Skip Menu |

This queue is for tickets about the Convert-Binary-C CPAN distribution.

Report information
The Basics
Id: 132904
Status: patched
Priority: 0/
Queue: Convert-Binary-C
People
Owner: Nobody in particular
Requestors: KENTNL [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in:
  • 0.79_01
  • 0.80
  • 0.81
  • 0.82

History Show all quoted text
  Sun Jun 28 23:47:15 2020 KENTNL [...] cpan.org - Ticket created
Subject: License Inconsitencies
I was gearing up to do a more-comprehensive analysis[1], but half way through I realised I'd made a mistake and had to start-over for some of it

The most clear thing I can say is the top level license in metadata ( which is often as far as people look, and is the most visible license data on metacpan ), is inadequate for how the code currently is.

Secondly, there's a lot of conflation between the "perl license" and various other licenses that *look* to be "the perl license", but are not.

The "perl license" implies "Artistic 1 OR GPL1-OR-NEWER", and any declarations saying "Artistic or GPL" give a different license condition, as does any declaration that says "Artistic or GPL-2".

Many of the embedded files are BSD-licensed, LGPL-2.1+ licensed, GPL2+-only licensed,

./README-215-Foundation, Inc. They are neither required to create the binary nor
./README-216-linked to the source code of this module in any other way.

^ this may be fine for some, but anyone who distributes this code whole-sale is still bound by the license terms of the test files in order to distribute them.

And anyone who *runs* tests involving those test files, must do so while complying with their license.

And it is really no small feat to understand all the licenses in this dist, and anyone who takes the entries in META>* for granted are kidding themselves.

And in attempting to create a single SPDX-like string that comprehensively encompassed all the files in the dist, I just got a headache.

Full output of my "grep for licensy things" here: https://gist.github.com/kentfredric/6b699ed648b934ee39e150b978993691

1: https://gist.github.com/kentfredric/0512bd8c0099d0e6dc8b264b614afd8a
-- 
- CPAN kentnl@cpan.org
- Gentoo Perl Maintainer kentnl@gentoo.org ( perl@gentoo.org )
  Sun Nov 15 17:13:40 2020 MHX [...] cpan.org - Correspondence added
Hi Kent, Thank you so much for taking your time to look at this, and sorry for the late response. I have to honestly admit that this is a proper mess. This was pretty much my first open source project almost 20 years ago and while I certainly tried to make sure I didn't get the licensing stuff wrong, I did apparently mess things up. Anyhow, I just took a bit of time this weekend to clean things up a little: - I've made sure there's no more mix of "perl license" and "Artistic or GPL*". The affected code is all mine and I've now changed it all to be "perl_5". - I've completely removed all the (L)GPL*'d files previously used for testing and replaced them with public domain (CC0) code. - I've updated the META.json to now list ['perl_5', 'bsd']. I've also removed the statement about files only being used for testing, as it no longer applies to the CC0 code. Apart from the Perl and BSD licenses, there should now only be two more licenses within the distribution that I'm not quite sure how to handle: - The generated bison parser generators with the exempted GPL license. This states that I should be able to "distribute that [larger] work under terms of your choice". So my assumption is that I can put this unter the Perl license as well and it doesn't need a separate mention in the META.json. - The slightly "unique" license of the parser generator source that my code derives from which you identified as "ambiguous but likely inconsequential". I'm not actually sure what to do with this other than what I've already done by giving attribution pretty much everywhere. I've uploaded a development release to CPAN (Convert-Binary-C-0.79_01) and would definitely appreciate your feedback. The updated code can also be found at https://github.com/mhx/Convert-Binary-C Again, thank you very much for you help and your work on Gentoo (which I've been using myself for more than 15 years). Marcus
  Sun Nov 15 17:13:41 2020 The RT System itself - Status changed from 'new' to 'open'
  Thu Nov 19 15:37:16 2020 MHX [...] cpan.org - Correspondence added
I've pushed a few more releases over the last couple of days to fix issues that cropped up after switching to pdclib. The 0.83 release looks good across various platforms and versions. Along the way I've also fixed the problem that caused parallel builds to break. I hope this version is much simpler from a licensing POV.
  Thu Nov 19 15:37:17 2020 MHX [...] cpan.org - Status changed from 'open' to 'patched'
  Thu Nov 19 15:37:17 2020 MHX [...] cpan.org - Fixed in 0.79_01 added
  Thu Nov 19 15:37:17 2020 MHX [...] cpan.org - Fixed in 0.80 added
  Thu Nov 19 15:37:17 2020 MHX [...] cpan.org - Fixed in 0.81 added
  Thu Nov 19 15:37:17 2020 MHX [...] cpan.org - Fixed in 0.82 added