[Piuparts-devel] proposal to drop licence compatibility checks from adequate

Serafeim (Serafi) Zanikolas sez at debian.org
Sat Sep 28 18:50:46 BST 2024


[adding -devel, for wider visiblity]

On Sun Sep 8, 2024 at 6:31 PM CEST, Serafeim (Serafi) Zanikolas wrote:
> hi,
>
> I've recently taken over adequate(1) and am considering to drop its license
> compatibility checks, for several reasons:
>
> - unlike 2013, which is when adequate grew this functionality, today many
>   well-funded organizations actively care about license compliance (e.g. see
>   fossology.org), so I'd expect major cases of non-compliance to be noticed
> - afaict in almost 11 years of adequate's existence, only one actual case of
>   non-compliance was found (#749801) [0]
> - the relevant logic is non-trivial, and prone to false positives in the case
>   of binary packages shipping multiple libraries with different licenses; it
>   also hardwires soname/license/version mappings for major libraries (I'd guess
>   as a workaround for the aforementioned issue), which I consider unsustainable
>   from a maintenance PoV
>
> if you feel strongly against this proposal, you're more than welcome to join the
> adequate maintainers team (today, just me) and make your case with code. of
> course you're also welcome to join even if you do agree with the proposal!
>
> thanks,
> serafi
>
> ps. please cc me in replies
>
> [0] I've looked at piuparts and adequate tagged bugs

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/piuparts-devel/attachments/20240928/c65374b8/attachment.sig>


More information about the Piuparts-devel mailing list