Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 676248 - non-free licenses are accepted without user prompt
Summary: non-free licenses are accepted without user prompt
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Profiles (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Licenses team
URL:
Whiteboard:
Keywords:
Depends on: 677756 677800 683898
Blocks:
  Show dependency tree
 
Reported: 2019-01-25 20:03 UTC by Thomas Deutschmann
Modified: 2019-05-23 16:28 UTC (History)
10 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2019-01-25 20:03:13 UTC
While we prompt user to accept EULA licenses, we don't prompt user to accept non-free licenses. Please review current situation if we need to change something due to recent license changes in applications like dev-db/mongodb.

RHEL/Fedora and Debian for example have dropped MongoDB due to that license (see https://www.zdnet.com/article/mongodb-open-source-server-side-public-license-rejected/). While I don't say we should do the same, we should at least prompt user to accept that license so he/she is aware of that special license.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2019-01-25 20:07:58 UTC
I agree that this is a concern that needs to be discussed, my personal opinion is any non Libre/Free Software License should require specific acceptance.
Comment 2 Ulrich Müller gentoo-dev 2019-01-26 08:38:36 UTC
I would be all for it. However, the last time it had been discussed (AFAICS, in 2013), it was shot down quickly: https://archives.gentoo.org/gentoo-project/message/b36af97cdf6172217974a3afb30475bd
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-01-26 08:54:37 UTC
Yes, please bring this to gentoo-bikeshed.  I'm all for it but you need to do it that way.
Comment 4 Hanno Böck gentoo-dev 2019-01-26 08:55:46 UTC
So I think there are really two separate questions here:

    * Does a license like the SSPL deserve any special treatment or should it be treated like any other nonfree license? The special exception in SSPL is for cloud providers offering hosted solutions for MongoDB. This is probably to be considered nonfree (they made some weird attempt to make it look like an "open source" license, but it's imho relatively clear that this is only a trick and it's really a nonfree license). However is it any different from many of the other packages with licenses that forbid this or that, but are generally "free as in beer to use for the normal user" like unrar or whatever?

    * Do we want to have a *default* of free licenses and require explicit user approval of anything nonfree? This would bring us more into the Debian territorry, where they put a lot of value on free license and put all their "nonfree" packages into a separate repo. I would approve such a move (thoug it'd raise some questions, e.g. how to handle crucial packages with nonfree blobs like linux-firmwares), but I have some doubts this will find approval in the larger Gentoo developer community.
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-01-26 09:12:06 UTC
For the record, I believe we shouldn't even allow AGPL* by default (even though it's going to be painful because of silly software like mupdf/mujs).  Anything that requires the user to take special precautions in normal use shouldn't be allowed by default.
Comment 6 Ulrich Müller gentoo-dev 2019-01-26 13:18:09 UTC
(In reply to Michał Górny from comment #5)
> For the record, I believe we shouldn't even allow AGPL* by default (even
> though it's going to be painful because of silly software like mupdf/mujs). 
> Anything that requires the user to take special precautions in normal use
> shouldn't be allowed by default.

Unlike SSPL, AGPL-3 has been approved as a free license by both FSF and OSI, and it fulfils the four essential freedoms. 

I would rather not open that can of worms and deviate from the generally accepted definitions.
Comment 7 Kristian Fiskerstrand gentoo-dev Security 2019-01-26 20:21:22 UTC
(In reply to Ulrich Müller from comment #6)
> 
> I would rather not open that can of worms and deviate from the generally
> accepted definitions.

I agree, although I personally don't like AGPL ,we should make things easier on ourselves and stick to OSI and FSF for the definition.
Comment 8 Kristian Fiskerstrand gentoo-dev Security 2019-01-26 21:11:35 UTC
Issue raised on ML on https://archives.gentoo.org/gentoo-project/message/4dc7170def0d2180b6f1144942bec2d0
Comment 9 Kristian Fiskerstrand gentoo-dev Security 2019-02-11 21:07:34 UTC
In the 2019-02-10 council meeting the following two motions were adopted:

"the default ACCEPT_LICENSE should be ACCEPT_LICENSE="@FREE" (subject to implementation details in further vote)"

and

"The council affirms that the precise settings for the installation media are at the discretion of releng."
Comment 10 Matija "hook" Šuklje 2019-02-15 11:25:21 UTC
Just a short side-note: when storing SSPL, please use the version as well, as on OSI License Review SSPL-2.0 is already under discussion (still very unlikely to be approved as Open Source):

http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2019-January/003933.html

