On 22/07/11 09:39AM, Jilayne Lovejoy wrote:
1) when you say "some go packages in Fedora use bundled
dependencies" - does
that mean the dependency is bundled in the same (binary) RPM, in which case
determining what goes in the License field for that spec file is a bit more
Yes, I am talking about vendoring. Many go packages are unbundled (i.e. their
libraries are packaged separately and the packages BuildRequire the library
The bundled packages are built from vendored
dependencies, and the source code of the dependencies are included in the source
RPM. The binaries are still statically linked either way.
2) "nonbundled" (the case here) means that there is one package that
is dependent on another separate package via static linking, thus once
built it becomes one binary (I'm not sure I'm using all the right
terminology here, but hopefully that makes sense!) In this case, the
License field for each individual package is somewhat straight
Yes, that is what I meant by unbundled. As I said, everything still
becomes one binary whether or not its dependencies are bundled.
but how does one account for the license after static
linking, particularly due to the presence of GPL.
That is basically my question.
> > Surely this sort of question has
> > come up before for Fedora Go packages... or has it?
> In general, I think packagers could use more guidance/documentation about this
issue, but here is the current situation:
> I believe similar issues have been discussed on this ML, but more so related to
rust. (Rust binaries are also statically linked and built against unbundled dependencies
in Fedora.) The Rust Packaging Guidelines require that rust binaries' License tags
account for the licenses of their respective dependencies. AFAIK, rust packages that
contain binaries don't include the license *files* for their dependencies, though.
Can you point me to the Rust Packaging Guidelines? It sounds like there is
something about licensing guidelines included there, but seems like all
licensing-related advice should be in one place, no?
is the relevant part.
> : The "dependencies" (rust crates) are only required at buildtime,
again, due to static linkage.
> Most, if not all, unbundled go packages only account for the license of the code
contained in that SRPM.
that would be like my second scenario above, right?
Yes, it is.
Maxwell G (@gotmax23)