From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3CD3B138334 for ; Thu, 12 Sep 2019 00:06:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 244CEE0ADC; Thu, 12 Sep 2019 00:06:03 +0000 (UTC) Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CFDDAE0984 for ; Thu, 12 Sep 2019 00:06:02 +0000 (UTC) Received: by mail-io1-xd41.google.com with SMTP id k5so24967594iol.5 for ; Wed, 11 Sep 2019 17:06:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gentoo-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=90iPTsycu8UdJn78lqvbNErMnlahxeBhqMCRzH7cOKI=; b=jShD/lKhx2z1OxDnipn7J3nzsRTBy+pETdudsh6CVwvxVONnNV/HiLpJfoTttFtxXT irfimfWRDAGtt+KobefmuQMgQHKse1cZ75EtMoZeuKXb/f5uEgeMmArDYG9upfyQQAx/ YQlp8gktzUGrfJCdD5AeT/65WdUDxh1GxSwVNzfTNwVSp1LXhQLWElWz/+2k/oLgEBj/ FY5E2cZnzvxA1tbbhmj1sNwwnaYA9NvbQaKoH8ULJzLRKTJ7M70YREVsw1CA2UoNQewa 7q9hKlnXH+gf8b2Sxfd1OzKtg2fYR7h6p9eNKgEikgrTlEKssAD5Ykpwye+/YtBqtdGQ iS/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=90iPTsycu8UdJn78lqvbNErMnlahxeBhqMCRzH7cOKI=; b=TZHK5YXk5m+Q0VfsuvxvwkMPRg1KzjEMg4fGZlgBXFsSvRHkpb3nTcbXyI/AHKqZyC jwtcZhYQo842WLQj+3x2iXcW7bhLip6au+frpdLTzhHGWS721vQ6YRIJZgvsZ/ezBTkQ vpYRVaEQZ67+6megG5is4MkTX7X4e+t1kUdSvcJuaQVJQ9JKo/QupmFj3xEm2N9cU7qU w2Vku3GPXI+7KcuPmak8uLgepfEcbVXb5qAdzcy+ru1ncY7ccITkT6jqwc/J4nTG6pWq ODH67eOkYzi+eBLDYG/vi1qc3zS73dSroK4O5s7MiVABkdkN8vq1tbWZd3hn8jIYSrrR QUMg== X-Gm-Message-State: APjAAAXtISXJ2+twhYj69YAVGokgXlkZURz2+85/gq4k7Z4K8moSDe7o D7Y7Qfy/OBkYK1LuFDdiYFI5BTlutmjVnvz92E0C2ZYY X-Google-Smtp-Source: APXvYqxn2pH7deeUVD59EOMc+UldCD9JKzZsQvZMT/eCgLKcomAmTqp6ZN0KlEymVFlUDOljq9Hv5yWIvBv9G2DCQ7I= X-Received: by 2002:a5e:8402:: with SMTP id h2mr915421ioj.38.1568246761957; Wed, 11 Sep 2019 17:06:01 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <20190911172128.18885-1-williamh@gentoo.org> <20190911172128.18885-4-williamh@gentoo.org> <20190911234815.GA21591@whubbs1.dev.av1.gaikai.org> In-Reply-To: <20190911234815.GA21591@whubbs1.dev.av1.gaikai.org> From: Alec Warner Date: Wed, 11 Sep 2019 17:05:50 -0700 Message-ID: Subject: Re: [gentoo-dev] [PATCH 3/3] dev-vcs/hub: migrate to go-module.eclass To: William Hubbs Cc: Gentoo Dev , Michael Orlitzky , Ulrich Mueller Content-Type: multipart/alternative; boundary="0000000000002ab91b05924fe7c6" X-Archives-Salt: 7eff651e-2d71-4c13-9147-5a4fd60dfb1a X-Archives-Hash: 60350446d79f6d37dbb84934184792b3 --0000000000002ab91b05924fe7c6 Content-Type: text/plain; charset="UTF-8" On Wed, Sep 11, 2019 at 4:48 PM William Hubbs wrote: > On Wed, Sep 11, 2019 at 04:34:27PM -0700, Alec Warner wrote: > > On Wed, Sep 11, 2019 at 10:39 AM Michael Orlitzky > wrote: > > > > > On 9/11/19 1:21 PM, William Hubbs wrote: > > > > +++ b/dev-vcs/hub/hub-2.12.3.ebuild > > > > ... > > > > > > > > LICENSE="MIT" > > > > > > This license is wrong, as it's pretty much guaranteed to be every time > > > you commit one of these packages. I find it pretty troubling that one > > > corporation is able to force this stuff through even though it's a > > > security and legal hazard for everyone else. > > > > > > > How is it wrong? > > > > https://github.com/github/hub/blob/master/LICENSE > > The argument is that because of the vendoring, LICENSE= needs to list > all licenses for the vendored dependencies that are different from MIT > as well. > I see, I tend to believe that argument in that case. > > Personally I don't have a comment about this, but that's what is being > pushed for. I'll let you guys debate this but it isn't really relevant > to the eclass. ;-) > I think it's difficult to put instructions in the eclass like: +# $ cd /my/clone/of/upstream +# $ git checkout +# $ go mod vendor +# $ tar cvf project-version-vendor.tar.gz vendor And then not mention this fairly easy trap (it's so easy to fall into you did it twice.) -A > William > --0000000000002ab91b05924fe7c6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Wed, Sep 11, 2019 at 4:48 PM Willi= am Hubbs <willi= amh@gentoo.org> wrote:
On Wed, Sep 11, 2019 at 04:34:27PM -0700, Alec Warner wrote:<= br> > On Wed, Sep 11, 2019 at 10:39 AM Michael Orlitzky <mjo@gentoo.org> wrote:
>
> > On 9/11/19 1:21 PM, William Hubbs wrote:
> > > +++ b/dev-vcs/hub/hub-2.12.3.ebuild
> > > ...
> > >
> > > LICENSE=3D"MIT"
> >
> > This license is wrong, as it's pretty much guaranteed to be e= very time
> > you commit one of these packages. I find it pretty troubling that= one
> > corporation is able to force this stuff through even though it= 9;s a
> > security and legal hazard for everyone else.
> >
>
> How is it wrong?
>
> https://github.com/github/hub/blob/master/LICE= NSE

The argument is that because of the vendoring, LICENSE=3D needs to list
all licenses for the vendored dependencies that are different from MIT
as well.

I see, I tend to believe that = argument in that case.
=C2=A0

Personally I don't have a comment about this, but that's what is be= ing
pushed for. I'll let you guys debate this but it isn't really relev= ant
to the eclass. ;-)

I think it's=C2= =A0difficult to put instructions in the eclass like:

+# $ cd /my/clone/of/upstream
+# $ git checkout <release>
+#= $ go mod vendor
+# $ tar cvf project-version-vendor.tar.gz vendor

And then not mention this fairly easy trap (it'= s so easy to fall into you did it twice.)

-A


William
--0000000000002ab91b05924fe7c6--