The current MongoDB code is under SSPL-1.0.
Comment 11 Ulrich Müller gentoo-dev 2019-02-15 20:26:12 UTC
(In reply to Matija "hook" Šuklje from comment #10)

It is really off-topic for this bug, but I've renamed SSPL to SSPL-1.
Comment 12 Ulrich Müller gentoo-dev 2019-04-14 20:52:09 UTC
CCing RelEng. Anything from your side that would block changing the default to ACCEPT_LICENSE="@FREE"?
Comment 13 Ulrich Müller gentoo-dev 2019-05-13 07:50:26 UTC
(In reply to Ulrich Müller from comment #12)
> CCing RelEng. Anything from your side that would block changing the default
> to ACCEPT_LICENSE="@FREE"?

As discussed in yesterday's Council meeting, we shall flip the switch on 2019-05-19.

Still, it would be nice to get an ack from RelEng until then.
Comment 14 Rick Farina (Zero_Chaos) gentoo-dev 2019-05-14 14:17:36 UTC
Making the default any license type which doesn't include linux-firmware will result in releng overriding that decision and shipping with a non-default license setting so users can have a working system.  setting a default that doesn't even work for our installation media is nearly entirely pointless.

I support any change that works for the installation media.
Comment 15 Larry the Git Cow gentoo-dev 2019-05-19 19:10:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=03952ef48a413419283960b8f3b887afc8d13fbf

commit 03952ef48a413419283960b8f3b887afc8d13fbf
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-05-19 18:49:12 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-05-19 18:49:12 +0000

    2019-05-19-accept_license: Add news item.
    
    Bug: https://bugs.gentoo.org/676248
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 .../2019-05-19-accept_license.en.txt               | 47 ++++++++++++++++++++++
 1 file changed, 47 insertions(+)
Comment 16 Larry the Git Cow gentoo-dev 2019-05-19 19:10:46 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d82b624db1131d0c392d21c76dbcb084612521be

commit d82b624db1131d0c392d21c76dbcb084612521be
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-05-19 18:43:39 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-05-19 18:43:39 +0000

    profiles: Change ACCEPT_LICENSE default to @FREE.
    
    As decided by the Gentoo Council in its 2019-02-10 meeting:
    'The default ACCEPT_LICENSE should be ACCEPT_LICENSE="@FREE"
    (subject to implementation details in further vote).'
    
    Closes: https://bugs.gentoo.org/676248
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 profiles/base/make.defaults     | 5 +++--
 profiles/embedded/make.defaults | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)
Comment 17 Thomas Deutschmann gentoo-dev Security 2019-05-19 21:13:01 UTC
Profile changes were reverted via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16ffd91a723a52836baa7598ae870e485c75a014 due to user experience concerns:

Only when installing packages with unaccepted licenses you will get prompted to accept missing licenses, for example:

> The following license changes are necessary to proceed:
> (see "package.license" in the portage(5) man page for more details)
> # required by unrar (argument)
> >=app-arch/unrar-5.7.5 unRAR
> Would you like to add these changes to your config files? [Yes/No]

But when you already have installed app-arch/unrar for example which will require unRAR license, you won't receive any updates anymore until you manually accept unRAR license:

> !!! The following installed packages are masked:
> - app-arch/unrar-5.7.5::gentoo (masked by: unRAR license(s))
> A copy of the 'unRAR' license is located at '/var/db/repos/gentoo/licenses/unRAR'.
>
> Nothing to merge; quitting.
Comment 18 Larry the Git Cow gentoo-dev 2019-05-23 16:28:10 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e511ce7d2f3b415ab9f2d3489383acaad1f12dfd

commit e511ce7d2f3b415ab9f2d3489383acaad1f12dfd
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-05-19 18:43:39 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-05-23 16:26:17 +0000

    profiles: Change ACCEPT_LICENSE default to @FREE.
    
    As decided by the Gentoo Council in its 2019-02-10 meeting:
    'The default ACCEPT_LICENSE should be ACCEPT_LICENSE="@FREE"
    (subject to implementation details in further vote).'
    
    Closes: https://bugs.gentoo.org/676248
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 profiles/base/make.defaults     | 5 +++--
 profiles/embedded/make.defaults | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)