Follow-up Comment #9, task #16658 (group administration): On Thu, Jul 03, 2025 at 04:56:53AM -0400, [email protected] wrote: > Follow-up Comment #8, task #16658 (group administration): > > Here's a corrected explanation of the files that have no notice. > > rust_fmt_version.txt is generated by `cargo +nightly fmt --version > > rust_fmt_version.txt` in the lint.sh script. Currently the file just contains > `rustfmt 1.8.0-nightly (c68340350c 2025-06-18)`. It's not derived from my > work > at all. The included work of Rust developers (e.g. a version number) don't > seem copyrightable.
Why doesn't it seem copyrightable? > The purpose of rust_fmt_version.txt is to make the current > code formatting style reproducible, just in case there's problems caused by > all the formatting suddenly changing when updating rustfmt. Basically, the purpose doesn't matter from the legal point of view. The developers include it, therefore it should be legal to include it. > Cargo.lock is a package manager state. It lists each direct or indirect > dependency's name, version, source location, checksum, and dependency names. > Before compiling a package (not including dependencies), Cargo always > rewrites > its Cargo.lock file. A change to the next contents of Cargo.lock can be > triggered by editing the list of direct dependencies in Cargo.toml (not to be > confused with Cargo.lock) or by running `cargo update`. The purpose of > including Cargo.lock in version control (which is controversial) is to allow > investigation when a new version of a dependency causes my library to break. From this passage, I still can't see the reason why Cargo.lock isn't copyrightable. > Not sure it it matters, but there's "rust_fmt_version.txt.license" and > "Cargo.lock.license" files with the following contents so that the `reuse > lint` command doesn't complain about the lack of embedded license data: Neither am I sure; Savannah hosting requirements are written in terms of having valid legal notices rather than expecting certain output of `reuse lint`. >>> - cargo, <https://github.com/rust-lang/cargo>, MIT OR Apache-2.0 >> >> Its README.md says it contains some software under more licenses >> (LICENSE-THIRD-PARTY). Could you analyze it? > > LICENSE-THIRD-PARTY contains copies of these licenses used by dependencies: > - old license that OpenSSL used to use, outdated because Cargo uses version > 300.5.0+3.5.0 of openssl-src, and OpenSSL switched to Apache-2.0 license in > version 3 (see <https://github.com/rust-lang/cargo/blob/master/Cargo.lock> > and > <https://crates.io/crates/openssl-src>) Ok. > - libgit2's GPLv2 license, with a linking exception (granting "unlimited > permission to link the compiled version of this library into combinations > with > other programs, and to distribute those combinations without any restriction > coming from the use of this file") Is this compatible with GPLv3? What do you think? > - zlib license > - expat licenses > - LGPL v2.1 license > - BSD 3-clause license > - a variant of the X11 license, with "the X Consortium" replaced with generic > references to authors and copyright holders > - the unlicense > >> While at it, there is no single >> [//www.gnu.org/licenses/license-list.html#Expat "MIT" license]: people use >> it >> to refer to a number of various licenses. > > Should I look in the repository of each "MIT"-licensed dependency to check > what the authors meant by "MIT"? We have just seen that e.g. 'MIT OR Apache-2.0' in fact may mean a much richer set of licenses, haven't we? (And sincerely speaking, I can't get the point of licensing anything like (in Rust 'materials') Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR CC0-1.0.) >>> - rust, <https://github.com/rust-lang/rust>, MIT OR Apache-2.0 ... > The items listed in that same file under "We track licenses for third-party > materials in two ways" are sufficient for the "otherwise noted" cases. The > REUSE.toml file precisely lists licenses for files in both the Rust > repository > and the included git submodules. Here's the external dependencies' licenses, > summarized by the `cargo-license` tool: > > ``` > (MIT OR Apache-2.0) AND Unicode-3.0 (1): unicode-ident ... > MPL-2.0 (2): colored, option-ext > N/A (106): build-manifest, build_helper, bump-stage0, cargotest2, ... > Zlib (1): foldhash > ``` What conclusion can you make based on this? _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/task/?16658> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
signature.asc
Description: PGP signature
