Discussion:
[arch-general] Distribution license of package information on the website?
Hong Xu
2018-05-29 07:57:24 UTC
Permalink
Hi everyone,

I'm interested in collecting the metadata of all packages. I intend to
do this by crawling the ArchLinux package listing pages (let me know if
there is a better way!). However, on the package listing pages [1,2], I
do not see any license information regarding how one can use these
metadata. Can someone help me here? Thanks!

[1]: https://www.archlinux.org/packages/
[2]: https://aur.archlinux.org/packages/


Hong
Morgan Adamiec via arch-general
2018-05-29 11:19:39 UTC
Permalink
Post by Hong Xu
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to
do this by crawling the ArchLinux package listing pages (let me know if
there is a better way!). However, on the package listing pages [1,2], I
do not see any license information regarding how one can use these
metadata. Can someone help me here? Thanks!
[1]: https://www.archlinux.org/packages/
[2]: https://aur.archlinux.org/packages/
Hong
There are web interfaces for the main repositories and the AUR.

https://wiki.archlinux.org/index.php/AurJson
https://wiki.archlinux.org/index.php/Official_repositories_web_interface
Eli Schwartz via arch-general
2018-05-29 11:23:31 UTC
Permalink
Post by Morgan Adamiec via arch-general
Post by Hong Xu
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to
do this by crawling the ArchLinux package listing pages (let me know if
there is a better way!). However, on the package listing pages [1,2], I
do not see any license information regarding how one can use these
metadata. Can someone help me here? Thanks!
[1]: https://www.archlinux.org/packages/
[2]: https://aur.archlinux.org/packages/
Hong
There are web interfaces for the main repositories and the AUR.
https://wiki.archlinux.org/index.php/AurJson
https://wiki.archlinux.org/index.php/Official_repositories_web_interface
This is not a practical "How can I programmatically do this" but a
legalistic "under what copyright permissions am I permitted to do this".
--
Eli Schwartz
Bug Wrangler and Trusted User
Morgan Adamiec via arch-general
2018-05-29 11:31:27 UTC
Permalink
On 29 May 2018 at 12:23, Eli Schwartz via arch-general
Post by Eli Schwartz via arch-general
Post by Morgan Adamiec via arch-general
Post by Hong Xu
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to
do this by crawling the ArchLinux package listing pages (let me know if
there is a better way!). However, on the package listing pages [1,2], I
do not see any license information regarding how one can use these
metadata. Can someone help me here? Thanks!
[1]: https://www.archlinux.org/packages/
[2]: https://aur.archlinux.org/packages/
Hong
There are web interfaces for the main repositories and the AUR.
https://wiki.archlinux.org/index.php/AurJson
https://wiki.archlinux.org/index.php/Official_repositories_web_interface
This is not a practical "How can I programmatically do this" but a
legalistic "under what copyright permissions am I permitted to do this".
--
Eli Schwartz
Bug Wrangler and Trusted User
Oh yeah, my mistake. That's an interesting topic actually thanks.
Eli Schwartz via arch-general
2018-05-29 11:27:40 UTC
Permalink
Post by Hong Xu
Hi everyone,
I'm interested in collecting the metadata of all packages. I intend to
do this by crawling the ArchLinux package listing pages (let me know if
there is a better way!). However, on the package listing pages [1,2], I
do not see any license information regarding how one can use these
metadata. Can someone help me here? Thanks!
We have an open bug for this, actually:
https://bugs.archlinux.org/task/44893

I'm of the opinion that there cannot be a license requirement for reuse
at all, since it's not original enough, and explicitly clarify this in
https://github.com/eli-schwartz/pkgbuilds#copyright
--
Eli Schwartz
Bug Wrangler and Trusted User
Giancarlo Razzolini via arch-general
2018-05-29 17:27:56 UTC
Permalink
Post by Eli Schwartz via arch-general
I'm of the opinion that there cannot be a license requirement for reuse
at all, since it's not original enough, and explicitly clarify this in
https://github.com/eli-schwartz/pkgbuilds#copyright
Well, I never thought about licensing PKGBUILD's. Honestly, I don't think we need a license.
But, perhaps, considering the implications of this request, we can discuss about one. I'm not
against it, and we currently have ways for someone to do this.

Thinking from the technical standpoint, I just don't want our servers to be even more hammered
with API requests than they are, specially the AUR.

