Hi, Alex Griffin <a...@ajgrf.com> skribis:
> On Wed, Aug 3, 2016, at 03:42 PM, Ludovic Courtès wrote: >> However, in Guix we encode such cases as ‘gpl3+’ (or similar), rather >> than ‘gpl1+’. > > That seems wrong and confusing. Strictly speaking it’s wrong, but I think it better reflects the intent of the authors (I think authors who throw a GPLv3 ‘COPYING’ file without bothering to add file headers probably think that GPLv3 and maybe later versions apply, but not previous versions.) > It means that if I'm writing a GPLv2 program, for example, then I > cannot rely on Guix to search for legally compatible libraries to > use. It also means we cannot implement a tool to automatically flag > Guix package dependencies for possible license violations. I suppose many package violations could be detected using Guix, but you’re right that subtle cases like this one can go undetected. In the end, we’re talking about legal documents whose interpretation isn’t as formal as we would like. So I suspect that no single tool can provide what you want—there is no “license calculus”. Tools like Fossology go a long way, but AFAIK they are no substitute for proper manual auditing. Thanks, Ludo’.
