Hi Bradley, thanks for the reply. Bradley M. Kuhn writes:
> Thanks for making efforts to automate AGPLv3 compliance. While I > don't think it can be fully automated (verifying CCS is almost surely > an undecidable problem in the computational complexity sense), I > believe that it is possible to make a good-faith effort that can help > the deployer yield a reasonable source release that should only > require minor tweaks thereafter to get correct. That's part of my goal. I'd also like to help build social norms and shortcuts that allow people to say, "if you do X (where X is discrete, clear, and hopefully, simple), then you've satisfied the license's requirements." We might be able to establish these social norms by making basic, "good enough", compliance trivial [0]. Who knows, that sort of system might even help correct some misunderstandings about the AGPL [1]. > Your Makefile hack is a good first step, but not that it might not > find everything; I'd suspect only human intervention can do that > reliably. Yup, it's certainly not designed to find everything; it's far too simple. However it's (fairly) easy to understand and really straightforward. Therefore, it's simple to adjust and situationally correct. Since the AGPL (like the GPL) works best (only?) at the project level, it makes sense to ask the project to manage its known files. Folks who want to comply with the license won't have difficulty saving their files in the working directory. If folks don't want to comply, then we'll have an even harder time diagnosing non-compliance, as services are remote. I'm pretty sure the licenses were designed to prefer this problem over the potential problem of removing users' freedoms. Nick 0: I wouldn't go so far as saying social norms are more important than the written license, but they certainly influence its use: I've never heard of someone being considered out of compliance for removing legal notices from the user interface while making the source code available, as mentioned in section 5, paragraph d. If they exist, I'd be really interested in reading up on them. 1: Misunderstandings like "the AGPL requires distributing all source required to run the service in its current state, including dotfiles and other private config files". However, that seems wrong (per section 13, paragraph 1 and section 1, paragraphs 4 - 6): it's all in how you interpret "all the source code needed to... run the object code." Running most source without a configuration dotfile is possible, but will usually produce meaningless results. The AGPL doesn't appear to require useful results, just the ability to produce them. Therefore, dotfiles don't seem to be required. Of course, IANAL, so my opinions are illegal :)
pgpX_ykJLtKT1.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
