On Wed, Oct 27, 2021 at 08:14:43PM +0200, Kevin Kofler via devel wrote: > Zbigniew Jędrzejewski-Szmek wrote: > > > On Wed, Oct 27, 2021 at 02:00:36PM +0200, Kevin Kofler via devel wrote: > >> offer" clause is in practice very hard to comply with. (Especially for > >> GPLv2-only projects. The GPLv3 has made it slightly more practical, > >> admittedly.) In my experience, most projects actually choose to just > >> upload the source code next to the binaries. And those that do pick the > >> "written offer" solution do not actually do so in a fully compliant way. > > > > You just proved my point. If you have the source available for > > download next to the binaries, the license is satisfied. > > It is actually more complicated than that: There are really two kinds of > projects distributing binaries: > > * Those who care about what binaries they ship and build everything from > source will typically just upload the source code they used to build their > binaries next to their binaries. But those are not the target of this > change proposal to begin with. > > * Those who just redistribute random binaries that somebody else (usually a > distribution) built typically do not bother even telling users where the > binaries come from, let alone pointing them to the source code. > > > Look, it's not hard. If I put up foo.c on a web page, and next to it > > the matching a.out and GPLv2.txt, even if that a.out is stripped > > and has no identifying information, I'm satisfying the terms of the GPL, > > version 2.0, §3a. > > Sure, but what those projects are actually doing is putting up an a.out that > somebody else built, without even downloading the foo.c, let alone uploading > it next to the a.out. Sure, there are people who violate licenses maliciously or through sloppiness. But this proposal isn't really about sources: it's about origin metadata. Whether this metadata is there doesn't force or prevent people from following the license. And as extensively argued in the other parts of the thread, there are various scenarios where it's reasonable and OK to have binaries without package metadata (even the example of typical initrd images built by dracut…). Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
