Project

General

Profile

How to check if the sources are free?

nona - 28 days ago -

There are many packages which are obviously not included in Parabola. There is software which is free, but is not packaged, and there is software which claims to be free and should not. I want to know if there is a procedure, algorithm, guideline or something to check if software is free. In the past, I have tried by identifying binaries and license files with grep. Is there a structured way to do it? Thanks.


Replies (4)

RE: How to check if the sources are free? - theova - 26 days ago -

I am not aware of a script which automates the procedure.

To check whether a licene is free, have a look at http://www.gnu.org/licenses/license-list.html.
Another resource for free programs is the free software directory: https://directory.fsf.org/wiki/Main_Page

If you encounter question specific to a certain program, feel free to ask here.

RE: How to check if the sources are free? - nona - 26 days ago -

Hi, thanks for the links. I think that I can spot when a license is free. The question is how to detect where the licenses are for all the source files, whether these files have hidden binaries, spot plain-sight binaries, recommendations of non-free software, external download of such software, etc.

I would like to have Gmsh and libMesh in Parabola, but nobody has had the time to do it, and I would like to know how to do this myself so that I can have a greater contribution and undestanding. I have shared some PKGBUILDs in the past for this goal.

RE: How to check if the sources are free? - bill-auger - 26 days ago -

there is no fool-proof automation for this - the fossology
program is the most advanced and thorough; but even with that
there are things that must be determined manually

https://github.com/fossology/fossology

to go into detail, would require a quite lengthy wiki article -
it is usually not too difficult to prove that something in a
code-base is non-free; but in the end, the only way to know for
certain that some code is fully legit is to write it yourself

what is most helpful is to know which licenses can be applied to
certain types of files - the GPL for example, explicitly covers
"the program"; but does not consider data files, such as images
or documentation, to be part of "the program"

the MIT-style license explicitly cover "software and associated
documentation files"; but presumably, images are not either
software nor documentation

in the context of parabola though, we extend the GPL intention of
"no restrictions", as it relates to source code, to apply to all
files on the system - when in doubt, ask the upstream
maintainers for clarification - if you plan to package, or work
on some particular software for the long-term, it is a good idea
to make yourself known to the upstream maintains anyways -
unfortunately, some are not very responsive to nit-picking about
licensing, and some literally do not respond - i tend to replace
the images in programs that do not explicitly identify the
license and author, if it is not a program that i myself am
particularly interested in, and i just want to package it and
move on - but for programs that i use myself, or work on
routinely, i try to improve them, and send patches and bug
reports to the upstream

beyond that, it is important to know which license are
compatible with others; because some programs are a mixture -
this web page is the best reference for determining that:

https://www.gnu.org/licenses/license-list.html

another thing to look out for, is when a GPL program links to a
library that has a license that is not GPL-compatible, even if
that is itself free software on it's own - openssl is the most
common example of that situation

most common artwork licenses have that same problem - they are
incompatible with other licenses, so if some image is a
composite of other images with incompatible licenses or (no
license), the composite is illegitimate - it all gets pretty
hairy and contentious in the fine details

another subtlety, is that licenses other than the GPL are most
often indicated only by one file at the top level, and is
presumed to cover the entire code-base - however, i have come
across some programs that had lax-permissive license at the top
level, but that i found a GPL-licensed source file buried deeper
within - so that program effectively becomes GPL, as would need
to be declared in the PKGBUILD

another issue with artworks, is that most common artwork licenses
require that some attribution accompany the images, just as most
software licenses do; but many programs will have no indication
of the license - even those that do, often do not attribute the
author of the images - one could assume that the images were
created by the author of the software; but it is probably more
likely that they were not

seriously, that was only scratching the surface - someone could
write an entire book about this - if you are unsure about
something, ask for advice - if we are unsure, we would ask the
FSF for advice

RE: How to check if the sources are free? - nona - 15 days ago -

Thanks for the answer. I will consider writing my steps when checking the sources of Gmsh.

    (1-4/4)