How to check if the sources are free?

nona - 7 months ago -

There are many packages which are obviously not included in Parabola. There is software which is free, but is not packaged, and there is software which claims to be free and should not. I want to know if there is a procedure, algorithm, guideline or something to check if software is free. In the past, I have tried by identifying binaries and license files with grep. Is there a structured way to do it? Thanks.

Replies (4)

RE: How to check if the sources are free? - theova - 7 months ago -

I am not aware of a script which automates the procedure.

To check whether a licene is free, have a look at
Another resource for free programs is the free software directory:

If you encounter question specific to a certain program, feel free to ask here.

RE: How to check if the sources are free? - nona - 7 months ago -

Hi, thanks for the links. I think that I can spot when a license is free. The question is how to detect where the licenses are for all the source files, whether these files have hidden binaries, spot plain-sight binaries, recommendations of non-free software, external download of such software, etc.

I would like to have Gmsh and libMesh in Parabola, but nobody has had the time to do it, and I would like to know how to do this myself so that I can have a greater contribution and undestanding. I have shared some PKGBUILDs in the past for this goal.

RE: How to check if the sources are free? - bill-auger - 7 months ago -

there is no fool-proof automation for this - the fossology tool is the most advanced and thorough; but even with that there are things that must be determined manually

to go into detail, would require a quite lengthy wiki article - it is usually not too difficult to prove that something in a code-base is non-free; but in the end, the only way to know for certain that some code is fully legit is to write it yourself - i.e. unless you personally witnessed the code being written, it is always a matter of blind faith, whether or not the publisher is the sole author, or has respected the copyrights of all collected code

what is most helpful is to know which licenses can be applied to certain types of files - it is often not the case, that a single license applies to every source file; although many developers seem to believe that it does - the GPL for example, explicitly covers "the program"; but does not consider data files, such as images or documentation, to be part of "the program" - any files in a GPL code-base which are not executable source code, need separate licensing, or an appendix to the GPL which covers them explicitly - likewise, the MIT-style licenses explicitly cover "software and associated documentation files"; but presumably, images, audio, and fonts are neither software nor documentation - if any code-base contains files of those type, and does not declare a separate license for them, then that would not meet the test of "free-culture"; and strictly speaking, would make the code-base un-distributable as a whole - often (and probably more often than not), images in some code-base were not created by the author of the source code, but found on the web; but you rarely see attribution, and the typical website where such images are found, rarely mention any licensing, and denote the author only as a nickname - so it is impossible even to investigate, what were the licensing intentions of original author - there is very often no way to contact that person to ask

in the context of parabola though, we extend the GPL intention of "no restrictions", as it relates to source code, to apply to all files on the system - when in doubt, ask the upstream maintainers for clarification - if you plan to package, or work on some particular software for the long-term, it is a good idea to make yourself known to the upstream maintains anyways - unfortunately, some are not very responsive to nit-picking about licensing, and some literally do not respond - i tend to replace the images in programs that do not explicitly identify the license and author, if it is not a program that i myself am particularly interested in, and i just want to package it and move on - but for programs that i use myself, or work on routinely, i try to improve them, and send patches and bug reports to the upstream

beyond that, it is important to know which license are compatible with others; because some programs are a mixture - this web page is the best reference for determining that:

another thing to look out for, is when a GPL program links to a library that has a license that is not GPL-compatible, even if that is itself free software on it's own - openssl is the most common example of that situation

most common artwork licenses have that same problem - they are incompatible with other licenses, so if some image is a composite of other images with incompatible licenses or (no license), the composite is illegitimate - it all gets pretty hairy and contentious in the fine details

another subtlety, is that licenses other than the GPL are most often indicated only by one file at the top level, and is presumed to cover the entire code-base - however, i have come across some programs that had lax-permissive license at the top level, but that i found a GPL-licensed source file buried deeper within - so that program effectively becomes GPL, as would need to be declared in the PKGBUILD

another issue with artworks, is that most common artwork licenses require that some attribution accompany the images, just as most software licenses do; but many programs will have no indication of the license - even those that do, often do not attribute the author of the images - one could assume that the images were created by the author of the software; but it is probably more likely that they were not

seriously, that was only scratching the surface - someone could write an entire book about this - if you are unsure about something, ask for advice - if we are unsure, we would ask the FSF for advice

RE: How to check if the sources are free? - nona - 6 months ago -

Thanks for the answer. I will consider writing my steps when checking the sources of Gmsh.