[arch-general] Distribution license of package information on the website?
Hi everyone, I'm interested in collecting the metadata of all packages. I intend to do this by crawling the ArchLinux package listing pages (let me know if there is a better way!). However, on the package listing pages [1,2], I do not see any license information regarding how one can use these metadata. Can someone help me here? Thanks! [1]: https://www.archlinux.org/packages/ [2]: https://aur.archlinux.org/packages/ Hong
On 29 May 2018 at 08:57, Hong Xu <hong@topbug.net> wrote:
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to do this by crawling the ArchLinux package listing pages (let me know if there is a better way!). However, on the package listing pages [1,2], I do not see any license information regarding how one can use these metadata. Can someone help me here? Thanks!
[1]: https://www.archlinux.org/packages/ [2]: https://aur.archlinux.org/packages/
Hong
There are web interfaces for the main repositories and the AUR. https://wiki.archlinux.org/index.php/AurJson https://wiki.archlinux.org/index.php/Official_repositories_web_interface
On 05/29/2018 07:19 AM, Morgan Adamiec via arch-general wrote:
On 29 May 2018 at 08:57, Hong Xu <hong@topbug.net> wrote:
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to do this by crawling the ArchLinux package listing pages (let me know if there is a better way!). However, on the package listing pages [1,2], I do not see any license information regarding how one can use these metadata. Can someone help me here? Thanks!
[1]: https://www.archlinux.org/packages/ [2]: https://aur.archlinux.org/packages/
Hong
There are web interfaces for the main repositories and the AUR.
https://wiki.archlinux.org/index.php/AurJson https://wiki.archlinux.org/index.php/Official_repositories_web_interface
This is not a practical "How can I programmatically do this" but a legalistic "under what copyright permissions am I permitted to do this". -- Eli Schwartz Bug Wrangler and Trusted User
On 29 May 2018 at 12:23, Eli Schwartz via arch-general <arch-general@archlinux.org> wrote:
On 05/29/2018 07:19 AM, Morgan Adamiec via arch-general wrote:
On 29 May 2018 at 08:57, Hong Xu <hong@topbug.net> wrote:
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to do this by crawling the ArchLinux package listing pages (let me know if there is a better way!). However, on the package listing pages [1,2], I do not see any license information regarding how one can use these metadata. Can someone help me here? Thanks!
[1]: https://www.archlinux.org/packages/ [2]: https://aur.archlinux.org/packages/
Hong
There are web interfaces for the main repositories and the AUR.
https://wiki.archlinux.org/index.php/AurJson https://wiki.archlinux.org/index.php/Official_repositories_web_interface
This is not a practical "How can I programmatically do this" but a legalistic "under what copyright permissions am I permitted to do this".
-- Eli Schwartz Bug Wrangler and Trusted User
Oh yeah, my mistake. That's an interesting topic actually thanks.
On 05/29/2018 03:57 AM, Hong Xu wrote:
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to do this by crawling the ArchLinux package listing pages (let me know if there is a better way!). However, on the package listing pages [1,2], I do not see any license information regarding how one can use these metadata. Can someone help me here? Thanks!
We have an open bug for this, actually: https://bugs.archlinux.org/task/44893 I'm of the opinion that there cannot be a license requirement for reuse at all, since it's not original enough, and explicitly clarify this in https://github.com/eli-schwartz/pkgbuilds#copyright -- Eli Schwartz Bug Wrangler and Trusted User
Em maio 29, 2018 8:27 Eli Schwartz via arch-general escreveu:
I'm of the opinion that there cannot be a license requirement for reuse at all, since it's not original enough, and explicitly clarify this in https://github.com/eli-schwartz/pkgbuilds#copyright
Well, I never thought about licensing PKGBUILD's. Honestly, I don't think we need a license. But, perhaps, considering the implications of this request, we can discuss about one. I'm not against it, and we currently have ways for someone to do this. Thinking from the technical standpoint, I just don't want our servers to be even more hammered with API requests than they are, specially the AUR. Regards, Giancarlo Razzolini
On 05/29/2018 07:27 PM, Giancarlo Razzolini via arch-general wrote:
Thinking from the technical standpoint, I just don't want our servers to be even more hammered with API requests than they are, specially the AUR.
Well, as far as the repos go, one could just query the database files directly instead of hammering that API. -- Rob (coderobe) O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
On 05/29/2018 10:27 AM, Giancarlo Razzolini via arch-general wrote:
Em maio 29, 2018 8:27 Eli Schwartz via arch-general escreveu:
I'm of the opinion that there cannot be a license requirement for reuse at all, since it's not original enough, and explicitly clarify this in https://github.com/eli-schwartz/pkgbuilds#copyright
Well, I never thought about licensing PKGBUILD's. Honestly, I don't think we need a license. But, perhaps, considering the implications of this request, we can discuss about one. I'm not against it, and we currently have ways for someone to do this.
