Mon Dec 10 15:37:49 2018 UTC ()
mk/license.mk: DEFAULT_ACCEPTABLE - add DFSG, clarify

(This is a comment-only change.)

Add compliance with Debian Free Software Guidelines as evidenced by
inclusion in Debian main as a basis for inclusion in
DEFAULT_ACCEPTABLE_LICENSES.

Clarify that the exclusion of AGPL by TNF board is higher priority
than the new DFSG section.

Add to the "obviously would be approved as Free" section the notion
that a license must also obviously not trigger the AGPL concern.

As proposed on tech-pkg, edited based on agc@ comments.


(gdt)
diff -r1.92 -r1.93 pkgsrc/mk/license.mk
cvs diff -r1.92 -r1.93 pkgsrc/mk/license.mk (switch to unified diff)

--- pkgsrc/mk/license.mk 2018/12/09 06:07:23 1.92
+++ pkgsrc/mk/license.mk 2018/12/10 15:37:49 1.93
@@ -1,277 +1,292 @@ @@ -1,277 +1,292 @@
1# $NetBSD: license.mk,v 1.92 2018/12/09 06:07:23 triaxx Exp $ 1# $NetBSD: license.mk,v 1.93 2018/12/10 15:37:49 gdt Exp $
2# 2#
3# This file handles everything about the LICENSE variable. It is 3# This file handles everything about the LICENSE variable. It is
4# included automatically by bsd.pkg.mk. 4# included automatically by bsd.pkg.mk.
5# 5#
6# XXX There should be one place to set the default list and for users 6# XXX There should be one place to set the default list and for users
7# to set the ACCEPTABLE_LICENSES list, used by both source builds and 7# to set the ACCEPTABLE_LICENSES list, used by both source builds and
8# binary installs# 8# binary installs#
9# 9#
10# XXX: Some of this content arguably belongs in the pkgsrc guide 10# XXX: Some of this content arguably belongs in the pkgsrc guide
11# instead. 11# instead.
12# 12#
13# === User-settable variables === 13# === User-settable variables ===
14# 14#
15# ACCEPTABLE_LICENSES 15# ACCEPTABLE_LICENSES
16# 16#
17# If a package declares a license and that license is not a 17# If a package declares a license and that license is not a
18# member of the list defined by this variable, pkgsrc will not 18# member of the list defined by this variable, pkgsrc will not
19# build the package and instead print an error message. 19# build the package and instead print an error message.
20# (pkg_install has code to behave the same way, but it is not 20# (pkg_install has code to behave the same way, but it is not
21# yet turned on.) 21# yet turned on.)
22# 22#
23# XXX: Perhaps there should be some mechanism to prevent running 23# XXX: Perhaps there should be some mechanism to prevent running
24# programs that are part of packages that declare LICENSEs that 24# programs that are part of packages that declare LICENSEs that
25# are not in ACCEPTABLE_LICENSES or some per-user variable. 25# are not in ACCEPTABLE_LICENSES or some per-user variable.
26# This is surely controversial and requires discussion. 26# This is surely controversial and requires discussion.
27# 27#
28# To include the default licenses, you can use the += operator 28# To include the default licenses, you can use the += operator
29# in mk.conf. To override it, use the plain = operator. 29# in mk.conf. To override it, use the plain = operator.
30# 30#
31# Default value: ${DEFAULT_ACCEPTABLE_LICENSES} 31# Default value: ${DEFAULT_ACCEPTABLE_LICENSES}
32# 32#
33# === Package-settable variables === 33# === Package-settable variables ===
34# 34#
35# LICENSE 35# LICENSE
36# 36#
37# The license of the package. 37# The license of the package.
38# 38#
39# Dual licenses can be specified with OR expressions: 39# Dual licenses can be specified with OR expressions:
40# LICENSE= license1 OR license2 40# LICENSE= license1 OR license2
41# 41#
42# If more than one license applies at the same time, AND expressions 42# If more than one license applies at the same time, AND expressions
43# can be used: 43# can be used:
44# LICENSE= license1 AND license2 44# LICENSE= license1 AND license2
45# 45#
46# Expressions can be nested if necessary: 46# Expressions can be nested if necessary:
47# LICENSE= (license1 AND license2) OR license3 47# LICENSE= (license1 AND license2) OR license3
48# Parenthesis are required when mixing AND and OR. 48# Parenthesis are required when mixing AND and OR.
