[patch] lincenses warning

newer
Re: ANNOUNCE: GHC 7.10.1 Release...

Francesco Ariis

3 Mar 2015 3 Mar '15

9:58 a.m.

Dear Cabal developers, spurred by this discussion on haskell-cafe [1], I attach a small patch on licence warnings. It: - reverts AllRightsReserved as PackageDistInexcusable, as it was before this commit [2]. Reading the comments in Check.hs, this datatype is for issues which "[are] OK in the author's environment but [are] almost certain to be a portability problems for other environments", which I think it is the case. - adds a PackageDistSuspicious warning on OtherLicense. The text of the warning encourages the developer to choose from licences suggested by the OSI or FSF, if they don't want to use a licence recognised by cabal. Thanks -Francesco [1] http://mail.haskell.org/pipermail/haskell-cafe/2015-February/118411.html [2] https://github.com/haskell/cabal/commit/8d449ba3231445726272eac4dcf7b2b4a550...

Attachments:

license_warnings.patch (text/x-diff — 1.3 KB)

Show replies by date

Gershom B

3 Mar 3 Mar

1:56 p.m.

Thanks for this patch! I've kicked off a discussion with hackage administrators and the haskell committee about the general approach we want to take to the license situation on hackage, and how to properly document our policies. It seems to me that merging this makes sense regardless, but I don't know what others may think? Cheers, Gershom On Tue, Mar 3, 2015 at 9:58 AM, Francesco Ariis wrote:

...

Dear Cabal developers, spurred by this discussion on haskell-cafe [1], I attach a small patch on licence warnings. It:

- reverts AllRightsReserved as PackageDistInexcusable, as it was before this commit [2]. Reading the comments in Check.hs, this datatype is for issues which "[are] OK in the author's environment but [are] almost certain to be a portability problems for other environments", which I think it is the case.

- adds a PackageDistSuspicious warning on OtherLicense. The text of the warning encourages the developer to choose from licences suggested by the OSI or FSF, if they don't want to use a licence recognised by cabal.

Thanks -Francesco

[1] http://mail.haskell.org/pipermail/haskell-cafe/2015-February/118411.html [2] https://github.com/haskell/cabal/commit/8d449ba3231445726272eac4dcf7b2b4a550...

_______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel

Carter Schonwald

7 Mar 7 Mar

12:50 a.m.

i'm very uncomfortable with the "warn on other-license" change. I think theres lots of valid reasons that someone may be using an amended license (eg BSD / MIT plus an explicit patent license grant) that strictly more open/free than any standard OSS license on the planet. Edward Kmett raise the valid point on IRC that by current international treaties, authors no longer need to mark their works "All rights reserved" to protect their copy right, but rather that if no other license is specified, ANY work is by definition all rights reserved! anyways, thats my 2cents for the evening cheers-Carter On Tue, Mar 3, 2015 at 1:56 PM, Gershom B wrote:

...

Thanks for this patch!

I've kicked off a discussion with hackage administrators and the haskell committee about the general approach we want to take to the license situation on hackage, and how to properly document our policies. It seems to me that merging this makes sense regardless, but I don't know what others may think?

Cheers, Gershom

On Tue, Mar 3, 2015 at 9:58 AM, Francesco Ariis wrote:

...
Dear Cabal developers, spurred by this discussion on haskell-cafe [1], I attach a small patch on licence warnings. It:

- reverts AllRightsReserved as PackageDistInexcusable, as it was before this commit [2]. Reading the comments in Check.hs, this datatype is for issues which "[are] OK in the author's environment but [are] almost certain to be a portability problems for other environments", which I think it is the case.

- adds a PackageDistSuspicious warning on OtherLicense. The text of the warning encourages the developer to choose from licences suggested by the OSI or FSF, if they don't want to use a licence recognised by cabal.

Thanks -Francesco

[1] http://mail.haskell.org/pipermail/haskell-cafe/2015-February/118411.html [2] https://github.com/haskell/cabal/commit/8d449ba3231445726272eac4dcf7b2b4a550...

_______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel

_______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel

Gershom B

12:53 a.m.

Well on “other license” it should just warn that it _should be_ an open source license to be uploaded to hackage. That seems fine to me — its an informational message. Also note that we don’t accept packages with no license, just as we don’t accept AllRights licenses. So yes, the “no license” fact is true, but irrelevant. —g On March 7, 2015 at 12:50:39 AM, Carter Schonwald (carter.schonwald@gmail.com) wrote:

...

i'm very uncomfortable with the "warn on other-license" change. I think theres lots of valid reasons that someone may be using an amended license (eg BSD / MIT plus an explicit patent license grant) that strictly more open/free than any standard OSS license on the planet.

Edward Kmett raise the valid point on IRC that by current international treaties, authors no longer need to mark their works "All rights reserved" to protect their copy right, but rather that if no other license is specified, ANY work is by definition all rights reserved!

anyways, thats my 2cents for the evening

cheers-Carter

On Tue, Mar 3, 2015 at 1:56 PM, Gershom B wrote:

...
Thanks for this patch!

I've kicked off a discussion with hackage administrators and the haskell committee about the general approach we want to take to the license situation on hackage, and how to properly document our policies. It seems to me that merging this makes sense regardless, but I don't know what others may think?

