haikuporter
haikuporter copied to clipboard
haikuports
Include license file for license which requires it's content to be distributed with it's associated ports
Currently we don't include the license file for license which requires it's content to be distributed with our ports. An example of this is the MIT license
This could be seen as a violation of said license
All packages depend on the Haiku package, and the Haiku package includes the licence already (in /system/data/licenses/). Isn't that enough?
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
IANAL, but IMO, for the MIT license, we have a few problems:
- The copyright notice is not included, haikuporter policy requires us to remove "Copyright", "(C)", and email address from
COPYRIGHTvariable - The permission notice is nowhere to be found in the package. Depending on a package that include the said license is not enough, the license requires itself to be included in all copies
- Also, the use of this license requires modifying the first line, which make each one of them a custom one, which in turn, requires us to include them. Distributions like Arch ship a version in all package using it
The COPYRIGHT variable should indeed be kept closer to the original. However, nothing in the MIT licence mentions that the copyright notice and the permission are to be kept together in a single file. So, we don't need to create a custom licence everytime.
We are bending the rules a little by not including the licence text explicitly, but I think that is fine. The licence is clearly indicated in the metadata and it is easy enough to find the full text if needed.
I guess we could already improve a little the way we provide the info about the license. Instead of just providing the metadata, would could also provide symlinks: For packages which have licenses that are available in the haiku package, we could include a symlink from $docDir to the license file provided by the haiku package. HaikuDepot could be taught to display the license of a package when the user clicks a button or chooses to install a package. pkgman could also be taught a "show-license" action and also request acceptance of the licenses if the user prefs do not say he has already accepted that license. What we should avoid, imo, are situations where a user would install some package and later pretend he never accepted the software's license. This can be enforced by requiring that any license acceptance be saved to the user's preferences. Then, in case some author complains about licenses not being respected, we can reply that earcb user gets shown the license(s) and has to accept them to perform the installation.
This sounds quite annoying for licences that are already used in Haiku itself. I would not add any symlinks: it does not solve the issue (the package still does not include the text of the licence), and it clutters the filesystem with useless stuff.
We could re-include the licence text in the package in data/licences if needed.
As for popping the licence and requesting the user to accept it, we should do this only for licences that require it (I'm not aware of any in the packages we have so far, but we can do this with a post-install script).
The problem here is not about the user, it is about ourselves as we are distributing the packages.
You are right. Adding symlinks would clutter the filesystem. But it might be necessary if authors claim we are distributing software without making it clear what licenses apply. Moreover, each package has its distinct $docDir, and I don't think many users go there often.
Regarding the pop-ups, we can avoid that by adding a mechanism allowing the user to manage a pool of licenses he accepts. Any package with a license in this pool could then be installed without any pop-up. And, in case the license was never accepted, a button would allow the user add that license to the pool. This way we can claim that on Haiku no user can pretend he did not accept a license for a software he chose to install. This might be annoying, but imo it's the best way to show we really care about this topic. Nobody will ever dare to sue Haiku if we do that.
Seriously, the only time ever I have to care about reading or accepting a license in Debian is when I have to install proprietary crap like the nvidia binary driver or the Android SDK.
This might be annoying, but imo it's the best way to show we really care about this topic. Nobody will ever dare to sue Haiku if we do that.
Is it? If we are still only putting a symlink to the licence inside the package, technically we still aren't complying with MIT.
It's unlikely people would sue us for this, anyway. But still, either we do care, in which case we ask a lawyer for advice and accept the consequences (such as duplicating the licence text in all packages). Or, we decide to not worry too much about it, and in that case I really don't see the point in asking the user to accept licences we don't even comply with ourselves. We don't get any bonus points for going further than what the licence asks, especially if we don't get the basics right.
-- Adrien.
For the record, Debian keeps the licence in /usr/share/doc/$package/copyright (for ex. lua is MIT and has the file).
Yes, we should have HaikuPorter be able to copy the license text into the package; this should not be a very difficult change to make.
For ports where the original authors request, we can just change the LICENSE= in the recipe to be their license files, renamed to something like REALLICENSENAME-THISPACKAGE and put it into haikuports/yyy-yyy/THISPACKAGE/data Closing this as no new actions are needed, haikuporter already supports using a custom license and can include it into the hpkg when the recipe is written to do so.