49# 49#
50# Every package should specify its license. (Prior to early 2009, 50# Every package should specify its license. (Prior to early 2009,
51# Open Source and Free software did not have license tags.) 51# Open Source and Free software did not have license tags.)
52# 52#
53# Licenses are collected in the licenses/ subdirectory of 53# Licenses are collected in the licenses/ subdirectory of
54# pkgsrc. For open source license, we generally use the same 54# pkgsrc. For open source license, we generally use the same
55# names as either the Open Source Initiative or the Free 55# names as either the Open Source Initiative or the Free
56# Software Foundation, choosing a name to reduce confusion. 56# Software Foundation, choosing a name to reduce confusion.
57# Open source and free licenses do not have a -license suffix, 57# Open source and free licenses do not have a -license suffix,
58# and non-free licenses do. 58# and non-free licenses do.
59# 59#
60# http://opensource.org/licenses/category 60# http://opensource.org/licenses/category
61# http://www.gnu.org/licenses/license-list.html 61# http://www.gnu.org/licenses/license-list.html
62# 62#
63# === Predefined variables === 63# === Predefined variables ===
64# 64#
65# DEFAULT_ACCEPTABLE_LICENSES 65# DEFAULT_ACCEPTABLE_LICENSES
66# The list of licenses that will be the default value of 66# The list of licenses that will be the default value of
67# ACCEPTABLE_LICENSES. Adapting the longstanding policy of Open 67# ACCEPTABLE_LICENSES. Adapting the longstanding policy of Open
68# Source or Free licenses not requiring tags, it should contain 68# Source or Free licenses not requiring tags, it should contain
69# almost all licenses that are Open Source or Free, so as to provide 69# all licenses that are definitively Free or Open Source --
70# the most expansive default that almost all people find 70# except those specifically excluded by the TNF board -- so as
71# acceptable. (Many people will want to add more licenses to 71# to provide the most expansive default that almost all people
72# ACCEPTABLE_LICENSES; the point is to have a default that very 72# find acceptable. (Many people will want to add more licenses
73# few people want to shrink.) 73# to ACCEPTABLE_LICENSES; the point is to have a default that
74# 74# very few people want to shrink.)
75# As an exception to the Open Source or Free policy, the board 75#
76# of The NetBSD Foundation has decided that licenses that 76# Licenses approved by FSF as Free and by OSI as Open Source
77# trigger obligations from use (rather than redistribution), 77# will be added by default, without annotation, as these
78# such as the Affero GPL, should not be in 78# organizations publish lists of approved licenses.
 79#
 80# Licenses approved by Debian as meeting the Debian Free
 81# Software Guidelines will also be added by default. They
 82# should be in a second section with a comment about each one,
 83# because Debian does not publish an accepted license list and
 84# acceptability must be inferred from inclusion in main.
 85#
 86# The board of The NetBSD Foundation is the final arbiter of
 87# which licenses may be in DEFAULT_ACCEPTABLE_LICENSES. As an
 88# exception to the above policy on treating Free, Open Source,
 89# and DFSG licenses as acceptable, the board has decided that
 90# licenses that trigger obligations from use (rather than
 91# redistribution), such as the Affero GPL, should not be in
79# DEFAULT_ACCEPTABLE_LICENSES. 92# DEFAULT_ACCEPTABLE_LICENSES.
80# 93#
81# Licenses not formally approved as Free or Open Source may be 94# Licenses not formally approved as Free or Open Source may be
82# added if they have terms that would obviously be approved if 95# added if they have terms that would 1) obviously be approved
83# the effort were made. Such license names will have a comment 96# by FSF or OSI if the effort were made and 2) obviously not
84# near them in the assignment to DEFAULT_ACCEPTABLE_LICENSES. 97# trigger the above issue with AGPL-type licenses. Such license
 98# names will be in an additional section and have a comment near
 99# them in the assignment to DEFAULT_ACCEPTABLE_LICENSES.
