On 1/26/19 10:04 PM, Kristian Fiskerstrand wrote:
> I would like to point the community at the following bug
> https://bugs.gentoo.org/676248:
> Bug 676248 - non-free licenses are accepted without user prompt
> 
> In summary the question is whether non-free licenses should be accepted
> by default in Gentoo. today only licenses requiring EULA are not
> accepted by default. So this is a good opportunity to discuss whether we
> should deviate substantially from other distros like Debian.
> 
> My personal opinion is we should have a default accepting FSF and OSI
> approved free/libre licenses and require acceptance for anything else
> though package.license / ACCEPT_LICENSE. Since we have this model
> already we don't need a separate repository like debian does for its
> binary packages, so any change has relatively minor impact on our users
> as long as it is presented properly and with a proper timeline.
> 

This topic has been discussed from time to time, including in 2013 in
https://archives.gentoo.org/gentoo-project/message/b36af97cdf6172217974a3afb30475bd
. However, context change and 6 years is likely enough time to permit a
new discussion.

What constitute free software is a broad discussion, so for the context
of these discussions I recommend we keep to the FSF and OSI definitions.
These definitions protects the user's rights to copy/modify/use the
application without repercussions, and that is exactly why it should be
the default license.

As soon as a user start using a non-free license the user needs to
make judgments on how it will impact on further choice, and likely need
to consult a lawyer for practicality if using it in any commercial context.

In particular in a scenario where the license change unexpectedly this
can be an interesting twist, as seen with MongoDB. To quote

http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003739.html
:
"Developers don’t always pay attention and given they have stated any
updates to older versions moving forward are SSPL a developer just
grabbing a security update suddenly means you’re not under AGPL anymore
but SSPL."

The consequences for a user arise when using non-free licenses, so the
default should be to allow free licenses by default.

A more puritan approach could be to not provide any approved license at
all, but the Gentoo Social contract says "Gentoo is and will remain free
software", which makes @FREE the natural choice.

Most of the issues from the previous discussions have been solved by
now, increasing the value of re-opening the discussion, and the
user-impact is minimal for setting a default of @FREE given proper
documentation in the handbook.


-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3