LEGAL is badly maintained, LEGALlint notices quite a number of ports
which mismatch their line in LEGAL.
Details
Details
Diff Detail
Diff Detail
- Repository
- R11 FreeBSD ports repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Did you check that for each port in LEGAL, the port has a license that disallows dist-mirror?
Comment Actions
No, this was just about removing LEGAL itself. Must all mentions ports disalow dist-mirror?
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
| dist-mirror.txt | ||
|---|---|---|
| 1 ↗ | (On Diff #88740) | Mmmm, this does not seems right: ❯ make -C emulators/atari800/ debug-license ===> License GPLv2 ROM accepted by the user ===> License does not allow mirroring distribution files ===> License does not allow selling distribution files ===> License does not allow mirroring pre-build packages ===> License does not allow selling pre-build packages ===> License allows being auto-accepted |
| dist-mirror.txt | ||
|---|---|---|
| 1 ↗ | (On Diff #88740) | Hmm, so it skipped the ROM part? I didn't know about debug-license though, might be interesting to do a run of the LEGAL ports on that target too. |
| ports-mgmt/portlint/src/portlint.pl | ||
|---|---|---|
| 3451–3452 | This should more like error out saying "DON'T USE THAT, USE THE LICENSE FRAMEWORK" ;-) | |
| dist-mirror.txt | ||
|---|---|---|
| 1 ↗ | (On Diff #88740) | The good thing with debug-license is that it will tell you what the final license permissions of the port are, it will already have processed them depending on what LICENSE_COMB says. |
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
- checklicense.sh: rework to parse debug-license [1]
- dist-mirror: regenerate after new checklicense.sh and ports rebase.
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
- checklicense.sh: rework to parse debug-license [1]
- dist-mirror: regenerate after new checklicense.sh and ports rebase.
- Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
- Regenerate dist-mirror.txt
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
- checklicense.sh: rework to parse debug-license [1]
- dist-mirror: regenerate after new checklicense.sh and ports rebase.
- Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
- Regenerate dist-mirror.txt
- Tools/scripts/checklicense.sh: anonimize an unused variable.
- Tools/scripts/checklicense.sh: check against LICENSE_DISTFILES_* ...
- dist-mirror.txt: regenerate
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
- checklicense.sh: rework to parse debug-license [1]
- dist-mirror: regenerate after new checklicense.sh and ports rebase.
- Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
- Regenerate dist-mirror.txt
- Tools/scripts/checklicense.sh: anonimize an unused variable.
- math/giacxcas: restrict RESTRICTED_FILES to giac_* only
- dist-mirror.txt: regenerate
Comment Actions
Some more findings:
OK, restrictions only (correctly) in non-default cases:
- security/vpnc -> RESTRICTED_FILES= /LEGAL -> vpnc-* -> only if OPENSSL option is set
false positive?
- audio/linuxsampler -> RESTRICTED_FILES= /LEGAL -> linuxsampler-*
- biology/clustalw -> RESTRICTED_FILES= /LEGAL -> clustalw-*
- cad/gmsh -> RESTRICTED_FILES= /LEGAL -> gmsh-*
- java/java3d -> RESTRICTED_FILES= /LEGAL -> java3d-sdk-*-linux-i386* (LEGAL says "no distribution" but LICENSE is BSD2CLAUSE GPLv2)
- mail/ezmlm-idx -> RESTRICTED_FILES= /LEGAL -> ezmlm-* (LEGAL: djb, LICENSE: GPLv2)
- math/tetgen -> RESTRICTED_FILES= /LEGAL -> taetgen-* (LEGAL: acedemic/personal use only, LICENSE: AGPLv3, source: AGPLv3 or commercial license)
cannot set RESTRICTED_FILES because port has dist-mirror:
- archivers/lha -> RESTRICTED_FILES= /LEGAL -> lha-114i.tar.gz (needs fix?)
- devel/raknet -> RESTRICTED_FILES= /LEGAL -> RakNet-* (special exception for FreeBSD, works as intended)
- dns/djbdns -> RESTRICTED_FILES= /LEGAL -> djbdns* (djb, works as intended)
- editors/komodo-edit -> RESTRICTED_FILES= /LEGAL -> komodo-* (LEGAL says "No distribution allowed", so no dist-mirror/dist-sell, but online EULA does not mention that)
- japanese/font-ricty -> RESTRICTED_FILES= /LEGAL -> ricty-* (LEGAL says "Redistribution not allowed", so no dist-mirror/dist-sell, but online license is fine with that)
- mail/ezmlm -> RESTRICTED_FILES= /LEGAL -> ezmlm-* (djb, works as intended)
- mail/qtools -> RESTRICTED_FILES= /LEGAL -> qtools-* (djb, works as intended)
- mail/serialmail -> RESTRICTED_FILES= /LEGAL -> serialmail-* (djb, works as intended)
- math/djbfft -> RESTRICTED_FILES= /LEGAL -> djbfft-* (djb, works as intended)
- net/zerotier -> RESTRICTED_FILES= /LEGAL -> zerotier-* (needs fix?)
Comment Actions
Ports not mentioned in the last comment are either mentioned in LEGAL but do not have dist-mirror set or are mentioned in LEGAL and have matching output in $(make -V RESTRICTED_FILES)
Comment Actions
we should do this. years ago I spent some time making sure that LEGAL and various ports matched in prep for removing this file. In practice, its poorly maintained and the ports are canonical
Comment Actions
So I think only archivers/lha and net/zerotier need to be adjusted?
- archivers/lha (dinoex@) : remove dist-* from LICENSE_PERMS= dist-mirror dist-sell auto-accept ? Although pkg-mirror and pkg-sell are already excluded.
- net/zerotier (dch@): "no SaaS or government use" according to LEGAL, but our license framework cannot encode this.
Comment Actions
I'm not entirely clear what I'm being asked to do here, but:
- net/zerotier has a clear pkg-message explaining the license details
- in practical terms, unless you're setting up a direct competitor to zerotier-as-a-service this is an ALV2 license
and from that perspective, this output makes sense:
make -C net/zerotier debug-license ===> License BUSINESS MIT PD accepted by the user ===> License allows mirroring distribution files ===> License allows selling distribution files ===> License allows mirroring pre-built packages ===> License allows selling pre-build packages ===> License allows being auto-accepted
Comment Actions
Mostly give your opinion as maintainer of zerotier :)
- net/zerotier has a clear pkg-message explaining the license details
- in practical terms, unless you're setting up a direct competitor to zerotier-as-a-service this is an ALV2 license
and from that perspective, this output makes sense:
make -C net/zerotier debug-license ===> License BUSINESS MIT PD accepted by the user ===> License allows mirroring distribution files ===> License allows selling distribution files ===> License allows mirroring pre-built packages ===> License allows selling pre-build packages ===> License allows being auto-accepted
OK, so nothing needs to be done here.
| ports-mgmt/portlint/src/portlint.pl | ||
|---|---|---|
| 3451–3452 | I'm not sure we should have a warning like this unless there's an action. Since they wouldn't need to touch LEGAL anymore, I think we can leave this whole block out. | |
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
- checklicense.sh: rework to parse debug-license [1]
- dist-mirror: regenerate after new checklicense.sh and ports rebase.
- Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
- Regenerate dist-mirror.txt
- Tools/scripts/checklicense.sh: anonimize an unused variable.
- math/giacxcas: restrict RESTRICTED_FILES to giac_* only
- dist-mirror.txt: regenerate
- ports-mgmt/portlint: remove the entire former LEGAL block.
Comment Actions
Looks good from a portlint standpoint. I can commit this to my local repo, and then update portlint when ready.
Comment Actions
Sure, if that is easier for you. I think this review is mostly ready to land, @mat ?
Comment Actions
- Add list of ports with dist-mirror in their license.
- Make temporary script executable.
- Allow to pass LEGAL as a parameter to checklicense.sh
- Regenerate dist-mirror.txt after D30010
- checklicense.sh: rework to parse debug-license [1]
- dist-mirror: regenerate after new checklicense.sh and ports rebase.
- Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
- Regenerate dist-mirror.txt
- Tools/scripts/checklicense.sh: anonimize an unused variable.
- math/giacxcas: restrict RESTRICTED_FILES to giac_* only
- dist-mirror.txt: regenerate
- ports-mgmt/portlint: remove the entire former LEGAL block.
- cleanup: remove temporary files used for analysis.