85# 100#
86# The pkg_install sources also have a 101# The pkg_install sources also have a
87# DEFAULT_ACCEPTABLE_LICENSES list, and that should be updated 102# DEFAULT_ACCEPTABLE_LICENSES list, and that should be updated
88# to match the list here. See 103# to match the list here. See
89# pkgsrc/pkgtools/pkg_install/files/lib/license.c 104# pkgsrc/pkgtools/pkg_install/files/lib/license.c
90# 105#
91# === See also === 106# === See also ===
92# 107#
93# ../doc/TODO, section "Licenses of packages" 108# ../doc/TODO, section "Licenses of packages"
94# 109#
95# Keywords: licence license 110# Keywords: licence license
96# 111#
97 112
98# This list is not complete. Free and Open Source licenses should be 113# This list is not complete. Free and Open Source licenses should be
99# added to the list as they are added to pkgsrc. 114# added to the list as they are added to pkgsrc.
100# 115#
101# The convention is that Free or Open Source licenses do not have a 116# The convention is that Free or Open Source licenses do not have a
102# -license suffix, and nonfree licenses end in -license. 117# -license suffix, and nonfree licenses end in -license.
103# 118#
104DEFAULT_ACCEPTABLE_LICENSES= \ 119DEFAULT_ACCEPTABLE_LICENSES= \
105 apache-1.1 apache-2.0 \ 120 apache-1.1 apache-2.0 \
106 arphic-public \ 121 arphic-public \
107 artistic artistic-2.0 \ 122 artistic artistic-2.0 \
108 boost-license \ 123 boost-license \
109 cc-by-sa-v3.0 \ 124 cc-by-sa-v3.0 \
110 cc-by-sa-v4.0 \ 125 cc-by-sa-v4.0 \
111 cc-by-v4.0 \ 126 cc-by-v4.0 \
112 cc0-1.0-universal \ 127 cc0-1.0-universal \
113 cddl-1.0 \ 128 cddl-1.0 \
114 cecill-2.1 \ 129 cecill-2.1 \
115 cpl-1.0 \ 130 cpl-1.0 \
116 epl-v1.0 \ 131 epl-v1.0 \
117 eupl-v1.1 \ 132 eupl-v1.1 \
118 gfsl \ 133 gfsl \
119 gnu-fdl-v1.1 gnu-fdl-v1.2 gnu-fdl-v1.3 \ 134 gnu-fdl-v1.1 gnu-fdl-v1.2 gnu-fdl-v1.3 \
120 gnu-gpl-v1 \ 135 gnu-gpl-v1 \
121 gnu-gpl-v2 gnu-lgpl-v2 gnu-lgpl-v2.1 \ 136 gnu-gpl-v2 gnu-lgpl-v2 gnu-lgpl-v2.1 \
122 gnu-gpl-v3 gnu-lgpl-v3 \ 137 gnu-gpl-v3 gnu-lgpl-v3 \
123 hpnd \ 138 hpnd \
124 ipafont \ 139 ipafont \
125 ipl-1.0 \ 140 ipl-1.0 \
126 isc \ 141 isc \
127 lppl-1.0 lppl-1.2 lppl-1.3c \ 142 lppl-1.0 lppl-1.2 lppl-1.3c \
128 lucent \ 143 lucent \
129 miros \ 144 miros \
130 mit \ 145 mit \
131 mpl-1.0 mpl-1.1 mpl-2.0 \ 146 mpl-1.0 mpl-1.1 mpl-2.0 \
132 mplusfont \ 147 mplusfont \
133 ofl-v1.0 ofl-v1.1 \ 148 ofl-v1.0 ofl-v1.1 \
134 openssl \ 149 openssl \
135 original-bsd modified-bsd 2-clause-bsd \ 150 original-bsd modified-bsd 2-clause-bsd \
136 osl \ 151 osl \
137 paratype \ 152 paratype \
138 php \ 153 php \
139 png-license \ 154 png-license \
140 postgresql-license \ 155 postgresql-license \
141 public-domain \ 156 public-domain \
142 python-software-foundation \ 157 python-software-foundation \
143 qpl-v1.0 \ 158 qpl-v1.0 \
144 sgi-free-software-b-v2.0 \ 159 sgi-free-software-b-v2.0 \
145 sleepycat-public \ 160 sleepycat-public \
146 sissl-1.1 \ 161 sissl-1.1 \
147 unicode \ 162 unicode \
148 unlicense \ 163 unlicense \
149 w3c \ 164 w3c \
150 x11 \ 165 x11 \
151 zlib \ 166 zlib \
152 zpl-2.0 \ 167 zpl-2.0 \
153 zpl-2.1 \ 168 zpl-2.1 \
154 zsh 169 zsh
155 170
156# not approved by OSI, derived from BSD 171# not approved by OSI, derived from BSD
157DEFAULT_ACCEPTABLE_LICENSES+= info-zip 172DEFAULT_ACCEPTABLE_LICENSES+= info-zip
158 173
159# not approved by OSI, in line with Free Software principles but with rename 174# not approved by OSI, in line with Free Software principles but with rename
160# restrictions and typefaces can not be sold by itself. 175# restrictions and typefaces can not be sold by itself.
