[Piuparts-devel] proposal to drop licence compatibility checks from adequate
Serafeim (Serafi) Zanikolas
sez at debian.org
Sun Sep 8 17:31:10 BST 2024
hi,
I've recently taken over adequate(1) and am considering to drop its license
compatibility checks, for several reasons:
- unlike 2013, which is when adequate grew this functionality, today many
well-funded organizations actively care about license compliance (e.g. see
fossology.org), so I'd expect major cases of non-compliance to be noticed
- afaict in almost 11 years of adequate's existence, only one actual case of
non-compliance was found (#749801) [0]
- the relevant logic is non-trivial, and prone to false positives in the case
of binary packages shipping multiple libraries with different licenses; it
also hardwires soname/license/version mappings for major libraries (I'd guess
as a workaround for the aforementioned issue), which I consider unsustainable
from a maintenance PoV
if you feel strongly against this proposal, you're more than welcome to join the
adequate maintainers team (today, just me) and make your case with code. of
course you're also welcome to join even if you do agree with the proposal!
thanks,
serafi
ps. please cc me in replies
[0] I've looked at piuparts and adequate tagged bugs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/piuparts-devel/attachments/20240908/50d799b6/attachment.sig>
More information about the Piuparts-devel
mailing list