[Nix-dev] Re: Separating Free/non-free package

Tue Sep 22 14:04:50 CEST 2009

Hi,

Ludovic Courtès wrote:

> Here’s a first prototype for ‘licenses.nix’:
[...]
> The ‘reviewed’ bit concerns both the ‘license’ and ‘free’ tags.
> 
> It tells the exact version that was audited, so that packages
> automatically leave ‘reviewedPackages’ when updated but not
> “re-reviewed”, as Nicolas suggested.
> 
> The obvious drawback is that it’ll need to be updated very often.
> Perhaps we could instead allow for version patterns (e.g., “1.8.*”)
> instead of exact versions.
> 
> Comments?

I'm not in favour of having license information in a separate file for a few
reasons:

- A while ago I did some work on a "virtual RMS" for Nix, though I didn't get
very far.  The idea is that you can say

  $ nix-vrms /etc/nixos/nixos -A system

and it will evaluate the dependency graph of the system derivation, look at all
the license attributes, and print out the "freeness" of the entire graph, e.g.
"free", "redistributable" (contains unfree but redistributable packages such as
 the MS Corefonts), "not redistributable" (e.g. contains the Adobe Flash
player). or "unknown" (if any package lacks a meta.license attribute)  Of course
it can be made arbitrarily advanced (print out the license of every package in
the graph, determine conflicts based on some license calculus [1], etc.).

This works by doing a "nix-instantiate --eval-only --xml" and looking at the
meta.license attributes in each derivation.  Separating the license info from
the derivations makes this a lot harder.

- I'm not so worried that the meta.license field will be incorrect (just
missing, but that's a matter of policy - we can require it for all new
packages).  Putting it in a separate file makes it *less* likely to be updated.

Admittedly, few people will update the license field when updating a package,
but that's unlikely to cause big problems.  The license of a package might
change in minor ways (e.g. GPLv2 -> GPLv3), but it's not common to change in a
way that affects the "freeness" of the system (e.g. free -> proprietary).

- Putting package information in a separate file can lead to dangling pointers,
e.g. the file can refer to a package that has been deleted.  And it scatters
relevant package information across the Nixpkgs tree.  That's also my main
problem with "bleeding-edge-fetch-infos.nix" BTW.

On separating all-packages.nix into free and unfree parts: I don't think that's
necessary.  The essential thing is that you can query whether a particular
package or NixOS configuration is free.  This is currently not possible and not
obvious to the user (e.g. if you set services.xserver.driver = "nvidia", you get
an unfree configuration).  The solution is to finish the virtual RMS tool and
add missing meta.license fields :-)

[1] On the topic of a license calculus, this ICSE-2009 paper is relevant:
"License integration patterns: Addressing license mismatches in component-based
development"
(http://turingmachine.org/~dmg/papers/dmg2009_icse_licenses_preliminary.pdf)

-- 
Eelco Dolstra | http://www.st.ewi.tudelft.nl/~dolstra/