161DEFAULT_ACCEPTABLE_LICENSES+= vera-ttf-license 176DEFAULT_ACCEPTABLE_LICENSES+= vera-ttf-license
162 177
163# DFSG, not evaluated by OSI/FSF 178# DFSG, not evaluated by OSI/FSF
164DEFAULT_ACCEPTABLE_LICENSES+= happy 179DEFAULT_ACCEPTABLE_LICENSES+= happy
165 180
166# DFSG, not evaluated by OSI/FSF 181# DFSG, not evaluated by OSI/FSF
167# Mainly used in https://sources.debian.org/copyright/license/lsof/ 182# Mainly used in https://sources.debian.org/copyright/license/lsof/
168DEFAULT_ACCEPTABLE_LICENSES+= purdue 183DEFAULT_ACCEPTABLE_LICENSES+= purdue
169 184
170##### Variant spellings 185##### Variant spellings
171 186
172.if defined(ACCEPTABLE_LICENCES) && !defined(ACCEPTABLE_LICENSES) 187.if defined(ACCEPTABLE_LICENCES) && !defined(ACCEPTABLE_LICENSES)
173ACCEPTABLE_LICENSES= ${ACCEPTABLE_LICENCES} 188ACCEPTABLE_LICENSES= ${ACCEPTABLE_LICENCES}
174.endif 189.endif
175 190
176.if !defined(LICENSE) 191.if !defined(LICENSE)
177. if ${PKG_DEVELOPER:Uno} != "no" 192. if ${PKG_DEVELOPER:Uno} != "no"
178WARNINGS+= "[license.mk] Every package should define a LICENSE." 193WARNINGS+= "[license.mk] Every package should define a LICENSE."
179. endif 194. endif
180 195
181.else 196.else
182 197
183.if defined(_ACCEPTABLE) 198.if defined(_ACCEPTABLE)
184WARNINGS+= "Deprecated variable _ACCEPTABLE found, use SKIP_LICENSE_CHECK=yes" 199WARNINGS+= "Deprecated variable _ACCEPTABLE found, use SKIP_LICENSE_CHECK=yes"
185SKIP_LICENSE_CHECK= yes 200SKIP_LICENSE_CHECK= yes
186.endif 201.endif
187 202
188SKIP_LICENSE_CHECK?= no 203SKIP_LICENSE_CHECK?= no
189 204
190.if !empty(SKIP_LICENSE_CHECK:M[Yy][Ee][Ss]) 205.if !empty(SKIP_LICENSE_CHECK:M[Yy][Ee][Ss])
191_ACCEPTABLE_LICENSE= skipped 206_ACCEPTABLE_LICENSE= skipped
192.else 207.else
193_ACCEPTABLE_LICENSE!= \ 208_ACCEPTABLE_LICENSE!= \
194 if test `${PKG_ADMIN} -V` -lt 20090528; then \ 209 if test `${PKG_ADMIN} -V` -lt 20090528; then \
195 echo outdated; \ 210 echo outdated; \
196 else \ 211 else \
197 ${PKGSRC_SETENV} PKGSRC_ACCEPTABLE_LICENSES=${ACCEPTABLE_LICENSES:Q} \ 212 ${PKGSRC_SETENV} PKGSRC_ACCEPTABLE_LICENSES=${ACCEPTABLE_LICENSES:Q} \
198 PKGSRC_DEFAULT_ACCEPTABLE_LICENSES=${DEFAULT_ACCEPTABLE_LICENSES:Q} \ 213 PKGSRC_DEFAULT_ACCEPTABLE_LICENSES=${DEFAULT_ACCEPTABLE_LICENSES:Q} \
199 ${PKG_ADMIN} check-license ${LICENSE:Q} || echo failure; \ 214 ${PKG_ADMIN} check-license ${LICENSE:Q} || echo failure; \
200 fi 215 fi
201.endif 216.endif
202 217
203.if ${_ACCEPTABLE_LICENSE} == "no" 218.if ${_ACCEPTABLE_LICENSE} == "no"
204. if defined(MAKECONF) 219. if defined(MAKECONF)
