Some hard numbers on licenses used by elisp packages

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Some hard numbers on licenses used by elisp packages

Jonas Bernoulli-5
Hello,

While the current discussions focus on copyright assignments, I think
it would be a good idea to have some statistics on what licenses are
being used by Emacs packages.

Luckily answering such questions is one of the many use cases of the
Emacsmirror [1], which I maintain.

Here are the licenses used by packages that are available from Melpa:

| License       | Count | Percent |
|---------------+-------+---------|
| GPL-3         |  2268 |      62 |
| GPL-2         |   634 |      17 |
| (unknown)     |   509 |      14 |
| as-is         |   117 |       3 |
| MIT           |    45 |       1 |
| public-domain |    41 |       1 |
| GPL           |    29 |       1 |
| Apache-2.0    |    18 |       0 |
| GPL-1         |     4 |       0 |
| BSD           |     3 |       0 |
| CeCILL-B      |     2 |       0 |
| EPL           |     1 |       0 |
| MS-PL         |     1 |       0 |
|---------------+-------+---------|
| total GPL     |  2935 |      80 |
|---------------+-------+---------|
| total         |  3672 |     100 |

You can find more such tables on [2], along with some notes on how this
information was obtained and more.

[1] https://emacsmirror.net
[2] https://emacsmirror.net/stats/licenses.html

  Best regards,
  Jonas

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Jonas Bernoulli-5
Richard has asked me privately (by accident, I suspect) for some
clarifications.  Many of his questions were already addressed by the
page I linked to, and most others were already answered by the code
that that page in turn linked to.

I have now improved the introductory text on the linked page and I am
including that text here for your convenience:

> This page contains statistics about the licenses used by known Emacs
> packages.  *These statistics are not legal advice.  They are
> distributed in the hope that they will be useful, but WITHOUT ANY
> WARRANTY; without even the implied warranty of MERCHANTABILITY or
> FITNESS FOR A PARTICULAR PURPOSE.*
>
> The information used here is available from the Emacsmirror database
> (also known as the Epkg database).  For more information about the
> Emacsmirror see these [[https://emacsair.me/2016/04/16/re-introducing-the-emacsmirror][blog]] [[https://emacsair.me/2016/05/17/assimilate-emacs-packages-as-git-submodules][posts]].
>
> I have created this page to accompany [[http://lists.gnu.org/archive/html/emacs-devel/2017-07/msg00341.html][this]] conversation on
> ~emacs-devel~.
>
> I will periodically update the these statistics.  If you want to do so
> yourself, then read the relevant documentation.  You may also ask me
> for guidance.
>
> This information is extracted using the function ~elx-license~, which is
> provided by my package [[https://github.com/tarsius/elx][elx]] (~git clone https://github.com/tarsius/elx.git~).
>
> The license is determined from the contents of the "main library" of
> the package alone (the library whose name matches the name of the
> package).  First this function looks for a permission statement for a
> license published by the Free Software Foundation, if any.  If that
> fails, then the value of the "License" header keyword is considered.
> Finally it searches for brief, and potentially ambiguous, permission
> statements for non-FSF licenses.  For FSF licenses a "+" is appended
> if the text "or (at your option) any later version", or similar was
> found.  An effort is made to normalize the returned value.  This
> function also accounts for some commonly used variations in wording,
> typos, and other complications.
>
> However the returned value is sometimes false or ambiguous.  In
> particular note that if a license is "unknown", then that merely means
> that it is /not known/ what license applies.  This may be because the
> library lacks a permission statement altogether (possibly because an
> accompanying ~LICENSE~ file is considered sufficient by the upstream),
> but it may also be because ~elx-license~ does not attempt to detect the
> used non-standard and/or non-fsf permission statement, or because of
> typos in the statement, or for a number of other reasons.

