public inbox for
 help / color / mirror / Atom feed
* Cygwin license check
@ 2011-08-11  7:30 Luke Kendall
  0 siblings, 0 replies; only message in thread
From: Luke Kendall @ 2011-08-11  7:30 UTC (permalink / raw)
  To: cygwin-licensing; +Cc: audit-mail-disclaimer

It's taken me three years to find the time, but I've finally gotten 
around to writing a script to make the regular checking of the licenses 
in the almost-2000 Cygwin packages a feasible task.

This email is just to ask for a sanity check of what I'm doing. I don't 
think there is any shortcut for companies who wish to be very careful to
legally review the Cygwin licenses.

The difficulties I see in checking the Cygwin licenses are these:

1) There is no single umbrella license or legal statement, just a
    collection of software packages, with one or more licenses included
    in each package.
2) There is no complete and explicit list of licenses.
3) There is no copy of, nor pointer to, all the licenses.
4) No checking of license compatibility has been provided.
5) There is no statement that every package even has a license.
6) There is no statement about what legal processes are followed to
    ensure that each contributed package meets Cygwin's license
    requirements (e.g. a license is included, copyright is clear, license
    is compatible with Cygwin's overall license).  There is just a
    statement in recommending to include
    documentation like "copyright licence" [if you have it].
    Perhaps this is addressed indirectly by requiring packages to already
    be accepted in "a major Linux distribution"?

I also note that the topic has not been discussed on the Cygwin license
list after I asked about checking the licenses, on Fri, 02 Oct 2009.

I also appreciate that Cygwin is put together on a volunteer basis, and 
no one actively manages the legal license situation.  If anyone is 
interested in discussing that, I have some ideas about lightweight 
processes for making the downstream checking work easier for users.

Anyway, the main task of my script is to actually *find* all the
licenses and distil them down into a set of license files with
repetitions removed.

Some years ago, Corinna kindly told me that:

 > A list of licenses used in Cygwin packages is in the cygwin-docs
 > package, plus, every package with a non-standard license typically
 > provides it under /usr/share/doc/<packagename>.  However, there's no
 > guarantee that the list is complete.

But I noticed that in the cygwin-doc package, there seems to be no
list of licenses.  There are lots of man pages, a few files under
usr/share, but I couldn't find a list of licenses, except this comment
in usr/share/info/

   Are the Cygwin tools free software?Yes. Parts are GNU software
   (gcc, gas, ld, etc.), parts are covered by the standard
   X11 license, some of it is public domain, some of it was written
   by Red Hat and placed under the GNU General Public License (GPL).
   None of it is shareware. You don't have to pay anyone to
   use it but you should be sure to read the copyright section of
   the FAQ for more information on how the GNU GPL may affect your
   use of these tools.

This is also what is said, perhaps more succinctly, at
"Most of the tools are covered by the GNU GPL, some are public domain,
and others have a X11 style license."

If that's what Corinna was referring to, IMHO it's no help at all from
the point of view of a legal check, since it only makes a statement
about the licenses of an unspecified subset of packages.  So legally, it
means every package must be examined to find all the licenses that apply.

So, it seems that there is no shortcut, and I'm now finishing my script
to automate as much of the work as possible.  I'm at the stage now where
I can use the script to help me quickly find the license in each
package.  At about 2 mins per package, I calculate I now have roughly
3,600 minutes of work ahead of me. :-(



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2011-08-11  7:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-11  7:30 Cygwin license check Luke Kendall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).