From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 020B8138334 for ; Thu, 12 Sep 2019 15:46:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 90DE6E08FC; Thu, 12 Sep 2019 15:46:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 17A85E08F6 for ; Thu, 12 Sep 2019 15:46:38 +0000 (UTC) Received: from whubbs1.gaikai.biz (unknown [100.42.103.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: williamh) by smtp.gentoo.org (Postfix) with ESMTPSA id 916B434B0C1; Thu, 12 Sep 2019 15:46:37 +0000 (UTC) Received: (nullmailer pid 24014 invoked by uid 1000); Thu, 12 Sep 2019 15:46:34 -0000 Date: Thu, 12 Sep 2019 10:46:34 -0500 From: William Hubbs To: gentoo-dev@lists.gentoo.org Cc: antarus@gentoo.org, Michael Orlitzky , Ulrich Mueller Subject: Re: [gentoo-dev] [PATCH 3/3] dev-vcs/hub: migrate to go-module.eclass Message-ID: <20190912154634.GB23846@whubbs1.dev.av1.gaikai.org> Mail-Followup-To: gentoo-dev@lists.gentoo.org, antarus@gentoo.org, Michael Orlitzky , Ulrich Mueller References: <20190911172128.18885-1-williamh@gentoo.org> <20190911172128.18885-4-williamh@gentoo.org> <20190911234815.GA21591@whubbs1.dev.av1.gaikai.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vGgW1X5XWziG23Ko" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Archives-Salt: b8261cf2-722d-4351-bd67-187bc84a9ca8 X-Archives-Hash: 050262c83199a515f52bf2cbf94c6187 --vGgW1X5XWziG23Ko Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 11, 2019 at 05:05:50PM -0700, Alec Warner wrote: > On Wed, Sep 11, 2019 at 4:48 PM William Hubbs wrote: >=20 > > On Wed, Sep 11, 2019 at 04:34:27PM -0700, Alec Warner wrote: > > > On Wed, Sep 11, 2019 at 10:39 AM Michael Orlitzky > > wrote: > > > > > > > On 9/11/19 1:21 PM, William Hubbs wrote: > > > > > +++ b/dev-vcs/hub/hub-2.12.3.ebuild > > > > > ... > > > > > > > > > > LICENSE=3D"MIT" > > > > > > > > This license is wrong, as it's pretty much guaranteed to be every t= ime > > > > you commit one of these packages. I find it pretty troubling that o= ne > > > > corporation is able to force this stuff through even though it's a > > > > security and legal hazard for everyone else. > > > > > > > > > > How is it wrong? > > > > > > https://github.com/github/hub/blob/master/LICENSE > > > > The argument is that because of the vendoring, LICENSE=3D needs to list > > all licenses for the vendored dependencies that are different from MIT > > as well. > > >=20 > I see, I tend to believe that argument in that case. >=20 >=20 > > > > Personally I don't have a comment about this, but that's what is being > > pushed for. I'll let you guys debate this but it isn't really relevant > > to the eclass. ;-) > > >=20 > I think it's difficult to put instructions in the eclass like: >=20 > +# $ cd /my/clone/of/upstream > +# $ git checkout > +# $ go mod vendor > +# $ tar cvf project-version-vendor.tar.gz vendor >=20 > And then not mention this fairly easy trap (it's so easy to fall into you > did it twice.) In the case of hub, I didn't make a vendor tarball because upstream does the vendoring, so I don't see how these two things are related. In other words, the way I see this is a tree-wide issue. LICENSE=3D for any package should list every license for every package it links to or uses. William --vGgW1X5XWziG23Ko Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTVeuxEZo4uUHOkQAluVBb0MMRlOAUCXXpoVQAKCRBuVBb0MMRl OJpeAJ9NNwymtBNzzGmMa8khazMoqccbSQCfaxFnFc27DG41vY6KrEQR9tQd+Qw= =GWlD -----END PGP SIGNATURE----- --vGgW1X5XWziG23Ko--