each license may be slightly different (yet still classified as BSD?)
Comment by Oliver Burnett-Hall (olly-bh) - Friday, 30 April 2004, 14:01 GMT
Having a single copy of the GPL and linking to that is fine, and will work for several other licences too (MPL, Apache License, etc.). Though you'll have to be sure that packages are using unmodified versions of the licenses (e.g. the kernel uses a modified version of the GPL v2).

However, this won't work for BSD licences, as this is more a style of licence than an actual licence. For these you need to distribute the licence files with the binary package.

Here's a suggestion: add a licensefiles array to PKGBUILD and use that to copy the needed files. Then bung something like this in makepkg (this is example code and would need more work, e.g. it will fail if the source tarball extracts to something other than $pkgname, it also assumes /usr/share/licenses is the right place to put the files):

---------------------------------------------------------
licensedir=pkg/usr/share/licenses/$pkgname-$pkgver
for ((i=0; $i < ${#licensefiles[@]}; ++i)); do
install -D -m644 src/$pkgname/${licensefiles[$i]} \
$licensedir/${licensefiles[$i]}
gzip -9 $licensedir/${licensefiles[$i]}
done
---------------------------------------------------------

If you want to avoid multiple copies of GPL/whatever licenses then put this inside a case $license ... esac statement and give standard actions for other licenses. But the GPL2 is less than 7 kB when gzipped, so is it really worth it?

An alternative method would be to provide a helper function that could be called from build() that would do the same sort of thing (e.g. 'install-license ./COPYING'). Doing it this way mean it could be written to provide more options - wildcards, pulling in files from various bits of the source tree, renaming files, etc. Options like this could be the needed if different bits of a package are under different licences.

Thoughts?
Comment by Aaron Griffin (phrakture) - Friday, 21 January 2005, 17:15 GMT
"If you want to avoid multiple copies of GPL/whatever licenses then put this inside a case $license ... esac statement and give standard actions for other licenses. But the GPL2 is less than 7 kB when gzipped, so is it really worth it?"

What if the original package is 7k? You just doubled the size of the package. What about dial-up users? What about those who pay for downstream transfers? What about server size (additional disk overhead)?

It's worth it.
Comment by Indan Zupancic (i3839) - Sunday, 03 April 2005, 14:23 GMT
To quote the appropriate old style BSD licence part:

"Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution."

As Arch doesn't really provide any additional documentation or material for each package, there isn't really a place to add it. Keeping any license relevant info in the default package should be enough. This info certainly doesn't need to be in the package info of not yet installed packages.
Comment by Roman Kyrylych (Romashka) - Monday, 09 October 2006, 09:48 GMT
Isn't it already implementewd with new license field and licenses directory where appropriate licenses should be copied?

Loading...