NOTE: Please publicize any license changes to your packages

[Simo Sorce]

On Tue, 2007-07-24 at 15:57 -0400, Jesse Keating wrote:
> On Tue, 24 Jul 2007 12:49:59 -0700
> Arjan van de Ven <arjan at infradead.org> wrote:
> 
> > gplv3 is not compatible with v2, but for what would it need to be? YOu
> > can have v2 and v3 programs in the same distro just like you can have
> > v2 and other licensed programs in the same distro.
> > 
> > It only becomes a problem when you're linking (and for most cases that
> > is fine) or are otherwise a derived work.
> 
> Yes, and that's why we need to know, so we can examine the linking path
> and ensure that we're not breaking any (l)gplv2 only licenses.  We
> can't just rely upon upstream, as they have no idea what we're linking
> to their software.

Not so easy, some packages may contain differently licensed
binaries/libraries.
As an example samba is GPLv2 (GPLv3 with the next release) but some key
libraries are LGPLv2 (v3 next). These libraries have been released under
the LGPL explicitly because some other projects wanted to use them and
needed (because of foreign constraints) a more liberal license.

So a tool that marks samba as GPLv3 may raise a high number of false
positives. I guess many other projects will fall under the same
conditions.

Also sometimes plugins falls in a grey area while technically a graph
may seem to link incompatible licensed code that is not clearly
derivative. Lots of corner cases.

Finally managing exceptions (like the OpenSSL one many projects have)
may not be easy at all.

Simo.