The package specifies a GPL-2 license but this is not entirely correct. UPX has its own license [1], which is GPL-2 **with exceptions**. Using modified versions of UPX to pack closed source binaries violates this license. So whether the source is patched during the build needs to be communicated to the user properly so that they are not potentially in violation of the terms of the license. [1] http://upx.sourceforge.net/upx-license.html
(In reply to Gokturk Yuksek from comment #0) > The package specifies a GPL-2 license but this is not entirely correct. > UPX has its own license [1], which is GPL-2 **with exceptions**. Right, we need a "UPX-exception" license file (and add to the @GPL-COMPATIBLE license group). The ebuild needs to have LICENSE="GPL-2+ UPX-exception". > Using modified versions of UPX to pack closed source binaries violates > this license. That's not entirely correct. Using should not be a problem, but _distributing_ such packed binaries will violate the GPL. > whether the source is patched during the build needs to be communicated to > the user properly so that they are not potentially in violation of the terms > of the license. Not entirely sure what would be the best procedure for this. Currently the ebuild does not apply any patches, so I think a notice in the ebuild for the (future) maintainer is enough for now.
(In reply to Ulrich Müller from comment #1) > (In reply to Gokturk Yuksek from comment #0) > > The package specifies a GPL-2 license but this is not entirely correct. > > UPX has its own license [1], which is GPL-2 **with exceptions**. > > Right, we need a "UPX-exception" license file (and add to the > @GPL-COMPATIBLE license group). The ebuild needs to have LICENSE="GPL-2+ > UPX-exception". > > > Using modified versions of UPX to pack closed source binaries violates > > this license. > > That's not entirely correct. Using should not be a problem, but > _distributing_ such packed binaries will violate the GPL. > The license has: "special permission to freely use and distribute" but I'm rarely the expert in the area. I guess as long as you don't distribute, there is no violation of the GPL. > > whether the source is patched during the build needs to be communicated to > > the user properly so that they are not potentially in violation of the terms > > of the license. > > Not entirely sure what would be the best procedure for this. Currently the > ebuild does not apply any patches, so I think a notice in the ebuild for the > (future) maintainer is enough for now. One potential problem is user patches. The wiki[1] provides a bashrc hack to patch any package in the tree. Should we just patch the ebuild now to include the warning in postinst? [1] https://wiki.gentoo.org/wiki//etc/portage/patches#Enabling_.2Fetc.2Fportage.2Fpatches_for_all_ebuilds
commit 94a6cfd (HEAD, master) Merge: 270a0b9 f894cfe Author: Patrice Clement <monsieurp@gentoo.org> Date: Tue Jan 19 08:34:31 2016 +0000 Merge remote-tracking branch 'github/pr/680'. Fixes bug 572060. Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
(In reply to Patrice Clement from comment #3) <mgorny> !proj licenses <willikins> mgorny: (licenses@gentoo.org) bernalex, hanno, robbat2, ulm <mgorny> ^ please double-check https://github.com/gentoo/gentoo/pull/680 [...] <ulm> mgorny: re https://github.com/gentoo/gentoo/pull/680 <ulm> it's fine except that I'd prefer the license to be named "UPX-exception" (with small e) <ulm> to be consistent with what we have elsewhere <ulm> otherwise it's what was discussed in bug 572060
License renamed to "UPX-exception".