I have also improved the code used to extract this information and made
a new `elx' release.  This is the relevant code, including doc-strings:

> (defconst elx-gnu-permission-statement-regexp
>   (replace-regexp-in-string
>    "\s" "[\s\t\n;]+"
>    ;; is free software[.,:;]? \
>    ;; you can redistribute it and/or modify it under the terms of the \
>    "\
> GNU \\(?1:Lesser \\| Library \\|Affero \\|Free \\)?\
> General Public Licen[sc]e[.,:;]? \
> \\(?:as published by the \\(?:Free Software Foundation\\|FSF\\)[.,:;]? \\)?\
> \\(?:either \\)?\
> \\(?:GPL \\)?\
> version \\(?2:[0-9.]*[0-9]\\)[.,:;]?\
> \\(?: of the Licen[sc]e[.,:;]?\\)?\
> \\(?3: or \\(?:(at your option) \\)?any later version\\)?"))
>
> (defconst elx-gnu-license-keyword-regexp "\
> \\(?:GNU \\(?1:Lesser \\| Library \\|Affero \\|Free \\)? General Public Licen[sc]e\
> \\|\\(?4:[laf]?gpl\\)[- ]?\
> \\)\
> \\(?:\\(?:v\\|version \\)?\\(?2:[0-9.]*[0-9]\\)\\)?\
> \\(?3: or \\(?:(at your option) \\)?\\(?:any \\)?later\\(?: version\\)?\\)?")
>
> (defconst elx-non-gnu-license-keyword-alist
>   '(("Apache-2.0"    .  "apache-2\\.0")
>     ("MIT"           .  "mit")
>     ("as-is"         .  "as-?is")
>     ("public-domain" . "public[- ]domain")))
>
> (defconst elx-non-gnu-license-keyword-regexp "\
> \\`\\(?4:[a-z]+\\)\\(?:\\(?:v\\|version \\)?\\(?2:[0-9.]*[0-9]\\)\\)?\\'")
>
> (defconst elx-non-gnu-permission-statement-alist
>   `(("Apache-2.0"    . "^;.* Apache License, Version 2\\.0")
>     ("MIT"           . "^;.* mit license")
>     ("public-domain" . "^;.*in\\(to\\)? the public[- ]domain")
>     ("public-domain" . "^;+ +Public domain\\.")
>     ("as-is"         . "^;.* \\(provided\\|distributed\\) \
> \\(by the author \\)?[\"`']\\{0,2\\}as[- ]is[\"`']\\{0,2\\}")))
>
> (defun elx-license (&optional file)
>   "Attempt to return the license used for the file FILE.
> Or the license used for the file that is being visited in the
> current buffer if FILE is nil.
>
> *** A value is returned in the hope that it will be useful, but
> *** WITHOUT ANY WARRANTY; without even the implied warranty of
> *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
> This function completely ignores and \"LICENSE\" or similar file
> in the proximity of FILE.  The returned value is solely based on
> the contents of FILE itself.
>
> The license is determined from the permission statement, if any.
> Otherwise the value of the \"License\" header keyword is
> considered.  An effort is made to normalize the returned value.
>
> *** However this function does not always return the correct
> *** value and the returned value is not legal advice.
>
> Note in particular that if this function returns nil, then that
> merely merely means that it is not known what license applies.
> This may be because the library lacks a permission statement
> altogether (possibly because an accompanying \"LICENSE\" file
> is considered sufficient by the upstream), but it may also be
> because this function does not attempt to detect the used
> non-standard and/or non-fsf permission statement, or because
> of typos in the statement, or for a number of other reasons."
>   (lm-with-file file
>     (cl-flet ((format-gnu-abbrev
>                (&optional object)
>                (let ((abbrev  (match-string 1 object))
>                      (version (match-string 2 object))
>                      (later   (match-string 3 object))
>                      (prefix  (match-string 4 object)))
>                  (concat (if prefix
>                              (upcase prefix)
>                            (pcase abbrev
>                              ("Lesser "  "LGPL")
>                              ("Library " "LGBL")
>                              ("Affero "  "AGPL")
>                              ("Free "    "FDL")
>                              (`nil       "GPL")))
>                          (and version (concat "-" version))
>                          (and later "+")))))
>       (let ((bound (lm-code-start))
>             (case-fold-search t))
>         (or (and (re-search-forward elx-gnu-permission-statement-regexp bound t)
>                  (format-gnu-abbrev))
>             (-when-let (license (lm-header "Licen[sc]e"))
>               (or (and (string-match elx-gnu-license-keyword-regexp license)
>                        (format-gnu-abbrev license))
>                   (car (cl-find-if (pcase-lambda (`(,_ . ,re))
>                                      (string-match re license))
>                                    elx-non-gnu-license-keyword-alist))
>                   (and (string-match elx-non-gnu-license-keyword-regexp license)
>                        (format-gnu-abbrev license))))
>             (and (re-search-forward
>                   "^;\\{1,4\\} Licensed under the same terms as Emacs" bound t)
>                  "GPL-3+")
>             (and ;; Some libraries are releases "under the *GPL and
>                  ;; "<other license>", while the GPL is mentioned in
>                  ;; a way the above code does not recognize.  Return
>                  ;; nil instead of "<other license>" in such cases.
>                  (not (re-search-forward elx-gnu-license-keyword-regexp bound t))
>                  (car (cl-find-if (pcase-lambda (`(,_ . ,re))
>                                     (re-search-forward re bound t))
>                                   elx-non-gnu-permission-statement-alist))))))))

