Re: What to do when DD considers policy to be optional? [kubernetes]
Hi,
On Thu, 26 Mar 2020 at 21:01, Russ Allbery <rra@debian.org> wrote:
> > An example: commercial users. They need to know *exactly* what they
> > are running and under which licenses. They often want to be holier not
> > only than the Pope, but holier than the whole population of Poland,
> > Italy and Spanish-speaking countries altogether (I hope I don’t offend
> > anyone with this comparison, it’s meant as a joke).
> Could you provide some more details about this? Statements from those
> companies about what they care about exactly, or open source policies that
> you can point at? I ask because this is contrary to my own personal
> experience where commercial users care about the top-line license
> (including not wanting to use licenses that we consider free) but do not
> care about the work that Debian does beyond that and routinely use
> software based on the declared upstream license on GitHub without giving
> it a second though. However, my personal experience is limited, and I'd
> be happy to be educated!
Car industry. They prefer to have nothing to do with GPL-3 and related
licenses. They also want to know for sure when there’s something with
undeclared or unknown license or something completely non-free that
flew under the radar. As it is now, they cannot rely on
debian/copyright files because often they’re out of date, sometimes up
to ten years old. For Apertis, we had to build our own machinery based
on scan-copyright and, in future, on Fossology, to attempt to mitigate
that to some degree.
--
Cheers,
Andrej
Reply to: