On Mon 11 Sep 2017 13:29, Alex Vong <alexvong1...@gmail.com> writes: >>> Well, from what I know about copyright, that isn't the licence of glibc, >>> which is the sum of all the licences involved, and you'd have to know >>> how to find them if you didn't just unpack the tarball. With pack >>> output in a lot of cases you don't have the information. >> >> Right, ‘guix pack’ makes things more complicated—although I would argue >> that, contrary to Dockerfiles and the like (which nobody seems to >> complain about), Guix makes it easier to do provenance tracking since >> there’s an unambiguous source → binary mapping. >> > Does 'guix pack' currently included the source that uses to build the > pack? Will including the source signaficantly increases the size of the > pack? Or should we add a flag for building a "source pack"?
It does not. Guix's idea of "source" is larger than copyright's idea of source I think -- i.e. the compiler doesn't impose additional copyright concerns on binary products, but it does form part of what Guix considers to be source. More concretely... if this is necessary (and I suspect but don't know that it is,) probably the easiest thing would be for each package to install a copyright file in its output derivations. Then a "guix pack" would include them automatically. It would be good to symlink/dedup common copyright files of course, but that can be a later step. Andy