205_MAKE_CONF?= ${MAKECONF} 220_MAKE_CONF?= ${MAKECONF}
206. elif ${OPSYS} == "NetBSD" && ${MAKE} == "/usr/bin/make" 221. elif ${OPSYS} == "NetBSD" && ${MAKE} == "/usr/bin/make"
207_MAKE_CONF?= /etc/mk.conf 222_MAKE_CONF?= /etc/mk.conf
208. else 223. else
209_MAKE_CONF?= ${PREFIX}/etc/mk.conf 224_MAKE_CONF?= ${PREFIX}/etc/mk.conf
210.endif 225.endif
211. if ${OPSYS} == "NetBSD" && ${PKG_TOOLS_BIN} == "/usr/sbin" 226. if ${OPSYS} == "NetBSD" && ${PKG_TOOLS_BIN} == "/usr/sbin"
212_PKG_INSTALL_CONF?= /etc/pkg_install.conf 227_PKG_INSTALL_CONF?= /etc/pkg_install.conf
213. else 228. else
214_PKG_INSTALL_CONF?= ${PREFIX}/etc/pkg_install.conf 229_PKG_INSTALL_CONF?= ${PREFIX}/etc/pkg_install.conf
215.endif 230.endif
216 231
217. if empty(LICENSE:MAND) && empty(LICENSE:MOR) && empty(LICENSE:M*[()]*) 232. if empty(LICENSE:MAND) && empty(LICENSE:MOR) && empty(LICENSE:M*[()]*)
218PKG_FAIL_REASON+= "${PKGNAME} has an unacceptable license condition: " \ 233PKG_FAIL_REASON+= "${PKGNAME} has an unacceptable license condition: " \
219 " "${LICENSE:Q} \ 234 " "${LICENSE:Q} \
220 "You can mark the license \`\`${LICENSE}'' as acceptable by adding" \ 235 "You can mark the license \`\`${LICENSE}'' as acceptable by adding" \
221 " ACCEPTABLE_LICENSES+= ${LICENSE}" \ 236 " ACCEPTABLE_LICENSES+= ${LICENSE}" \
222 "to ${_MAKE_CONF} or by adding" \ 237 "to ${_MAKE_CONF} or by adding" \
223 " ACCEPTABLE_LICENSES= ${LICENSE}" \ 238 " ACCEPTABLE_LICENSES= ${LICENSE}" \
224 "to ${_PKG_INSTALL_CONF}." 239 "to ${_PKG_INSTALL_CONF}."
225PKG_FAIL_REASON+= "The following command will show you the license text:" \ 240PKG_FAIL_REASON+= "The following command will show you the license text:" \
226 " ${MAKE} show-license" 241 " ${MAKE} show-license"
227. else 242. else
228PKG_FAIL_REASON+= "${PKGNAME} has an unacceptable license condition: " \ 243PKG_FAIL_REASON+= "${PKGNAME} has an unacceptable license condition: " \
229 " "${LICENSE:Q} \ 244 " "${LICENSE:Q} \
230 "" \ 245 "" \
231 "Check that you have accepted all necessary licenses." \ 246 "Check that you have accepted all necessary licenses." \
232 "You can mark a particular license \`\`foo'' as acceptable by adding" \ 247 "You can mark a particular license \`\`foo'' as acceptable by adding" \
233 " ACCEPTABLE_LICENSES+= foo" \ 248 " ACCEPTABLE_LICENSES+= foo" \
234 "to ${_MAKE_CONF} or by adding" \ 249 "to ${_MAKE_CONF} or by adding" \
235 " ACCEPTABLE_LICENSES= foo" \ 250 " ACCEPTABLE_LICENSES= foo" \
236 "to ${_PKG_INSTALL_CONF}." 251 "to ${_PKG_INSTALL_CONF}."
