[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Verifying dep-5



On Sat, May 28, 2016 at 7:18 AM, Dmitry Bogatov wrote:

> Do we have any tools to check for GPL violation? I mean, is it any
> tool to perform rather crude check whether package that contains
> non-copyleft source file depends on binary package, source package of
> which contains GPL file?

non-copyleft licenses are generally GPL compatible, but I guess you
are thinking of BSD-4-clause and OpenSSL licenses here? There are
GPL-incompatible copyleft licenses too (like CDDL).

The adequate tool can perform some checking of license incompatibilities:

https://piuparts.debian.org/sid/incompatible_licenses_inadequate_issue.html
https://packages.debian.org/unstable/adequate

> Currently, I am working about some issue with haskell-missingh.  All
> code in this package is BSD-3-clause, but one file is GPL.  It would
> be wrong to mark all files as GPL, but package as whole is GPL, which
> should be propagated down the dependency tree. But seems we do not
> have tools to check it. Probably, we need some way to mark licenses
> of whole binary packages. WDYT?

I think it would be interesting to automatically track how each file
in a binary package was created and which files they were derived
from. Then we could automatically generate proper copyright files for
binary packages. That is a hard project so...

The next best thing is to have a manually prepared copyright file for
the binary package that is different to the one for the source package
(see libicns for an example) but...

Right now we completely ignore what the correct copyright/license
situation is for binary packages and assume it is the same as for the
source package.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


Reply to: