public inbox for cygwin-licensing@cygwin.com
 help / color / mirror / Atom feed
From: Luke Kendall <luke.kendall@cisra.canon.com.au>
To: <cygwin-licensing@cygwin.com>
Cc: <audit-mail-disclaimer@cisra.canon.com.au>
Subject: Cygwin license check
Date: Thu, 11 Aug 2011 07:30:00 -0000	[thread overview]
Message-ID: <4E43223A.2020804@cisra.canon.com.au> (raw)

It's taken me three years to find the time, but I've finally gotten 
around to writing a script to make the regular checking of the licenses 
in the almost-2000 Cygwin packages a feasible task.

This email is just to ask for a sanity check of what I'm doing. I don't 
think there is any shortcut for companies who wish to be very careful to
legally review the Cygwin licenses.

The difficulties I see in checking the Cygwin licenses are these:

1) There is no single umbrella license or legal statement, just a
    collection of software packages, with one or more licenses included
    in each package.
2) There is no complete and explicit list of licenses.
3) There is no copy of, nor pointer to, all the licenses.
4) No checking of license compatibility has been provided.
5) There is no statement that every package even has a license.
6) There is no statement about what legal processes are followed to
    ensure that each contributed package meets Cygwin's license
    requirements (e.g. a license is included, copyright is clear, license
    is compatible with Cygwin's overall license).  There is just a
    statement in http://cygwin.com/setup.html recommending to include
    documentation like "copyright licence" [if you have it].
    Perhaps this is addressed indirectly by requiring packages to already
    be accepted in "a major Linux distribution"?

I also note that the topic has not been discussed on the Cygwin license
list after I asked about checking the licenses, on Fri, 02 Oct 2009.

I also appreciate that Cygwin is put together on a volunteer basis, and 
no one actively manages the legal license situation.  If anyone is 
interested in discussing that, I have some ideas about lightweight 
processes for making the downstream checking work easier for users.


Anyway, the main task of my script is to actually *find* all the
licenses and distil them down into a set of license files with
repetitions removed.

Some years ago, Corinna kindly told me that:

 > A list of licenses used in Cygwin packages is in the cygwin-docs
 > package, plus, every package with a non-standard license typically
 > provides it under /usr/share/doc/<packagename>.  However, there's no
 > guarantee that the list is complete.

But I noticed that in the cygwin-doc package, there seems to be no
list of licenses.  There are lots of man pages, a few files under
usr/share, but I couldn't find a list of licenses, except this comment
in usr/share/info/cygwin-ug-net.info.gz:

   Are the Cygwin tools free software?Yes. Parts are GNU software
   (gcc, gas, ld, etc.), parts are covered by the standard
   X11 license, some of it is public domain, some of it was written
   by Red Hat and placed under the GNU General Public License (GPL).
   None of it is shareware. You don't have to pay anyone to
   use it but you should be sure to read the copyright section of
   the FAQ for more information on how the GNU GPL may affect your
   use of these tools.

This is also what is said, perhaps more succinctly, at
http://www.cygwin.com/licensing.html:
"Most of the tools are covered by the GNU GPL, some are public domain,
and others have a X11 style license."

If that's what Corinna was referring to, IMHO it's no help at all from
the point of view of a legal check, since it only makes a statement
about the licenses of an unspecified subset of packages.  So legally, it
means every package must be examined to find all the licenses that apply.

So, it seems that there is no shortcut, and I'm now finishing my script
to automate as much of the work as possible.  I'm at the stage now where
I can use the script to help me quickly find the license in each
package.  At about 2 mins per package, I calculate I now have roughly
3,600 minutes of work ahead of me. :-(

Regards,

luke


                 reply	other threads:[~2011-08-11  7:30 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E43223A.2020804@cisra.canon.com.au \
    --to=luke.kendall@cisra.canon.com.au \
    --cc=audit-mail-disclaimer@cisra.canon.com.au \
    --cc=cygwin-licensing@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).