From owner-freebsd-ports@freebsd.org Tue Nov 24 21:00:08 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF9EAA361FC for ; Tue, 24 Nov 2015 21:00:08 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E13E21ADB for ; Tue, 24 Nov 2015 21:00:08 +0000 (UTC) (envelope-from marquis@roble.com) Received: from secure.postconf.com (mx5.roble.com [206.40.34.5]) by mx5.roble.com (Postfix) with ESMTP id 5275D6808B for ; Tue, 24 Nov 2015 12:57:23 -0800 (PST) In-Reply-To: <1447947303.654619.444405505.416C0DA0@webmail.messagingengine.com> References: <20151118114839.431a3adf@fabiankeil.de> <1447947303.654619.444405505.416C0DA0@webmail.messagingengine.com> Date: Tue, 24 Nov 2015 12:57:23 -0800 Subject: Re: License info Q From: "Roger Marquis" To: freebsd-ports@freebsd.org Reply-To: marquis@roble.com MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 21:00:09 -0000 Perhaps easier than spending developer resources on administrative metadata perhaps an automated monthly email to port maintainers who have missing or inaccurate LICENSE= data, requesting this variable be added to makefiles and manifests, would improve things? Whatever the means of generating voluntary compliance it would surely help corporate adoption. In our package tree only about 40% of several hundred ports and packages provide any license string. That contrasts with Redhat which has license info for every rpm (on the systems I've tested). Roger Marquis >> > I need to get license info from a batch of ports and packages. >> > >> > Problem is not all the specified ports/pkgs are installed or have license >> > info in their Makefile. Is there a reliable way to enumerate port or >> > package license strings, preferably without fetching a package tarfile? >> >> No. Also note that the "license information" in the Makefiles is often >> misleading[1] and thus not particular useful if you actually care about >> license compliance. >> >> Unfortunately reporting incorrect license information seems to be >> a waste of time so things are unlikely to improve any time soon: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195807 >> >> Fabian > > I spent a *lot* of time trying to correct the BSD licenses to be BSD2 > BSD3 or BSD4CLAUSE. I did an /ok/ job. It was a super pain. My > conclusion is that we need to be very careful getting the licenses > defined correctly, but even then we cannot make any promises they are > correct. You can only license files, not "projects", so a license on a > port should be considered "best effort guidance" and not a promise of > accuracy. > > If you are doing something that actually requires you to get licensing > information correct the only approach is to roll up your sleeves and > look at each software manually. Consider trying to play with Apache RAT > as well which -- rumor has it -- can do a decent job of programmatically > detecting licenses. > > http://blog.feld.me/posts/2014/12/bsd-license-audit/ > >