[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What to do when DD considers policy to be optional? [kubernetes]


On Thu, 26 Mar 2020 at 21:01, Russ Allbery <rra@debian.org> wrote:
> > An example: commercial users. They need to know *exactly* what they
> > are running and under which licenses. They often want to be holier not
> > only than the Pope, but holier than the whole population of Poland,
> > Italy and Spanish-speaking countries altogether (I hope I don’t offend
> > anyone with this comparison, it’s meant as a joke).

> Could you provide some more details about this?  Statements from those
> companies about what they care about exactly, or open source policies that
> you can point at?  I ask because this is contrary to my own personal
> experience where commercial users care about the top-line license
> (including not wanting to use licenses that we consider free) but do not
> care about the work that Debian does beyond that and routinely use
> software based on the declared upstream license on GitHub without giving
> it a second though.  However, my personal experience is limited, and I'd
> be happy to be educated!

Car industry. They prefer to have nothing to do with GPL-3 and related
licenses. They also want to know for sure when there’s something with
undeclared or unknown license or something completely non-free that
flew under the radar. As it is now, they cannot rely on
debian/copyright files because often they’re out of date, sometimes up
to ten years old. For Apertis, we had to build our own machinery based
on scan-copyright and, in future, on Fossology, to attempt to mitigate
that to some degree.


Reply to: