License Auditing...

JamesElstone

JamesElstone

Hi All,

I am seeking yet more enlightenment...

When running [CMD=""]make[/CMD] against some ports, a messgae flies past stating that the user has accepted the XYZ license.

Is there a way to confirm what licenses are required for a port and all its dependancies, similar in operation to [CMD=""]make config-recursive[/CMD] for example but for the license files? For example, to review the licenses that need to be accepted before installing the port?

Alternatively, is there a way for a sysadmin to only allow certain types of licenses to be accepted or rejected on a system?

I know that something could be scripted around the Makefiles for each port, but was wondering if there was something already out there?

I also had a look at http://wiki.freebsd.org/PortsLicenseInfrastructure and saw that there was a bit of background information on Port License Infrastructure / auditing, but I couldn't tell if this has been implemented or was just a concept; The techniques described are exactly what I was looking for!!

Any pointers or information welcomed; I may be missing the obvious here...

James.
 
That's an interesting question in legal and informatic terms. You can read this document Licensing Infrastructure in the Ports tree presented at BSDCan 2011 by Thomas M. Abthorpe, but you have the best examples in the FreeBSD wiki page you already read before.

You can get a list of software ports with any license declared in Makefile:
[CMD=]$ find /usr/ports/ -name 'Makefile' -exec egrep -l "LICENSE=[[:space:]]+BSD" {} \;[/CMD]

You must determine which model of license, BSD or EPL or GPL, want to find.

Source: http://forums.freebsd.org/showthread.php?t=32871.
 
Good point cpu82, but is there anything built in to FreeBSD?

Does anybody know the status of the Ports License Infrastructure; has it been implemented yet as per the URL in the previous post?

Thanks,
James.
 
You are right wblock@, but this port was developed to analyze licenses. It seems so useful:
Where did FOSSology come from?

Q: Where did the FOSSology tool come from? Why would somebody create this tool? Who are you and what do you get out of this?

A: The FOSSology Project started as an internal software development effort within Hewlett Packard's Open Source and Linux Organization. The tool evolved over several years at HP from a few simple shell scripts to the much more comprehensive tool you see today.

HP needed a way to quickly and accurately evaluate open source software that was being proposed for use within the company as well as software that was being considered for distribution on its own or as part of an HP product or service. These tools were developed to meet this need, alerting developers and project managers to conflicts in licensing terms, potential pitfalls in the combination of various software packages, or problems with integrating "home grown" code with existing open source software.

In time, HP came to realize that this tool was of far greater value to itself as well as the community if it could be made available on a broader basis. Thus the decision was made to open source the tool and help promote its use within open source communities to help ease the confusion and uncertainty around licensing questions.
Click to expand...

Source: http://www.fossology.org/projects/fossology/wiki/Frequently_Asked_Questions.
 
You must log in or register to reply here.
Back
Top