X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-0.6 required=5.0 	tests=AWL,BAYES_00,TBC
X-Spam-Check-By: sourceware.org
Message-ID: <4AC1E226.10403@cisra.canon.com.au>
Date: Tue, 29 Sep 2009 20:32:06 +1000
From: Luke Kendall <luke DOT kendall AT cisra DOT canon DOT com DOT au>
User-Agent: Thunderbird 2.0.0.21 (X11/20090302)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Four license questions that affect commercial use of Cygwin
References: <4AC1D0E4 DOT 3030908 AT cisra DOT canon DOT com DOT au> <20090929094557 DOT GD7193 AT calimero DOT vinschen DOT de>
In-Reply-To: <20090929094557.GD7193@calimero.vinschen.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-TSM-Policy: PASS
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen wrote:
> On Sep 29 19:18, Luke Kendall wrote:
>> The URL http://cygwin.com/licensing.html (in summary) says that most  
>> Cygwin software is licensed under GNU GPL, X11 copyright (not sure how  
>> that's a license), and some are public domain.
>>
>> I'm just wondering what's the recommended way to check that use of  
>> Cygwin internally at a company (no re-distribution) complies with all  
>> the licenses.
>>
>> Obviously, if Cygwin (Red Hat?) provided answers to the above questions,  
>> it would save an enormous amount of repeated legal work. (N hours per  
>> license per company that uses Cygwin.)
> 
> First of all, it might depend on the selection of packages you made
> since, obviously, licenses of packages which you don't use are no
> concern for you.

Of course.  But assuming one chooses to install everything ...

Um, and assuming that we found a list of packages that had no licenses, 
and a list of packages with licenses that we can't accept, is there any 
way to supply setup with a pre-defined list of packages to include or 
exclude?  Or would everyone installing Cygwin at our company have to 
read through a list of disallowed-by-our-company packages and deselect 
each one (after first clicking on All)?

> So, sure, Red Hat *could* do that, but that would mean to take over
> responsibility for something which is in the responsibility of the user
> in the first place.  Eventually only a lawyer can make sure you comply,
> but, apart from the responsibility, the job of a lawyer isn't exactly
> for free.  So this is a job to redirect to *your* legal department.

I don't think my four questions asked for legal advice, they were about 
asking if someone had done the groundwork to enable legal checks to be 
of only normal difficulty.  By that I mean, normally you get the 
license(s) text, you don't have to hunt for that.

As an engineer, it seems inefficient if every company that wants to use 
Cygwin first has to spend several days/weeks finding all the licenses 
across 2000(?) packages, distilling the license files down into a set, 
find any that forbid commercial use, checking that the remaining 
licenses are compatible with each other, and *then, finally* checking 
each unique license in the usual way.

> A list of licenses used in Cygwin packages is in the cygwin-docs
> package, plus, every package with a non-standard license typically
> provides it under /usr/share/doc/<packagename>.

Thanks, that's very helpful, and is an excellent example of how some 
collected information can save a lot of companies a lot of work to check 
they can use Cygwin.

Using your information, I can create a script that produces a list of 
all the licenses.  I guess if the license files themselves have varying 
names (ideally they'd all be just "license.txt"), I may need to then add 
some heuristics to pick the license file out.  From that I can then 
create something that produces just a set of the unique licenses.  And 
then I can pass that to our legal department.

I can also diff it against new Cygwin releases to identify changes to 
licenses and new licenses added for new packages.

> However, there's no
> guarantee that the list is complete.

Erk, that sounds scary.  Does that mean the process for adding new 
packages doesn't include adding the license information into the license 
list?  Would that be a process improvement that could be considered for 
the future?

> As for licenses with commercial exceptions, personally (IANAL, and I'm
> not speaking for Red Hat, nor for the Cygwin community at large, nor did
> I actually search for it) I think there is none in the distro, except
> for the Cygwin license itself.

I can't see anything in http://cygwin.com/licensing.html that says 
Cygwin can't be used for commercial purposes (thank goodness!).  Maybe 
you meant something else.

> And that only applies to exceptions from
> the GPL.
> 
> Other than that, licensing questions should better go to the
> cygwin-licensing mailing list.

I didn't know it existed. Sorry.  I'd better subscribe to it, and I'll 
take my questions there, and stop troubling this list.

Thanks again,

luke

> Corinna
> 


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple