On Wed, 2023-09-27 at 08:36 +0800, Paul Wise wrote:
> This more general problem is very hard to impossible to solve,
> since it would mean patching every single build toolchain and
> source package [...]
Are the upstream developers not already legally required to include all
this information into
On Tue, 2023-09-26 at 14:20 -0400, John Thorvald Wodder II wrote:
> - bat (In addition to the type of problem discussed above, the source code for
> bat has an Apache 2.0 `NOTICE` file, yet this is not included in the .deb
> package.)
Please file a severity serious bug report against bat
On Tue, 2023-09-26 at 14:20 -0400, John Thorvald Wodder II wrote:
> I suspect that this problem applies to all programs written in Go or Rust that
> Debian distributes. Is Debian handling dependency licenses for these packages
> incorrectly, or is there something I'm missing?
Your analysis is
Hello,
Disclaimer: I am not a lawyer and this is not legal advice.
I talked extensively to Athos during DebConf and, after looking at the
multiple licenses and nuances involved in this problem I believe:
1) Athos followed precisely the instructions from ftp-masters
I am a concerned citizen who, while looking into prior art for handling
dependency licenses in order to inform some of my own projects, stumbled upon
what appear to be systemic license violations in the Debian repositories
regarding dependencies of statically-linked compiled binary programs
5 matches
Mail list logo