Note that this function now returns e.g. "GPL-3+" if the "or (at your
option) any later version" pattern was detected.  I also made some other
changes to avoid false-positives (which comes at the cost of also no
longer matching some patterns that were previously matched correctly).

I can provide lists of packages that fall into a particular "category".
These lists can contain the names and email addresses of the maintainer,
links to the homepage and repository and many other things you might
find useful.

I would also be willing to contribute this code to the `lisp-mnt.el'
library, which is part of Emacs.  It certainly could still be improved
a lot, but it is a start.

Oh, and I almost forgot - here is an updated table:

| License       | Count | Percent |
|---------------+-------+---------|
| GPL-3+        |  2230 |      61 |
| GPL-2+        |   611 |      17 |
| (unknown)     |   511 |      14 |
| as-is         |    91 |       2 |
| MIT           |    70 |       2 |
| public-domain |    52 |       1 |
| GPL-3         |    41 |       1 |
| GPL-2         |    31 |       1 |
| Apache-2.0    |    18 |       0 |
| GPL-1+        |     4 |       0 |
| BSD           |     3 |       0 |
| GPL           |     2 |       0 |
| LGPL          |     2 |       0 |
| AGPL-3        |     1 |       0 |
| AGPL-3+       |     1 |       0 |
| BSD-3         |     1 |       0 |
| EPL           |     1 |       0 |
| LGPL-3+       |     1 |       0 |
| LGPL-3.0      |     1 |       0 |
|---------------+-------+---------|
| total GNU     |  2925 |      80 |
|---------------+-------+---------|
| total         |  3672 |     100 |

And to briefly answer the post questions:

>   > | (unknown)     |   509 |      14 |
>
> Could you explain what "unknown" means?  If a program
> does not explicitly state a license, it is proprietary.

Either the license was not specified OR the code was unable to find
the permission statement, which actually is present.

>   > | as-is         |   117 |       3 |
>
> Could you tell me what "as-is" means, here?  Is "as-is" meant to
> identify a speciic license?  If so, could you please show it to me?  I
> need to determine whether it is a free license and GPL-compatible.

Essentially the string "as-is" was found in the header.  I do agree
that this is ambiguous and problematic, but I decided to provide
this information anyway, because it is at least less ambiguous than
"unknown".

>   > | MIT           |    45 |       1 |
>
> "MIT" as the name of a license is ambiguous; see

Merely reporting that the string "MIT license" was found.

>   > | GPL           |    29 |       1 |
>
> What does that mean, concretely?
> Do these packages say, "any version of the GNU GPL"?
> That would be peculiar but not a substantive problem.
>
>   > | GPL-1         |     4 |       0 |
>
> Do these packages carry "GPL version 1 only"
> or "GPL version 1 or later"?

This has been improved now:

* "GPL"     => the GPL was mentioned, no version was mention
               (or possibly was just not detected)
* "GPL-N"   => the GPL and version N were mentioned
* "GPL-N+"  => ... additionally "or (at your opinion) any later version"
               was found (or a variation thereof).

>   > | EPL           |     1 |       0 |
>
> Does that mean the Eclipse Public License?

My guess is as good as yours; the string ";; License: EPL" was found.

  Best regards,
  Jonas

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  >   This may be because the
  > > library lacks a permission statement altogether (possibly because an
  > > accompanying ~LICENSE~ file is considered sufficient by the upstream),

  > > but it may also be because ~elx-license~ does not attempt to detect the
  > > used non-standard and/or non-fsf permission statement, or because of
  > > typos in the statement, or for a number of other reasons.

We need to get a handle on what is really going on for these cases.
A typo in a license notice, or an unusual license, might not be a real
problem.  The lack of a clearly stated free license is a real problem,
and the mere possibility that someone stated a license for it
in some other site is not enough to make the problem go away.