Thinking from the technical standpoint, I just don't want our servers to be even more hammered with API requests than they are, specially the AUR.
Regards, Giancarlo Razzolini
(IANAL) While every single PKGBUILD file may be trivial enough and thus does not require a license, the aggregation of them is actually significant. For now, let's see them as data files as they are in the database. without an explicit license, under the US copyright law, the owner has all rights reserved, including the right to "to reproduce the copyrighted work in copies or phonorecords" and to "distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending" (see [1]). I think this can be eventually harmful for ArchLinux. For example, one can host an internal mirror for ArchLinux repositories without signing explicit agreement with the owner of the repository data. Even, as a user, downloading repository data is a form of reproducing. It might be good if developers have to agree to license PKGBUILD files under a certain license when they are uploading packages (again, I Am Not A Lawyer). But someone should consult a lawyer to do all these... [1]: https://www.law.cornell.edu/uscode/text/17/106 Hong
Op di 29 mei 2018 21:18 schreef Hong Xu <hong@topbug.net>:
On 05/29/2018 10:27 AM, Giancarlo Razzolini via arch-general wrote:
Em maio 29, 2018 8:27 Eli Schwartz via arch-general escreveu:
I'm of the opinion that there cannot be a license requirement for reuse at all, since it's not original enough, and explicitly clarify this in https://github.com/eli-schwartz/pkgbuilds#copyright
[...] (IANAL) While every single PKGBUILD file may be trivial enough and thus does not require a license, the aggregation of them is actually
significant. [...]
I
think this can be eventually harmful for ArchLinux. For example, one can host an internal mirror for ArchLinux repositories without signing explicit agreement with the owner of the repository data. Even, as a user, downloading repository data is a form of reproducing.
Ianal either (but also not an American), I fail to see how mirroring *free* software can be harmful for that same free software. It's not as if "we" are obliged (by contract or law) to ensure quality or something. With OSS you get what you pay for; if your kitten gets eaten in the process, too bad... Now, if we were talking about commercial software, that might be something else. But AFAIK that has no real place in our repos. Mvg, Guus Snijders
On 05/30/2018 02:55 PM, Guus Snijders via arch-general wrote:
Op di 29 mei 2018 21:18 schreef Hong Xu <hong@topbug.net>:
On 05/29/2018 10:27 AM, Giancarlo Razzolini via arch-general wrote:
Em maio 29, 2018 8:27 Eli Schwartz via arch-general escreveu:
I'm of the opinion that there cannot be a license requirement for reuse at all, since it's not original enough, and explicitly clarify this in https://github.com/eli-schwartz/pkgbuilds#copyright
[...]
(IANAL) While every single PKGBUILD file may be trivial enough and thus
does not require a license, the aggregation of them is actually
significant. [...]
I
think this can be eventually harmful for ArchLinux. For example, one can host an internal mirror for ArchLinux repositories without signing explicit agreement with the owner of the repository data. Even, as a user, downloading repository data is a form of reproducing.
Ianal either (but also not an American), I fail to see how mirroring *free* software can be harmful for that same free software. It's not as if "we" are obliged (by contract or law) to ensure quality or something. With OSS you get what you pay for; if your kitten gets eaten in the process, too bad...
Now, if we were talking about commercial software, that might be something else. But AFAIK that has no real place in our repos.
The harmful part is not about mirroring the software themselves, but the metadata created by package maintainers. Hong
On 29/05/18 18:27, Giancarlo Razzolini via arch-general wrote:
Well, I never thought about licensing PKGBUILD's. Honestly, I don't think we need a license.
As a data point, Debian packaging files contain a debian/copyright [1] file which allows the package maintainer to specify a license for the packaging files (debian/*). (Generally things under debian/* are, or perhaps default to, GPL 2 as per the template.) As things are, contributors/maintainers have to license the use of their work in some way otherwise packages couldn't be built from the packaging files; packaging files are still "IP" therefore probably should be licensed. The AUR in particular is interesting as there's nothing I can see that specifies that the user-submitted packaging files are available for "free" use and which prevents me from slapping a restrictive distribution license on them and trying to charge for their use/redistribution/whatever. (And e.g. what happens if the package is adopted to [community]? Could I say I wanted payment because Arch gained the benefit of my work?) (IANAL but I /am/ a pessimist) [1] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
participants (7)
-
Eli Schwartz
-
Giancarlo Razzolini
-
Guus Snijders
-
Hong Xu
-
Jonathon Fernyhough
-
Morgan Adamiec
-
Robin Broda