Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 687018 - dev-cpp/sourcetrail license violation
Summary: dev-cpp/sourcetrail license violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal critical
Assignee: David Hallas
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks: 687024 687014
  Show dependency tree
 
Reported: 2019-05-30 15:55 UTC by Jonas Stein
Modified: 2019-06-01 08:16 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jonas Stein gentoo-dev 2019-05-30 15:55:49 UTC
If we mirror software, we do not know who will access it. It could be a commercial or noncommercial user.
Sourcetrail does not grant the right to mirror or distribute the software.
Comment 1 Jonas Stein gentoo-dev 2019-05-30 16:24:09 UTC
the tar ball also distributes files with licenses not listed in LICENSE=
Comment 2 Ulrich Müller gentoo-dev 2019-05-30 16:37:12 UTC
Specifically, in section 3: "LICENSEE and AUTHORIZED USER(s) will not, and will have no right to: [...] sell, rent, lease, distribute, or otherwise transfer rights to the SOFTWARE without prior written consent from LICENSOR". That means that we simply cannot distribute it, neither commercial nor noncommercial.

So the ebuild will need RESTRICT="mirror bindist". (Basically, every license in @EULA requires that, because we cannot ask mirror admins to accept anything.)

I also wonder about the LICENSE variable, looks like the ebuild installs some bundled Qt libs, but I don't see any documentation that would require FDL-1.3. That's a minor issue, though.
Comment 3 David Hallas 2019-05-31 04:40:24 UTC
Thanks for the bug report! When I initially made the PR for this ebuild we had the same discussion :D

So, what is the way forward? Should I set RESTRICT="mirror bindist" and add all the licenses from the bundled packages, also for the ones that the ebuild removes upon installation?
Comment 4 Ulrich Müller gentoo-dev 2019-05-31 08:27:29 UTC
(In reply to David Hallas from comment #3)
> So, what is the way forward? Should I set RESTRICT="mirror bindist"

Yes, please.

> and add all the licenses from the bundled packages, also for the ones
> that the ebuild removes upon installation?

Only for those files that are being installed (which is only Qt, except for its documentation?).
Comment 5 David Hallas 2019-06-01 06:36:58 UTC
(In reply to Ulrich Müller from comment #4)
> (In reply to David Hallas from comment #3)
> > So, what is the way forward? Should I set RESTRICT="mirror bindist"
> 
> Yes, please.
> 
> > and add all the licenses from the bundled packages, also for the ones
> > that the ebuild removes upon installation?
> 
> Only for those files that are being installed (which is only Qt, except for
> its documentation?).

Hi Ulrich,

I just checked the ebuilds again and we do actually list the license of the two packages that is being installed (besides Sourcetrail itself). We install Qt and icu and the license of those packages are listed in the ebuild, so shouldn't we be ok there? Here is the license line from the build:

LICENSE="Sourcetrail || ( GPL-2 GPL-3 LGPL-3 ) FDL-1.3 BSD"

I have created a PR with the addition of the RESTRICT keyword, let me know if there are other issues I need to fix.

And thanks for helping sorting this out :D
Comment 6 Ulrich Müller gentoo-dev 2019-06-01 08:02:12 UTC
(In reply to David Hallas from comment #5)
> I just checked the ebuilds again and we do actually list the license of the
> two packages that is being installed (besides Sourcetrail itself). We
> install Qt and icu and the license of those packages are listed in the
> ebuild, so shouldn't we be ok there? Here is the license line from the build:
> 
> LICENSE="Sourcetrail || ( GPL-2 GPL-3 LGPL-3 ) FDL-1.3 BSD"

The ebuild doesn't install whole packages, but only some libraries from them. Especially it doesn't install any files that are licensed FDL-1.3, so that one should be omitted:

LICENSE="Sourcetrail || ( GPL-2 GPL-3 LGPL-3 ) BSD"
Comment 7 David Hallas 2019-06-01 08:05:02 UTC
(In reply to Ulrich Müller from comment #6)
> (In reply to David Hallas from comment #5)
> > I just checked the ebuilds again and we do actually list the license of the
> > two packages that is being installed (besides Sourcetrail itself). We
> > install Qt and icu and the license of those packages are listed in the
> > ebuild, so shouldn't we be ok there? Here is the license line from the build:
> > 
> > LICENSE="Sourcetrail || ( GPL-2 GPL-3 LGPL-3 ) FDL-1.3 BSD"
> 
> The ebuild doesn't install whole packages, but only some libraries from
> them. Especially it doesn't install any files that are licensed FDL-1.3, so
> that one should be omitted:
> 
> LICENSE="Sourcetrail || ( GPL-2 GPL-3 LGPL-3 ) BSD"

Make sense - I have just updated the PR with this change as well. Thanks for the quick reply!
Comment 8 Larry the Git Cow gentoo-dev 2019-06-01 08:16:22 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab9454d813250a5be90de81260c776c536debfcf

commit ab9454d813250a5be90de81260c776c536debfcf
Author:     David Hallas <david@davidhallas.dk>
AuthorDate: 2019-06-01 06:30:24 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-06-01 08:15:51 +0000

    dev-cpp/sourcetrail Add RESTRICT to prohibit mirroring
    
    Add RESTRICT keyword so that we do not mirror the tarballs because of
    license issues. Also remove FDL license since the ebuild doesn't install
    any files with that license.
    
    Closes: https://bugs.gentoo.org/687018
    Signed-off-by: David Hallas <david@davidhallas.dk>
    Closes: https://github.com/gentoo/gentoo/pull/12145
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-cpp/sourcetrail/sourcetrail-2018.3.55-r1.ebuild | 3 ++-
 dev-cpp/sourcetrail/sourcetrail-2019.1.11.ebuild    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)