We need to find out what is going on in those 500 packages.

One useful way to investigate would be to pick 10 of those packages,
and see what is the situation with each of them.

Would someone please volunteer to do this?

  > > Does that mean the Eclipse Public License?

  > My guess is as good as yours; the string ";; License: EPL" was found.

Could someone please check for certain?

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
In reply to this post by Jonas Bernoulli-5
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > | BSD           |     3 |       0 |
  > | BSD-3         |     1 |       0 |

What is the difference between "BSD" and "BSD-3"?
Can you show me the text of the license that plain "BSD" represents?

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Jonas Bernoulli-5
In reply to this post by Richard Stallman

Richard Stallman <[hidden email]> writes:

>   > > This may be because the
>   > > library lacks a permission statement altogether (possibly because an
>   > > accompanying ~LICENSE~ file is considered sufficient by the upstream),
>
>   > > but it may also be because ~elx-license~ does not attempt to detect the
>   > > used non-standard and/or non-fsf permission statement, or because of
>   > > typos in the statement, or for a number of other reasons.
>
> We need to get a handle on what is really going on for these cases.
> A typo in a license notice, or an unusual license, might not be a real
> problem.  The lack of a clearly stated free license is a real problem,
> and the mere possibility that someone stated a license for it
> in some other site is not enough to make the problem go away.
>
> We need to find out what is going on in those 500 packages.
>
> One useful way to investigate would be to pick 10 of those packages,
> and see what is the situation with each of them.
>
> Would someone please volunteer to do this?

Once you have found someone to do this, s/he should contact me and I
will provide the necessary data and/or help that person get started
using my tools themselve.  Using those tools instead of just relying
on a data dump would actually make the process easier.  But currently
the usage instructions are spread across multiple manual, blog posts,
and repositories, so some guidance by me might be necessary to get
started.

The process could then be something like
1. emacs ~/code/epkg-stats/licenses-extras.org
2. emacs ~/code/emacsmirror/mirror/<package>/<package>.el
3. emacs ~/.emacs.d/lib/elx/elx.el # refine and add regexps
4. M-: (elx-license)               # in <package>.el
   unless satisfied, goto 3
5. M-x emir-recreate-packages      # *
6. C-c C-v C-b                     # in licenses-extras.org
7. M-x magit-diff-unstaged
8. goto 1

* Doesn't actually exist right now, you need to use
  emir-update-packages, with the irrelevant parts
  commented out.  Even then, this takes a few minutes.

  Jonas

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Mats Lidell-3
> Jonas Bernoulli writes:
> Richard Stallman <[hidden email]> writes:
[..]

> > We need to find out what is going on in those 500 packages.
> >
> > One useful way to investigate would be to pick 10 of those packages,
> > and see what is the situation with each of them.
> >
> > Would someone please volunteer to do this?
>
> Once you have found someone to do this, s/he should contact me and I
> will provide the necessary data and/or help that person get started
> using my tools themselve.  Using those tools instead of just relying
> on a data dump would actually make the process easier. [...]

Getting it into elx-license in source code format is of course great but I
would start with just looking at a few packages as suggested to find out if
there is an overall picture, if there is any new license patterns to grep for
so to speak.

I'm initializing/updating the epkgs/mirror now so if you could provide me with
a list of the interesting packages it would be most helpful and speed things
up.

Yours
--
%% Mats

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
In reply to this post by Jonas Bernoulli-5
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

500 (roughly) packages is a lot of packages, and checking them by hand
would be a fair amount of work.  The only way to check so many packages
efficiently is with tools.

But we don't need to study 500 packages to understand the _general
causes_ for which packages show up as "unlicensed".

I propose that people pick 10 of these packages, perhaps randomly, and
study each of the 10 by hand.  Does it have any license that the
existing tools did not notice?  If so, is there a way to fix them to
notice that license?  Was it a typo in the licence notice?

Or was that package simply published with no license?

10 packages is a much smaller task.  Small enough, I think, that there
is no need to worry about making any special tools.  It's enough to
look at the source files.

Once we understand what KINDS of problems appear among these
"unlicensed" packages, I expect it will be clear what questions to
pose for the other 500 or so "unlicensed" packages, and easy enough to
write automatic tools to characterize almost all of them.

Wha do you think of this approach?

