[Buildroot] [PATCH] package/libkrb5: Bumb to 1.17

Arnout Vandecappelle arnout at mind.be
Tue Oct 1 15:41:36 UTC 2019



On 01/10/2019 17:33, Yann E. MORIN wrote:
> Arnout, All,
> 
> On 2019-10-01 00:13 +0200, Arnout Vandecappelle spake thusly:
>> On 30/09/2019 22:28, Yann E. MORIN wrote:
>>> Thomas, All,
>>>
>>> On 2019-09-30 22:18 +0200, Thomas Petazzoni spake thusly:
>>>> On Mon, 30 Sep 2019 13:39:31 +0200
>>>> André Hentschel <nerv at dawncrow.de> wrote:
>>>>> Signed-off-by: André Hentschel <nerv at dawncrow.de>
>>> [--SNIP--]
>>>> However, I think this package license information may not be totally
>>>> correct, independently of this version bump. Indeed, our libkrb5.mk
>>>> says the license is MIT, but the NOTICE file shows a bunch of parts
>>>> under BSD-2-Clause for example.
>>>>
>>>> Arnout, Yann, what do you think about this? It's one of those packages
>>>> with lots of code re-used from different projects, all under
>>>> MIT/BSD-2-Clause style licenses. I'd be interested to hear your opinion
>>>> on the matter.
>>>
>>> Looking at the haorball the NOTICE file is, I would be tempted to just
>>> state:
>>>     LIBKRB5_LICENSE = Kerberos license
>>>
>>> and be done with it. Let the user sort the mess on their side...
>>
>>  IMO it's not *that* difficult to be complete. Licensecheck reports the
>> following (after pruning a bunch of irrelevant or wrong hits):
> 
> But how exactly did you conclude those bits are irrelevant or wrong?
> That's an issue I think, that we inject our own interpretation of the
> licenses list and conclude of a resulting state.

 Because it's what we do for all other packages? All autotools packages have a
GPL config.guess script, but we never mention it. For many packages we don't
include documentation because it doesn't get built/installed. Etc.

 If we don't want to do that, we should remove _LICENSE entirely.

 Regards,
 Arnout

> 
> I don't think that is correct, because some other people may or may not
> have a different interpretation of irrelevance or wrongness.
> 
>> LIBKRB5_LICENSE = MIT, NTP, MIT-CMU, BSD-2-Clause, BSD-3-Clause, BSD-4-Clause, ISC
>>
>>  BTW, for some reason licensecheck seems to identify MIT as "Expat licence"...
> 
> Which is all the more a reason not to trust its output.
> 
> As such, I'd just let the user do their own interpretation of this.
> 
> BTW, that prompted me to resurect a small patch of mine I've had stashed
> for eons here (I'll do a proper submission later:)
> 
>     diff --git a/support/legal-info/README.header b/support/legal-info/README.header
>     index d3bdf71bcf..ef8aff0c1a 100644
>     --- a/support/legal-info/README.header
>     +++ b/support/legal-info/README.header
>     @@ -29,3 +29,7 @@ This material is composed of the following items.
>       * The license text of the packages; they have been saved in the
>       * licenses/
>         subdirectory.
>      
>     +Note that the Buildroot developers provide no guarantee as to whether the
>     +information contained in the material thus collected, is correct or
>     +exhaustive, or both. It is your responsibility, as part of your compliance
>     +process, to verify the correctness and exhaustivity of that information.
> 
> Regards,
> Yann E. MORIN.
> 


More information about the buildroot mailing list