[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What to do when DD considers policy to be optional? [kubernetes]

Quoting Andrej Shadura (2020-03-26 22:24:41)
> On Thu, 26 Mar 2020 at 21:01, Russ Allbery <rra@debian.org> wrote:
> > > An example: commercial users. They need to know *exactly* what they
> > > are running and under which licenses. They often want to be holier not
> > > only than the Pope, but holier than the whole population of Poland,
> > > Italy and Spanish-speaking countries altogether (I hope I don’t offend
> > > anyone with this comparison, it’s meant as a joke).
> > Could you provide some more details about this?  Statements from those
> > companies about what they care about exactly, or open source policies that
> > you can point at?  I ask because this is contrary to my own personal
> > experience where commercial users care about the top-line license
> > (including not wanting to use licenses that we consider free) but do not
> > care about the work that Debian does beyond that and routinely use software
> > based on the declared upstream license on GitHub without giving it a second
> > though.  However, my personal experience is limited, and I'd be happy to be
> > educated!
> Car industry. They prefer to have nothing to do with GPL-3 and related
> licenses. They also want to know for sure when there’s something with
> undeclared or unknown license or something completely non-free that flew
> under the radar. As it is now, they cannot rely on debian/copyright files
> because often they’re out of date, sometimes up to ten years old. For
> Apertis, we had to build our own machinery based on scan-copyright and, in
> future, on Fossology, to attempt to mitigate that to some degree.

University. We maintain a GPL software of which we are also selling proprietary
licenses to companies. For this purpose our software must not link against any
GPL code. Recently we found by accident that a single file from an otherwise
BSD licensed 3rd party library we use was licensed under GPL. It was only a few
days before we had to hand our software to our customer so it would've spared
us a lot of headaches if that 3rd party library had a well documented
d/copyright file where we could've easily spotted that one GPL file.

Attachment: signature.asc
Description: signature

Reply to: