Quoting Andrej Shadura (2020-03-26 22:24:41) > On Thu, 26 Mar 2020 at 21:01, Russ Allbery <firstname.lastname@example.org> wrote: > > > An example: commercial users. They need to know *exactly* what they > > > are running and under which licenses. They often want to be holier not > > > only than the Pope, but holier than the whole population of Poland, > > > Italy and Spanish-speaking countries altogether (I hope I don’t offend > > > anyone with this comparison, it’s meant as a joke). > > Could you provide some more details about this? Statements from those > > companies about what they care about exactly, or open source policies that > > you can point at? I ask because this is contrary to my own personal > > experience where commercial users care about the top-line license > > (including not wanting to use licenses that we consider free) but do not > > care about the work that Debian does beyond that and routinely use software > > based on the declared upstream license on GitHub without giving it a second > > though. However, my personal experience is limited, and I'd be happy to be > > educated! > Car industry. They prefer to have nothing to do with GPL-3 and related > licenses. They also want to know for sure when there’s something with > undeclared or unknown license or something completely non-free that flew > under the radar. As it is now, they cannot rely on debian/copyright files > because often they’re out of date, sometimes up to ten years old. For > Apertis, we had to build our own machinery based on scan-copyright and, in > future, on Fossology, to attempt to mitigate that to some degree. University. We maintain a GPL software of which we are also selling proprietary licenses to companies. For this purpose our software must not link against any GPL code. Recently we found by accident that a single file from an otherwise BSD licensed 3rd party library we use was licensed under GPL. It was only a few days before we had to hand our software to our customer so it would've spared us a lot of headaches if that 3rd party library had a well documented d/copyright file where we could've easily spotted that one GPL file.