On Wed, 29 May 2024 at 07:34, Alexander Kanavin <alex.kana...@gmail.com> wrote:
> On Wed, 29 May 2024 at 13:18, Stephen John Smoogen via > lists.yoctoproject.org <smooge=gmail....@lists.yoctoproject.org> > wrote: > > I wanted to bring up a nuance because you are saying 'GPL based > library'. There are several different GPL licenses which need to be > evaluated when linking to. The lawyers at Bosch can give the best advice, > but this following rule of thumb may be useful: > > Linking to licenses with AGPL -> must be a compatible source license > (aka source must be available and modifiable by user) and must meet > additional requirements for delivery > > Linking to licenses with GPL -> must be a compatible source license (aka > source must be available and modifiable by user) > > Linking to licenses with LGPL -> can be a closed source library in many > cases. [again get a lawyer's review] > > > > Then there are the GPL and LGPL with exception licenses. Those > exceptions might be something 'slight' so that licenses incompatibilities > between the OpenSSL or Apache can be still 'excepted' for use. And then > there are the exceptions which basically allow any closed source to link > against it. Those need a lawyer's review. There are also differences > between version 2 and version 3 of the licenses that again need lawyer's > advice. > > > > On many Linux operating systems the libc is based off of glibc which is > LGPL2+ with exceptions and GPL2+ with exceptions for various binaries. > Other libraries that are in common use may also be. There are also example > layer's like the one that Etienne Cordonnier brought up which can help cut > down potential conflicts. > > > > And my apologies for bringing up 'lawyers review' so much. Various parts > of Bosch have worked in this space for a long time so I figured there was a > dedicated counsel who can help guide engineering projects through GPL and > other license linking and compliance. > > > > The question was how to figure out programmatically what actually > links with gpl pieces without doing a laborious manual review of every > component in the product. And doing it at the yocto integration point > Yes, I misread the intent of the original question and went on a tangent. I have had several times had to explain the differentiation because people try to remove all GPL without understanding that LGPL can be used for most things. I should have reread and engaged only after that. > where the problem is introduced, and not after the fact in legal > review where the cost of correcting that mistake is going to be 10x or > 100x. > > Sounds like this could be a test in package_qa task? I'm not aware of > anything in oe-core that does it, but experiments in that direction > welcome. > > Alex > -- Stephen J Smoogen. Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#63226): https://lists.yoctoproject.org/g/yocto/message/63226 Mute This Topic: https://lists.yoctoproject.org/mt/106365537/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
