Daniel Hakimi <[email protected]> writes: > This generally shouldn't come up that often
Do you have some metrics on that? I believe the example with aclocal.m4 comes up VERY often. It is just that most maintainers ignore the license complexity of build-system files like that , and we've collectively turned a blind eye towards it, even encoding that practice into some policies. Ignoring the license complexity of aclocal.m4 may be a low-risk decision, but the supply-chain vulnerability in relying in pre-built non-source aclocal.m4 is problematic. It is a perfect target for xz-style attacks. Thus, I think ignoring license complexity (or encoding that into policy) for non-source files is a bad idea. In most situations, the best solution is to use upstream git as the Debian source, and make sure that upstream don't put non-source artifacts like aclocal.m4 into git. Then the licensing situation becomes more clear for both maintainer and end-user. /Simon > , and in the tricky cases, you can always check with us. > > There are several charts about license compatibility online, but I > generally wouldn't recommend any of them for legal advice, more just a > starting point for your curiosity. > > The simplified way to look at it is: the first license is very permissive, > you can do almost whatever you want with that code. The third license says > "you can use this under the terms of the GPLv2 or later." 2 or later > includes 3 or later. The second license is 3 or later. That's the most > restrictive, the others allow you to use those terms instead, it's fine. > > There are some trickier issues -- the Apache license is permissive but its > patent terms create minor compatibility issues with some GPL-family > licenses--but again, this is a rare issue you usually won't need to worry > about. > > Regards, > > Daniel J. Hakimi > B.S. Philosophy, RPI 2012 > B.S. Computer Science, RPI 2012 > J.D. Cardozo Law 2015 > > On Wed, Jun 3, 2026, 08:15 Marc Haber <[email protected]> wrote: > >> On Wed, Jun 03, 2026 at 01:50:29PM +0200, Santiago Vila wrote: >> >In your example: >> > >> >permissive + GPL 2 or later + GPL 3 or later = GPL 3 or later >> >> Do we have documented which licenses include others? Or do I need to >> have a doctorate in international copyright law to be a Debian >> Developer? >> >> Greetings >> Marc >> >> -- >> >> ----------------------------------------------------------------------------- >> Marc Haber | "I don't trust Computers. They | Mailadresse im Header >> Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 >> Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 >> >>
signature.asc
Description: PGP signature
