You are not logged in.

#1 2024-10-13 11:39:57

dreieck
Member
Registered: 2012-10-08
Posts: 64

What to do when upstream has no license?

Ahoj,

sometimes, there is some software where upstream has not specified any license or copyright information, e.g. https://github.com/yamatsum/nvim-nonicons (AUR package: 'neovim-nonicons-git').

When making an AUR package out of this, what should be put into the 'license' array and what should be installed into '/usr/share/licenses/${pkgname}/'?

Regards!

Offline

#2 2024-10-13 11:58:55

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 12,378
Website

Re: What to do when upstream has no license?

Reach out to the creator?


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#3 2024-10-13 12:39:37

dreieck
Member
Registered: 2012-10-08
Posts: 64

Re: What to do when upstream has no license?

WorMzy wrote:

Reach out to the creator?

Of course, but still, the creator might not answer at all and there still might be the wish to create an AUR package.

For now I used

license=('LicenseRef-unknown')

and installed a `/usr/share/licenses/${pkgname}/license-unknown.txt` with the content

As of 2024-10-13 it is unknown what the license of this project is.

Assume full copyright to the author https://github.com/yamatsum.

See https://github.com/yamatsum/nvim-nonicons/issues/34 for the issue of unknow license.

as a workaround.

Is this in line with the AUR rules?, or is it forbidden to create a package at all when upstream does not provide a license?

I mean, people might "just not care", release stuff to the public domain in their opinion, but because they do not want to care at all they even do not want to bother to write any licensing information.

Offline

#4 2024-10-13 13:04:19

Trilby
Banned
Registered: 2011-11-29
Posts: 30,330
Website

Re: What to do when upstream has no license?

dreieck wrote:

Is this in line with the AUR rules?, or is it forbidden to create a package at all when upstream does not provide a license?

Strictly, NO, and YES.

dreieck wrote:

I mean, people might "just not care", release stuff to the public domain

And if they did that, you'd be all set.  But not specifying a license is really the exact opposite from releasing something into the public domain.  If there is no license, it is illegal to download or copy let alone run / use the software.

"But that's just inconvenient" doesn't change the law.  It may change enforcement, but the fact that you'd almost certainly get away with something also doesn't mean it's actually legal (nor acceptable in the AUR).  And preemptive note on a common "excuse": the fact that some other AUR packages are already violating these laws and going unnoticed also doesn't make it okay.

This is confirmed in github's docs

github wrote:

... without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work.

TLDR: if there's not license, do not package it.

Last edited by Trilby (2024-10-13 13:11:22)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#5 2024-10-13 13:47:34

dreieck
Member
Registered: 2012-10-08
Posts: 64

Re: What to do when upstream has no license?

Trilby wrote:
dreieck wrote:

Is this in line with the AUR rules?, or is it forbidden to create a package at all when upstream does not provide a license?

Strictly, NO, and YES.
[...]
If there is no license, it is illegal to download or copy let alone run / use the software.
[...]
This is confirmed in github's docs

github wrote:

... without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work.

TLDR: if there's not license, do not package it.

Thanks!, I was not aware of that legal status (when someone puts something publicly accessible online but not specifies a license, that it is still forbidden to actually see or download for private use that material that was published.)

Anyway, what github wrotes:

github wrote:

reproduce, distribute, or create derivative works

In my understanding "distribution" is if I give it to others. Not that I take it from the primary source and download it to my own system, without giving it to others. (That is what an AUR package does: It does not distribute the content, but it only tells how you do it by yourself.) "reproduce" I can argue that downloading such stuff from github, or reading it on github, can be considered as "reproduction", because once you see the stuff it is also on your monitor (and RAM) and not only at github. "create derivative works" -- compiling source code locally I can understand that this is creating derivative work. Just copying scripts into place is not creating derivative work in my opinion.

So, given that: When github themselves forbit that, why do they actually allow browsing of repositories without a license? This invites others to violate the copyright similarly as providing a PKGBUILD that downloads that stuff and builds a package invites others to violate the copyright.

Finally, because of your clarification, I filed a deletion request for the AUR package 'neovim-nonicons-git'.

Regards!

Offline

#6 2024-10-13 13:55:44

Trilby
Banned
Registered: 2011-11-29
Posts: 30,330
Website

Re: What to do when upstream has no license?

Github's terms of use includes specification that the owners of all public repositories grant the right to view their material to all other users of the github website.

It's also true that a PKGBUILD does not violate any non-granted rights.  But any user who downloads that content is violating copyright (in the strictest sense).  So while having a PKGBUILD on the AUR for this is not illegal in and of itself, having a PKGBUILD in the AUR for this would serve no purpose but to facilitate others doing something illegal - and as such it's a violation of our code of conduct.

Again, this is all in the strictest sense, and people do get away with such things every day.  It's also reasonable to argue the author's intent in sharing that content on github was for others to use it.  But while likely true, such arguments do not change the implied copyright that exists in most jurisdictions.

Moral of story: license any work you post publicly.  Even if you hate copyright, or object to licensing: one's own objections do not change the law.  DWTFYL, CC-0, and similar licenses can make a statement of such objection while still allowing people to use content legally.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

Board footer

Powered by FluxBB