[ On Thursday, June 14, 2001 at 23:01:46 (+0100), Alistair Crooks wrote: ]
> Subject: Re: pkgsrc license issues (was: security/ssh vs distfiles/vulnerabilities)
>
> If you can provide an alternative framework to alert the person who
> installs the package to the "non-standard" licence, then I'm all for
> it.  If it's merely a copout "I don't care what the licence says",
> then, most definitely, I'm not.

What "alerts" do you feel are necessary?

Legally speaking only these bits of information, as I've detailed
previously, are actually necessary for pkgsrc, at least for freely
available software:

	1. can the distfile be redistributed for free (anon ftp)?

	2. can the distfile be redistributed in a for-profit
           compllective work (CD-ROM)?

	3. can the binary package be redistributed for free?

	4. can the binary package be redistributed in a for-profit
           collective work?

(often #4 follows from #2, though I guess that's not guaranteed.  In any
case they could be safely combined to make things a bit simpler to
figure out and manage as you'll see below)

Software that is not freely available can be trivially handled by a
private "do-fetch" target in the pkgsrc Makefile, and obviously none of
it can be redistributed in any way (yes, there are exceptions where the
binary can be redistributed but the source cannot, but I don't see
enough of them to warrant any automated handling).

The last remaining issue is that of restricted software (eg. crypto).

Conveniently _all_ of these issues are already dealt with cleanly and
simply in the original FreeBSD "ports" system:

 # Set these if your port should not be built under certain circumstances.
 # These are string variables; you should set them to the reason why
 # they are necessary.
 #
 # RESTRICTED    - Port is restricted (e.g., contains cryptography, etc.).
 # NO_CDROM      - Port may not go on CDROM.
 # NO_PACKAGE    - Port should not be packaged but distfiles can be put on
 #                 ftp sites and CDROMs.
 #
[[ ... non-license related restrictions deleted ... ]]
 #
 # In addition to RESTRICTED or NO_CDROM, if only a subset of distfiles
 # or patchfiles have redistribution restrictions, set the following
 # to the list of such files.
 #
 # RESTRICTED_FILES - List of files that cannot be redistributed
 #                    (default: "${DISTFILES} ${PATCHFILES}" if RESTRICTED
 #                    or NO_CDROM is set, empty otherwise).
 #

I think it would be very wise for NetBSD pkgsrc follow their lead and
maintain strict compatability with the above features.

I do not see (and have not read) any valid reason to provide the hooks
that would be necessary for someone to avoid a given license or group of
licenses because of political or other personal reasons (eg. wanting to
avoid ever using any GPL'ed stuff).  People with such persuasions
probably won't trust the pkgsrc declarations anyway and will want to
read the license for themselves.  If they're going to do that anyway
then they can learn to do "make extract" first, then read the actual
license, and decide for themselves at that point whether to install the
package or just run "make clean".

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>