[Buildroot] [PATCH] package/libkrb5: Bumb to 1.17
arnout at mind.be
Tue Oct 1 15:41:36 UTC 2019
On 01/10/2019 17:33, Yann E. MORIN wrote:
> Arnout, All,
> On 2019-10-01 00:13 +0200, Arnout Vandecappelle spake thusly:
>> On 30/09/2019 22:28, Yann E. MORIN wrote:
>>> Thomas, All,
>>> On 2019-09-30 22:18 +0200, Thomas Petazzoni spake thusly:
>>>> On Mon, 30 Sep 2019 13:39:31 +0200
>>>> André Hentschel <nerv at dawncrow.de> wrote:
>>>>> Signed-off-by: André Hentschel <nerv at dawncrow.de>
>>>> However, I think this package license information may not be totally
>>>> correct, independently of this version bump. Indeed, our libkrb5.mk
>>>> says the license is MIT, but the NOTICE file shows a bunch of parts
>>>> under BSD-2-Clause for example.
>>>> Arnout, Yann, what do you think about this? It's one of those packages
>>>> with lots of code re-used from different projects, all under
>>>> MIT/BSD-2-Clause style licenses. I'd be interested to hear your opinion
>>>> on the matter.
>>> Looking at the haorball the NOTICE file is, I would be tempted to just
>>> LIBKRB5_LICENSE = Kerberos license
>>> and be done with it. Let the user sort the mess on their side...
>> IMO it's not *that* difficult to be complete. Licensecheck reports the
>> following (after pruning a bunch of irrelevant or wrong hits):
> But how exactly did you conclude those bits are irrelevant or wrong?
> That's an issue I think, that we inject our own interpretation of the
> licenses list and conclude of a resulting state.
Because it's what we do for all other packages? All autotools packages have a
GPL config.guess script, but we never mention it. For many packages we don't
include documentation because it doesn't get built/installed. Etc.
If we don't want to do that, we should remove _LICENSE entirely.
> I don't think that is correct, because some other people may or may not
> have a different interpretation of irrelevance or wrongness.
>> LIBKRB5_LICENSE = MIT, NTP, MIT-CMU, BSD-2-Clause, BSD-3-Clause, BSD-4-Clause, ISC
>> BTW, for some reason licensecheck seems to identify MIT as "Expat licence"...
> Which is all the more a reason not to trust its output.
> As such, I'd just let the user do their own interpretation of this.
> BTW, that prompted me to resurect a small patch of mine I've had stashed
> for eons here (I'll do a proper submission later:)
> diff --git a/support/legal-info/README.header b/support/legal-info/README.header
> index d3bdf71bcf..ef8aff0c1a 100644
> --- a/support/legal-info/README.header
> +++ b/support/legal-info/README.header
> @@ -29,3 +29,7 @@ This material is composed of the following items.
> * The license text of the packages; they have been saved in the
> * licenses/
> +Note that the Buildroot developers provide no guarantee as to whether the
> +information contained in the material thus collected, is correct or
> +exhaustive, or both. It is your responsibility, as part of your compliance
> +process, to verify the correctness and exhaustivity of that information.
> Yann E. MORIN.
More information about the buildroot