• proposal to drop licence compatibility checks from adequate

    From Serafeim (Serafi) Zanikolas@21:1/5 to All on Sun Sep 8 18:40:01 2024
    --c6776ddb39584de16bfbead976969d7f45f3bfe95bb33d6097e0bf0b72ba Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain; charset=UTF-8

    hi,

    I've recently taken over adequate(1) and am considering to drop its license compatibility checks, for several reasons:

    - unlike 2013, which is when adequate grew this functionality, today many
    well-funded organizations actively care about license compliance (e.g. see
    fossology.org), so I'd expect major cases of non-compliance to be noticed
    - afaict in almost 11 years of adequate's existence, only one actual case of
    non-compliance was found (#749801) [0]
    - the relevant logic is non-trivial, and prone to false positives in the case
    of binary packages shipping multiple libraries with different licenses; it
    also hardwires soname/license/version mappings for major libraries (I'd guess
    as a workaround for the aforementioned issue), which I consider unsustainable
    from a maintenance PoV

    if you feel strongly against this proposal, you're more than welcome to join the
    adequate maintainers team (today, just me) and make your case with code. of course you're also welcome to join even if you do agree with the proposal!

    thanks,
    serafi

    ps. please cc me in replies

    [0] I've looked at piuparts and adequate tagged bugs

    --c6776ddb39584de16bfbead976969d7f45f3bfe95bb33d6097e0bf0b72ba
    Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmbd0U4ACgkQT59tVQ7W Eiqrfg/7BqxiM0iuyMv5vEdnqYY2RPVfMCaxqKJqGqyL5B3PDofpRMAGWfmxWLdp Bs4KFkYAxbHuqx+UeIPf9vZXIgd+2lrl8/Q5I+Q0pLXVw7uuG7ZLYunMUu5zN5rb R9AXyqByWyKnNBE+EumcD1rug9Pj3kNMu3NdPKN8UWRtTHWt3k9qd7ajWjnEGqtA eTvdbX2wSP9oQbz+AqvyegqvOE3giDOOLDoo4YWzMsvY8TLAwvzHB4+sFS0dKKqA wM9znhxYubvEHEHbgTSMON47jHh/rfNlLliS1pxoWzj4nT5IyX0keM7+ea73grZH snOEweHyAoEyNm8oQDaYlnMBZie2RxAeruTiuoYw50Jtp5ZjCuivAWPpYdP4K7lG 5sIeic4tk2jopCJgWQNtRIuIawzwg+4XlmQhR1sLSFJQ43+9dOC1WqHW5t0Wrfli ftGnjHord3WWX7Tm/Cm7CGnFyHA9G0YmHc3mAKsU1Obnyz3KiLuDsjFtga9Q7X2N gMafAb2Rvb8bQDOfINy83Zff/kextrM5fIJcoaY5bX/qHzNbe2iLmbdVU7z/wFha 5yBMK0fOAHYRYf5dWPAzVvYiwm+AU8Fd62VNf8VoZoDUptIcELRfkqmkCM0QrX/2 4jsJwZ5IaFEKrKZRnvHi80AFD5nBVoU8hE4rD/GNiGTzjjFwSjM=x7L7
    -----END PGP SIGNATURE-----

    --c6776ddb39584de16bfbead976969d7f45f3bfe95bb33d6097e0bf0b72ba--

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)