On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny <[email protected]> wrote: > W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman > napisał: >> On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller <[email protected]> wrote: >> > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: >> > >> > Don't you think there is a difference between downloading a package >> > that has a known upstream and that is also carried by other distros, >> > and downloading a license-less package from a random location on the >> > internet? >> >> Most upstreams do not do much checking about the ownership of their sources. >> >> Gentoo certainly doesn't - we don't even require developers to submit a DCO. >> >> Other projects like the Linux kernel require signing a DCO for each >> commit, but do not do any checking beyond this. I have no doubt that >> they would remove offending sources if they were contacted, but they >> do not actively go out and confirm authorship. >> >> > >> > > > The package in question doesn't come with any license though, which >> > > > means that only the copyright holder has the right to distribute >> > > > it. So I believe that some extra care is justified, especially when >> > > > the upstream location of the distfile has changed. >> > > Why? We don't redistribute anything that is copyrighted. >> > >> > Users download the file, and I think that we are responsible to have >> > only such SRC_URIs in our ebuilds from where they can obtain the >> > package without being exposed to potential legal issues. >> >> I'm not aware of any court rulings that have found downloading >> something like this to be illegal. >> >> > >> > > Perhaps if we want to enforce a policy like this we should take the >> > > time to actually write the policy down. As far as I can tell Gentoo >> > > has no such policy currently. >> > >> > The old Games Ebuild Howto [1] has this: >> > >> > > LICENSE >> > > >> > > The license is an important point in your ebuild. It is also a >> > > common place for making mistakes. Try to check the license on any >> > > ebuild that you submit. Often times, the license will be in a >> > > COPYING file, distributed in the package's tarball. If the license >> > > is not readily apparent, try contacting the authors of the package >> > > for clarification. [...] >> > >> > I propose to add the paragraph above to the devmanual's licenses >> > section. >> > >> >> We already know there isn't a license for redistribution. This >> doesn't speak about requiring us to ensure that those distributing our >> source files have the rights to do so. It merely says to check the >> license. We understand the license already. I don't see how this >> paragraph pertains to this situation. > > AFAIK you're a developer. So if you want to keep this package, then > please do the needful and take care of it yourself instead of > complaining and demanding others to do the work you want done. >
Are you saying it is sufficient to just point the SRC_URI at the new URL and remove the mask? As far as I can tell that is all that needs to be done. Per the policy the license is readily apparent, so there is no need to contact the authors. -- Rich
