On 2011-11-23 16:46 , Dan Ports wrote: > On Tue, Nov 22, 2011 at 07:50:00PM -0600, Eric A. Borisch wrote: >> OpenSSL's license negatively impacts the usefulness of the binary >> distribution process within MacPorts. I propose moving openssl support >> to a non-default variant within the pythonNN ports. This will permit >> more of the packages that depend on python to be distributable through >> binary packages. > > Thanks for bringing this up. I've run up against this before, and I > think this is an important issue. The python -> openssl dependency is a > pretty common reason for ports to falsely fail the license check. (The > most common, of course, is not having a license tag at all -- but we've > made a lot of progress on that one recently!)
I'm not entirely sure it's a false failure. FSF's position is a little bit complicated and to me seems to try to make distinctions that don't exist in reality. They say an interpreted program is not a derivative work of the interpreter it runs in, which includes any libraries it may use. But then they say that "library bindings" that can be used by interpreted code do make the interpreted code a derivative work of the library it uses via the bindings. The situation for code that uses e.g. hashlib, which is considered a standard part of python, is thus vague. Even vaguer if it doesn't directly use hashlib but uses some standard library code that uses hashlib. > A similar issue is that both Python and perl depend on gdbm for one of > their standard library modules. gdbm has a GPL-3+ license, so it > conflicts with anything that's GPL-2 only. For python, gdbm could and probably should be split out into a separate port (again). I don't know if that's easily doable for perl, or how much perl code relies on gdbm being available. The perl5.8 port actually has it as a non-default variant. > I'm not particularly thrilled by the idea of disabling openssl (or > gdbm) from Python. I assume this means it's not going to build the ssl > standard library module, and I think it could be pretty surprising for > users if it suddenly disappeared from the port. There used to be a separate py-hashlib port, but I'm pretty sure openssl is used in more places than just hashlib. > The way I'd prefer to deal with it is to have an option to skip the > license check for a particular dependency (say, > depends_skip_licensecheck). Yeah, this is one of the mechanisms for specifying more precisely how ports' licenses interact that I mentioned needing back in July. I wouldn't phrase it in terms of skipping the license checking though, but rather giving it more information. - Josh _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