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Jean-Christophe Helary

> On Jul 16, 2017, at 10:55, Richard Stallman <[hidden email]> wrote:
>
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> 500 (roughly) packages is a lot of packages, and checking them by hand
> would be a fair amount of work.  The only way to check so many packages
> efficiently is with tools.
>
> But we don't need to study 500 packages to understand the _general
> causes_ for which packages show up as "unlicensed".
>
> I propose that people pick 10 of these packages, perhaps randomly, and
> study each of the 10 by hand.  Does it have any license that the
> existing tools did not notice?  If so, is there a way to fix them to
> notice that license?  Was it a typo in the licence notice?
>
> Or was that package simply published with no license?
>
> 10 packages is a much smaller task.  Small enough, I think, that there
> is no need to worry about making any special tools.  It's enough to
> look at the source files.
>
> Once we understand what KINDS of problems appear among these
> "unlicensed" packages, I expect it will be clear what questions to
> pose for the other 500 or so "unlicensed" packages, and easy enough to
> write automatic tools to characterize almost all of them.
>
> Wha do you think of this approach?

That's an easy and useful task that can be handled by beginning contributors. Could experienced people provide the list of packages 500+ that we need to pick 10 from ?

Jean-Christophe
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Jonas Bernoulli-5
In reply to this post by Richard Stallman
I have looked at some files and made some improvements.  We are now down
to roughly 200 packages that still need to be checked.

| License       | Count | Percent |
|---------------+-------+---------|
| GPL-3+        |  2247 |      61 |
| GPL-2+        |   614 |      17 |
| (unknown)     |   209 |       6 |
| MIT           |   169 |       5 |
| GPL-3         |    99 |       3 |
| as-is         |    72 |       2 |
| (pending)     |    66 |       2 |
| BSD-2-clause  |    43 |       1 |
| GPL-2         |    41 |       1 |
| unlicense     |    30 |       1 |
| Apache-2.0    |    24 |       1 |
| public-domain |    23 |       1 |
| BSD-3-clause  |    17 |       0 |
| WTFPL         |     9 |       0 |
| GPL-1+        |     4 |       0 |
| BSD           |     3 |       0 |
| GPL           |     2 |       0 |
| ISC           |     2 |       0 |
| LGPL          |     2 |       0 |
| AGPL-3        |     1 |       0 |
| AGPL-3+       |     1 |       0 |
| Artistic-2.0  |     1 |       0 |
| BSD-3         |     1 |       0 |
| EPL           |     1 |       0 |
| EPL-1.0       |     1 |       0 |
| LGPL-3        |     1 |       0 |
| LGPL-3+       |     1 |       0 |
| LGPL-3.0      |     1 |       0 |
| MPL-2         |     1 |       0 |
|---------------+-------+---------|
| total GNU     |  3014 |      82 |
|---------------+-------+---------|
| total         |  3686 |     100 |

Well not quite the 66 "pending" packages also have "unknown" licenses,
bit in those cases I have already contacted the maintainers.

There are a few additional ambiguous and/or otherwise problematic
licenses showing up now, but I would suggest that we concentrate on
getting the number of packages with unknown licenses down, before we
tackle those.

  Richard Stallman said:
> I propose that people pick 10 of these packages, perhaps randomly, and
> study each of the 10 by hand. [...] 10 packages is a much smaller
> task.  Small enough, I think, that there is no need to worry about
> making any special tools.  It's enough to look at the source
> files. [...]  Wha do you think of this approach?

Of course that helps, and since some people have offered to help with
that, I have now created a list of the remaining packages.  There is now
a new file, licenses-details.org in the epkg-reports [1] repository that
contains just that.

It would however be nice if the people who look into this would also
contact some authors to encourage them to properly license their code.

  Jonas

[1]: git clone https://github.com/emacsmirror/epkg-reports.git

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Mats Lidell-3
> Jonas Bernoulli writes:

> [...] since some people have offered to help with that, I have now created a
> list of the remaining packages.  There is now a new file,
> licenses-details.org in the epkg-reports [1] repository that contains just
> that.

Thanks. Just what I need. Picking the first ten of that list gives:

achievements No license    
gap-mode No license    
ttl-mode Two-clause BSD licence
riscv-mode README.md says GPLv3+ but source file lacks license information
zig-mode No license
airline-themes No license    
ghc        According to LICENSE file: AGPL3 but files with BSD3 exists
darkane-theme No license
kpm-list Home made license!?
google-this Incomplete GPL license

From this it looks like manually going through the packages could be the only
way.

