Date: Tue, 24 Nov 2015 12:57:23 -0800 From: "Roger Marquis" <marquis@roble.com> To: freebsd-ports@freebsd.org Subject: Re: License info Q In-Reply-To: <1447947303.654619.444405505.416C0DA0@webmail.messagingengine.com> References: <20151118114839.431a3adf@fabiankeil.de> <1447947303.654619.444405505.416C0DA0@webmail.messagingengine.com>
| previous in thread | raw e-mail | index | archive | help
Perhaps easier than spending developer resources on administrative metadata perhaps an automated monthly email to port maintainers who have missing or inaccurate LICENSE= data, requesting this variable be added to makefiles and manifests, would improve things? Whatever the means of generating voluntary compliance it would surely help corporate adoption. In our package tree only about 40% of several hundred ports and packages provide any license string. That contrasts with Redhat which has license info for every rpm (on the systems I've tested). Roger Marquis >> > I need to get license info from a batch of ports and packages. >> > >> > Problem is not all the specified ports/pkgs are installed or have license >> > info in their Makefile. Is there a reliable way to enumerate port or >> > package license strings, preferably without fetching a package tarfile? >> >> No. Also note that the "license information" in the Makefiles is often >> misleading[1] and thus not particular useful if you actually care about >> license compliance. >> >> Unfortunately reporting incorrect license information seems to be >> a waste of time so things are unlikely to improve any time soon: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195807 >> >> Fabian > > I spent a *lot* of time trying to correct the BSD licenses to be BSD2 > BSD3 or BSD4CLAUSE. I did an /ok/ job. It was a super pain. My > conclusion is that we need to be very careful getting the licenses > defined correctly, but even then we cannot make any promises they are > correct. You can only license files, not "projects", so a license on a > port should be considered "best effort guidance" and not a promise of > accuracy. > > If you are doing something that actually requires you to get licensing > information correct the only approach is to roll up your sleeves and > look at each software manually. Consider trying to play with Apache RAT > as well which -- rumor has it -- can do a decent job of programmatically > detecting licenses. > > http://blog.feld.me/posts/2014/12/bsd-license-audit/ > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>