237. endif 252. endif
238 253
239.elif ${_ACCEPTABLE_LICENSE} == "failure" 254.elif ${_ACCEPTABLE_LICENSE} == "failure"
240PKG_FAIL_REASON+= "License conditions for ${PKGNAME} could not be evaluated" 255PKG_FAIL_REASON+= "License conditions for ${PKGNAME} could not be evaluated"
241.elif ${_ACCEPTABLE_LICENSE} == "outdated" 256.elif ${_ACCEPTABLE_LICENSE} == "outdated"
242PKG_FAIL_REASON+= \ 257PKG_FAIL_REASON+= \
243 "Your pkg_install is too old to evaluate license conditions" \ 258 "Your pkg_install is too old to evaluate license conditions" \
244 "You can bypass this check by setting SKIP_LICENSE_CHECK=yes" 259 "You can bypass this check by setting SKIP_LICENSE_CHECK=yes"
245.endif 260.endif
246 261
247.endif 262.endif
248 263
249# guess-license: 264# guess-license:
250# Extracts the current package and tries to guess its license. 265# Extracts the current package and tries to guess its license.
251# This is useful for package developers. 266# This is useful for package developers.
252# 267#
253# Keywords: license 268# Keywords: license
254guess-license: .PHONY 269guess-license: .PHONY
255 @# Running "make extract" would fetch and build the dependencies 270 @# Running "make extract" would fetch and build the dependencies
256 ${RUN} [ -d ${WRKSRC} ] \ 271 ${RUN} [ -d ${WRKSRC} ] \
257 || ALLOW_VULNERABLE_PACKAGES=yes ${MAKE} makedirs fetch pre-extract do-extract 272 || ALLOW_VULNERABLE_PACKAGES=yes ${MAKE} makedirs fetch pre-extract do-extract
258 273
259 ${RUN} \ 274 ${RUN} \
260 \ 275 \
261 type ninka > /dev/null 2>&1 || ${FAIL_MSG} "To guess the license, wip/ninka must be installed."; \ 276 type ninka > /dev/null 2>&1 || ${FAIL_MSG} "To guess the license, wip/ninka must be installed."; \
262 \ 277 \
263 ${PHASE_MSG} "Guessing licenses for ${PKGNAME}"; \ 278 ${PHASE_MSG} "Guessing licenses for ${PKGNAME}"; \
264 \ 279 \
265 : "Note that ninka can only handle one file at a time; therefore the slow loop below."; \ 280 : "Note that ninka can only handle one file at a time; therefore the slow loop below."; \
266 cd ${WRKDIR} \ 281 cd ${WRKDIR} \
267 && ${FIND} ./* -type f -print \ 282 && ${FIND} ./* -type f -print \
268 | while read fname; do ninka "$$fname"; done \ 283 | while read fname; do ninka "$$fname"; done \
269 | ${AWK} -F ';' '{ print $$2 }' \ 284 | ${AWK} -F ';' '{ print $$2 }' \
270 | LC_ALL=C ${SORT} | uniq -c | LC_ALL=C ${SORT} -nr \ 285 | LC_ALL=C ${SORT} | uniq -c | LC_ALL=C ${SORT} -nr \
271 | ${AWK} 'BEGIN { printf("%5s %s\n", "Files", "License") } { printf("%5d %s\n", $$1, $$2); }' 286 | ${AWK} 'BEGIN { printf("%5s %s\n", "Files", "License") } { printf("%5d %s\n", $$1, $$2); }'
272 287
273_VARGROUPS+= license 288_VARGROUPS+= license
274_USER_VARS.license= ACCEPTABLE_LICENSES SKIP_LICENSE_CHECK 289_USER_VARS.license= ACCEPTABLE_LICENSES SKIP_LICENSE_CHECK
275_PKG_VARS.license= LICENSE 290_PKG_VARS.license= LICENSE
276_SYS_VARS.license= DEFAULT_ACCEPTABLE_LICENSES 291_SYS_VARS.license= DEFAULT_ACCEPTABLE_LICENSES
277_SORTED_VARS.license= *_LICENSES SKIP_* 292_SORTED_VARS.license= *_LICENSES SKIP_*