Maybe greping through all files in a package looking for the absence of
strings like gpl or license could spot many of the "No license" cases.

> It would however be nice if the people who look into this would also
> contact some authors to encourage them to properly license their code.

Or we could do a centralized effort when we have classified all packages?

What is the motivating factor for the authors who have not assigned any
license to their package? That open source software should be covered bye one
clearly stated open source license?

Yours
--
%% Mats

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Mats Lidell-3
> Mats Lidell writes:
> Thanks. Just what I need. Picking the first ten of that list gives:

Picked ten more:

ruby-dev          No license
zerodark-theme    Creative Commons Attribution-ShareAlike 4.0 International License.
erc-view-log      "Do What The Fuck You Want To Public License, Version 2, as published by Sam Hocevar"
omnisharp         No license
nyan-prompt       "Copying is an act of Love, please copy."
password-vault    "Copying is an act of Love, please copy."
iasm-mode         BSD 2-clause "Simplified" License (Only in LICENSE file)
refheap           No license
zonokai-theme     GPLv3+ (Not found by elx-license because main file is called zonkai.el!?)
reverse-im        No license

Yours
--
%% Mats

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
In reply to this post by Jonas Bernoulli-5
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I have looked at some files and made some improvements.  We are now down
  > to roughly 200 packages that still need to be checked.

That's much better than it previously appeared.

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
In reply to this post by Mats Lidell-3
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Thanks for checking 10 packages.  Your report makes the issue
completely clear.

This one package might actually be ok.

  > ttl-mode Two-clause BSD licence

Is the license properly applied?  If so, I guess the license-checking
scripts should be fixed to take notice of it.

The rest are all real problems of greater or lesser severity.

  > achievements No license    
  > gap-mode No license    
  > riscv-mode README.md says GPLv3+ but source file lacks license information
  > zig-mode No license
  > airline-themes No license    
  > ghc        According to LICENSE file: AGPL3 but files with BSD3 exists
  > darkane-theme No license
  > kpm-list Home made license!?
  > google-this Incomplete GPL license

For the moment, I don't think I need any more information about the
other packages.  The overall outlines of the problem are clear enough,
and one package more or less in each category won't change it much.

I will study the right way to address the situation.

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
In reply to this post by Mats Lidell-3
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > > It would however be nice if the people who look into this would also
  > > contact some authors to encourage them to properly license their code.

  > Or we could do a centralized effort when we have classified all packages?

By its nature, it is a matter of talking with developers for one
package at a time.  Thus, I don't see that it makes much difference
how we organize it or schedule it.

What could make a big difference is to find someone particularly good
at talking with people tactfully.  Alas, that's not our forte.  I will
look for someone to do this.

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
In reply to this post by Mats Lidell-3
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > What is the motivating factor for the authors who have not assigned any
  > license to their package? That open source software should be covered bye one
  > clearly stated open source license?

I suspect part of the cause is the influence of the "open source"
idea.

In the free software movement, the point a free program is to give
users freedom.  The license is what gives users that freedom, so the
choice of the best free license is a very important question, and
applying the license properly is crucial.

The "open source" idea tends to make "good code" the highest value,
and treats "giving users freedom" as secondary.  While the original
leaders of open source treated licenses as important, the ideas have
evolved over the last ten years to dismiss licenses as a minor detail.

Under the malign influence of GitHub, developers often don't bother to
put on a license.  This means the program is not free software (nor
open source either).

https://gnu.org/philosophy/open-source-misses-the-point.html explains
the difference between free software and open source, especially at
the level of ideas.

This is part of why, in the GNU Project, we never use the term "open
source" to describe what we are doing.

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Mats Lidell-3
> Richard Stallman writes:
> Under the malign influence of GitHub, developers often don't bother to
> put on a license.  This means the program is not free software (nor
> open source either).

Maybe we need to ask the authors why the decided to do as they did?

If I remember correctly, most of the "No license" packages I looked at were
really small consisting of just one file and that that file too was rather
small. I can, in my fantasies, come up with a number of possible reasons why
the author of such a package would skip the licensing but why guess, lets ask
them!?

Yours
--
%% Mats

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Some hard numbers on licenses used by elisp packages

Richard Stallman
[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Maybe we need to ask the authors why the decided to do as they did?

If you would like to do it, please give it a try.
I'd be interesting to hear what you find.

--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.


Loading...