On Tue, Mar 3, 2015 at 10:31 AM, Casey McCann wrote:

Yes, although that would require some decision or consensus on what we expect to be able to do with code on Hackage...

My personal minimum expectation would be that anyone can always "cabal install" anything and use it as-is without worrying about licensing. Only when modifying code, writing code that pulls in multiple dependencies, or uploading new code to hackage should licensing issues really need to be considered.

I'd rather that people not have to worry about license issues when uploading new code, either. They're trying to give the community code to use. If they want to attach restrictions on that use, it should be the users problem to comply with those restrictions, not the uploaders problem. At least beyond the permissions implicit in uploading the software in the first place, anyway.

For specific rules I suppose that would be something like requiring that everything can be:

So let's go over your list and see how a few licenses stack up.

- Redistributed unmodified in source form

Pretty much the definition of open source.

- Fetched and used locally with no restrictions

Softare licensed under the AGPL doesn't meet this requirement.

- Built without modification and distributed in binary form with no restrictions beyond attribution and a link to Hackage

Only if "without modification" means you don't use a library built from the software in an application you are planning on distributing. Because if you do so, then your binary is considered a derived work, and is no different from any other modification. If you want the ability to build a library without modification and then distribute a binary that uses it, then all the GPL licenses but the LGPL fail this requirement, and most licenses on the "not compatible with the GPL" list will fail it as well because the usual reason for incompatibility is adding restrictions to such a distribution.

- Used and redistributed under the same license as any code it contains FFI bindings to.

Well, this depends on the license that the FFI code, not the license of the code on hackage. Those are usually the same license, but it's not a requirement. This touches on a problem I have with the current license field. People may want to dual license something, or dual licensing may be required by code they have used in it. But there's no way to indicate dual licensing except to pick otherLicense and then document it a such. For instance, if you incorporate MPL and GPL code, the resulting code should be dual licensed. It'd be nice if the license field in a cabal file could be a list for these cases.

In particular, I'd personally be willing to accept code on Hackage that restricts redistribution with modifications, but probably not any other kind of significantly "non-free" license. I'd also be okay with Hackage rejecting packages that can't be used/redistributed due to conflicting licenses among its dependencies.

The dependency licensing only kicks in on redistribution if you're distributing binaries. Redistributing source doesn't include any form of the dependencies, so their licenses don't matter. An inability to redistribute binaries because of depencency licenses doesn't bother me much, so long as I can still use them. If I want to redistribute such binaries, then I have a number of options. But that should be my problem, and not something that should impact people who don't want to distribute binaries by, for instance, having the software not be available on Hackage.