Cheers, Gershom

On Tue, Mar 3, 2015 at 9:58 AM, Francesco Ariis wrote:

...
Dear Cabal developers, spurred by this discussion on haskell-cafe [1], I attach a small patch on licence warnings. It:

- reverts AllRightsReserved as PackageDistInexcusable, as it was before this commit [2]. Reading the comments in Check.hs, this datatype is for issues which "[are] OK in the author's environment but [are] almost certain to be a portability problems for other environments", which I think it is the case.

- adds a PackageDistSuspicious warning on OtherLicense. The text of the warning encourages the developer to choose from licences suggested by the OSI or FSF, if they don't want to use a licence recognised by cabal.

Thanks -Francesco

[1] http://mail.haskell.org/pipermail/haskell-cafe/2015-February/118411.html [2] https://github.com/haskell/cabal/commit/8d449ba3231445726272eac4dcf7b2b4a550...

_______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel

_______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel

Francesco Ariis

3:43 p.m.

On Sat, Mar 07, 2015 at 12:50:19AM -0500, Carter Schonwald wrote:

...

i'm very uncomfortable with the "warn on other-license" change. I think theres lots of valid reasons that someone may be using an amended license (eg BSD / MIT plus an explicit patent license grant) that strictly more open/free than any standard OSS license on the planet.

I had a brief chat with dcoutts on freenode/#hackage, he informed me he would rather have the AllRightsReserved patch on hackage-server (and only in the public server branch) rather than cabal. dcoutts also expressed similar objections on OtherLicense's warning (on the ground that dual licensing isn't supported by cabal yet, a a legitimate usage of OtherLicense). My view is that, with an expressive enough License datatype which covers an ample portion of usages, the warning could still be pragmatically useful ("do you really have a reason to draft a new document when there is probably something tried and tested out there which could do for your case?"). Thanks for sharing your opinion!

Carter Schonwald

8 Mar 8 Mar

1:19 p.m.

there will never be an expressive enough licenses datatype. Law is complicated and fluid and changing. Period. On Sat, Mar 7, 2015 at 3:43 PM, Francesco Ariis wrote:

...

On Sat, Mar 07, 2015 at 12:50:19AM -0500, Carter Schonwald wrote:

...
i'm very uncomfortable with the "warn on other-license" change. I think theres lots of valid reasons that someone may be using an amended license (eg BSD / MIT plus an explicit patent license grant) that strictly more open/free than any standard OSS license on the planet.

I had a brief chat with dcoutts on freenode/#hackage, he informed me he would rather have the AllRightsReserved patch on hackage-server (and only in the public server branch) rather than cabal.

dcoutts also expressed similar objections on OtherLicense's warning (on the ground that dual licensing isn't supported by cabal yet, a a legitimate usage of OtherLicense).

My view is that, with an expressive enough License datatype which covers an ample portion of usages, the warning could still be pragmatically useful ("do you really have a reason to draft a new document when there is probably something tried and tested out there which could do for your case?").

Thanks for sharing your opinion! _______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel

Francesco Ariis

4:32 p.m.

On Sun, Mar 08, 2015 at 01:19:34PM -0400, Carter Schonwald wrote:

...

On Sat, Mar 7, 2015 at 3:43 PM, Francesco Ariis wrote:

...
My view is that, with an expressive enough License datatype which covers an ample portion of usages, the warning could still be pragmatically useful ("do you really have a reason to draft a new document when there is probably something tried and tested out there which could do for your case?").

there will never be an expressive enough licenses datatype. Law is complicated and fluid and changing. Period.

Well, I ran a little test on the index of packages [1], to check the most popular licences there and see how widespread is the use of OtherLicense. BSD3 5007 MIT 976 GPL 460 OtherLicense 307 GPL-3 286 PublicDomain 199 LGPL 145 GPL-2 81 Apache-2.0 53 LGPL-3 51 LGPL-2.1 49 parse-error 43 none 36 BSD2 23 AGPL-3 21 BSD3 8 BSD4 5 OtherLicense 3 Apache License, Version 2.0 3 LGPL-2 2 <Misc> 13 Parsing was extremely crude, but enough to conclude that OtherLicense amounts to less than 4% of the total amount of packages (7771). If we find a way to deal with dual licences and add some missing licences to Cabal (e.g. Artistic License 2), the Licence datatype will cover 99%+ of usage, which is expressive enough in my opinion (and it's not we cannot add more stuff as new licenses pop up). [1] https://hackage.haskell.org/packages/index.tar.gz

Carter Schonwald

8:58 p.m.

sure, my point is that there no universe where we wont HAVE to have an "otherlicense" option (ie, we MUST always have that escape hatch) likewise, i dont understand the dual license point. Could you explain a bit more? At the end of the day, auditing the licensing/intellectual property status of ones codebase/dependencies is subtle enough that i'm going to stay skeptical of any process that doesn't require human thought at the end of the line. For no other reason than its an insanely complicated topic. the law is about corner cases, "99%" is not a very good coverage. :) that said, i'm happy that someone is spending time thinking about this stuff, i'm just gonna try to push back on some anything which i think over reaches or veers into positing a legal opinion :) cheers! -Carter

3725

Age (days ago)

3731

Last active (days ago)

List overview

Download

7 comments

3 participants

participants (3)

Carter Schonwald
Francesco Ariis
Gershom B

[patch] lincenses warning

tags

participants (3)