Regards,
Giancarlo Razzolini
Robin Broda via arch-general
2018-05-29 18:19:53 UTC
Permalink
Post by Giancarlo Razzolini via arch-general
Thinking from the technical standpoint, I just don't want our servers to be even more hammered
with API requests than they are, specially the AUR.
Well, as far as the repos go, one could just query the database files directly instead of
hammering that API.
--
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Hong Xu
2018-05-29 19:18:31 UTC
Permalink
Post by Giancarlo Razzolini via arch-general
Post by Eli Schwartz via arch-general
I'm of the opinion that there cannot be a license requirement for reuse
at all, since it's not original enough, and explicitly clarify this in
https://github.com/eli-schwartz/pkgbuilds#copyright
Well, I never thought about licensing PKGBUILD's. Honestly, I don't
think we need a license.
But, perhaps, considering the implications of this request, we can
discuss about one. I'm not
against it, and we currently have ways for someone to do this.
Thinking from the technical standpoint, I just don't want our servers to
be even more hammered
with API requests than they are, specially the AUR.
Regards,
Giancarlo Razzolini
(IANAL) While every single PKGBUILD file may be trivial enough and thus
does not require a license, the aggregation of them is actually
significant. For now, let's see them as data files as they are in the
database. without an explicit license, under the US copyright law, the
owner has all rights reserved, including the right to "to reproduce the
copyrighted work in copies or phonorecords" and to "distribute copies or
phonorecords of the copyrighted work to the public by sale or other
transfer of ownership, or by rental, lease, or lending" (see [1]). I
think this can be eventually harmful for ArchLinux. For example, one can
host an internal mirror for ArchLinux repositories without signing
explicit agreement with the owner of the repository data. Even, as a
user, downloading repository data is a form of reproducing.

It might be good if developers have to agree to license PKGBUILD files
under a certain license when they are uploading packages (again, I Am
Not A Lawyer). But someone should consult a lawyer to do all these...

[1]: https://www.law.cornell.edu/uscode/text/17/106

Hong
Guus Snijders via arch-general
2018-05-30 21:55:58 UTC
Permalink
Post by Eli Schwartz via arch-general
I'm of the opinion that there cannot be a license requirement for reuse
at all, since it's not original enough, and explicitly clarify this in
https://github.com/eli-schwartz/pkgbuilds#copyright
[...]


(IANAL) While every single PKGBUILD file may be trivial enough and thus

does not require a license, the aggregation of them is actually
significant. [...]
I
think this can be eventually harmful for ArchLinux. For example, one can
host an internal mirror for ArchLinux repositories without signing
explicit agreement with the owner of the repository data. Even, as a
user, downloading repository data is a form of reproducing.
Ianal either (but also not an American), I fail to see how mirroring *free*
software can be harmful for that same free software. It's not as if "we"
are obliged (by contract or law) to ensure quality or something. With OSS
you get what you pay for; if your kitten gets eaten in the process, too
bad...

Now, if we were talking about commercial software, that might be something
else. But AFAIK that has no real place in our repos.


Mvg, Guus Snijders
Hong Xu
2018-05-30 22:21:57 UTC
Permalink
Post by Hong Xu
Post by Eli Schwartz via arch-general
I'm of the opinion that there cannot be a license requirement for reuse
at all, since it's not original enough, and explicitly clarify this in
https://github.com/eli-schwartz/pkgbuilds#copyright
[...]
(IANAL) While every single PKGBUILD file may be trivial enough and thus
does not require a license, the aggregation of them is actually
significant. [...]
I
think this can be eventually harmful for ArchLinux. For example, one can
host an internal mirror for ArchLinux repositories without signing
explicit agreement with the owner of the repository data. Even, as a
user, downloading repository data is a form of reproducing.
Ianal either (but also not an American), I fail to see how mirroring *free*
software can be harmful for that same free software. It's not as if "we"
are obliged (by contract or law) to ensure quality or something. With OSS
you get what you pay for; if your kitten gets eaten in the process, too
bad...
Now, if we were talking about commercial software, that might be something
else. But AFAIK that has no real place in our repos.
The harmful part is not about mirroring the software themselves, but the
metadata created by package maintainers.

Hong
Jonathon Fernyhough
2018-05-30 23:29:49 UTC
Permalink
Post by Giancarlo Razzolini via arch-general
Well, I never thought about licensing PKGBUILD's. Honestly, I don't
think we need a license.
As a data point, Debian packaging files contain a debian/copyright [1]
file which allows the package maintainer to specify a license for the
packaging files (debian/*). (Generally things under debian/* are, or
perhaps default to, GPL 2 as per the template.)

As things are, contributors/maintainers have to license the use of their
work in some way otherwise packages couldn't be built from the packaging
files; packaging files are still "IP" therefore probably should be licensed.

The AUR in particular is interesting as there's nothing I can see that
specifies that the user-submitted packaging files are available for
"free" use and which prevents me from slapping a restrictive
distribution license on them and trying to charge for their
use/redistribution/whatever. (And e.g. what happens if the package is
adopted to [community]? Could I say I wanted payment because Arch gained
the benefit of my work?)

(IANAL but I /am/ a pessimist)

[1] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Loading...