From 557319dfdd2e495af848d1803227941c2a4f82fd Mon Sep 17 00:00:00 2001 From: Michał Górny Date: Tue, 11 Feb 2020 11:05:58 +0100 Subject: other-metadata: LICENSE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes: https://bugs.gentoo.org/709020 Closes: https://github.com/gentoo/policy-guide/pull/12 Signed-off-by: Michał Górny --- other-metadata.rst | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/other-metadata.rst b/other-metadata.rst index f05014b..14651cf 100644 --- a/other-metadata.rst +++ b/other-metadata.rst @@ -94,4 +94,53 @@ this circumstance, and they will not fail for users. common, and there is little harm in overspecifying it. +.. index:: license + +LICENSE +------- +:Source: QA +:Reported: no + +The ``LICENSE`` variable must explicitly list licenses for all files +installed by the package. If some of the applicable licenses are +conditional to USE flags, appropriate USE conditionals need to +be expressed in the variable. + +If a package bundles any dependencies that are either installed, +statically linked or in any other way combined with installed files, +the licenses of these dependencies need to be listed as well. This +is not presently required when statically linking to dependencies +installed by separate packages in the repository. + +The licenses for files that are not installed but that are used at build +time are not listed explicitly. + +*Rationale*: the primary purpose of the license support in the package +manager is to provide the users with ability to decide on acceptable +licenses for their installed systems (and binary packages). In order +for this to work effectively, the packages must provide a correct +and complete license list. + +Static linking combines code from multiple packages, potentially covered +by different licenses. Listing all licenses is the simplest way +of ensuring that nothing is missed, as well as protecting against wrong +derivative work licenses stated upstream (i.e. when a less restrictively +licensed package links to a more restrictively licensed dependency). + +Listing of licenses is enforced for bundled dependencies but not for +static linking to other packages, as in the latter case it is +non-trivial to implement and the package manager already verifies +the license while building dependencies (but not when installing binary +packages). + +The ebuild format does not provide a separate variable to list licenses +needed only at build time. So far it has not been considered important +enough to have one, as the relevant files exist only temporarily +on the user's system and do not affect the runtime use of packages. + +.. Note:: + Please remember to include the licenses of support files provided + by the ebuild, e.g. init.d scripts (usually GPL-2). + + .. _metadata invariance: https://projects.gentoo.org/pms/7/pms.html#x1-600007.1 -- cgit v1.2.3-65-gdbad