Hi, On Thu, 26 Mar 2020 at 21:01, Russ Allbery <r...@debian.org> wrote: > > An example: commercial users. They need to know *exactly* what they > > are running and under which licenses. They often want to be holier not > > only than the Pope, but holier than the whole population of Poland, > > Italy and Spanish-speaking countries altogether (I hope I don’t offend > > anyone with this comparison, it’s meant as a joke).
> Could you provide some more details about this? Statements from those > companies about what they care about exactly, or open source policies that > you can point at? I ask because this is contrary to my own personal > experience where commercial users care about the top-line license > (including not wanting to use licenses that we consider free) but do not > care about the work that Debian does beyond that and routinely use > software based on the declared upstream license on GitHub without giving > it a second though. However, my personal experience is limited, and I'd > be happy to be educated! Car industry. They prefer to have nothing to do with GPL-3 and related licenses. They also want to know for sure when there’s something with undeclared or unknown license or something completely non-free that flew under the radar. As it is now, they cannot rely on debian/copyright files because often they’re out of date, sometimes up to ten years old. For Apertis, we had to build our own machinery based on scan-copyright and, in future, on Fossology, to attempt to mitigate that to some degree. -- Cheers, Andrej
