patacongo commented on pull request #378: URL: https://github.com/apache/incubator-nuttx-apps/pull/378#issuecomment-689165225
> > > Maybe something useful would be to set a configuration value indicating the "clean" licensing status of a build so that on a binary you can check if the build includes projects with other licenses. I'm not sure what you mean by "clean" license. The ASF permits third party software into the repositories PROVIDED that we follow the rules for inclusion of third part software. See, for example, https://www.apache.org/legal/resolved.html . I think this means, basically that the code has to have a compatible license and we also have to document that license and copyright in the LICENSE file. There is also this vague issue that has come up a few times that ways were also supposed to have the blessing of the copyright holder to use the code, but I don't really understand what that means in any legal sense. There is a lot of BSD third party code in the repositories now and you could not even build NuttX of that code were not included in the build. My curiosity is for the case of downloading third party code with a compatible license at build time and NOT following the ASF rules for third party code. Honestly, I don't really know the answer. But it seems to me that there is an issue with documenting the license, making sure that the end user is aware of the licensing, and protecting ourselves legally from being a party to a possible patent infringement. I don't know what the answer is and I don't have a strong recommendation. The safest thing to do would be to follow the ASF rules for third party software for downloaded software even though it does not reside in the repository. It would be good to have a mentor weigh in on this. I don't think any of us really have the appropriate knowledge to answer this question. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
