Ludovic Courtès <l...@gnu.org> writes: >> Well, from what I know about copyright, that isn't the licence of glibc, >> which is the sum of all the licences involved, and you'd have to know >> how to find them if you didn't just unpack the tarball. With pack >> output in a lot of cases you don't have the information. > > Right, ‘guix pack’ makes things more complicated—although I would argue > that, contrary to Dockerfiles and the like (which nobody seems to > complain about),
Well, they should -- I think there should be something from GNU on the topic -- and it's what motivated the Fedora policy to separate %licence. That's supposed to go into containers as I understand it, c.f. %doc, which isn't in spec files. > Guix makes it easier to do provenance tracking since > there’s an unambiguous source → binary mapping. Right, though the binary can be under a subset licence, e.g. when un-shipped tests are under a different licence. > How do Debian and Fedora determine the relevant files to copy? We could > investigate ways to do that, but it won’t scale unless we have a mostly > automated way to do it. The submitter and reviewer have to put the right stuff in the package definition -- %license for Fedora and the copyright file for Debian. That should be checked to first order with licensecheck (automated in the "fedora-review" tool). You might be able to automate cross-checking with Debian and Fedora to some extent. > (It won’t scale to the size of Stackage, CPAN, Pypi, etc. either…) > > Thoughts? I think it has to be got right even if they don't do so. There's plenty imported to Fedora and Debian from those.
