[Rd] License status of CRAN packages
marc_schwartz at me.com
Thu Apr 23 22:35:54 CEST 2009
On Apr 23, 2009, at 3:02 PM, Dirk Eddelbuettel wrote:
> On 23 April 2009 at 15:32, Gabor Grothendieck wrote:
> | On Thu, Apr 23, 2009 at 3:08 PM, Dirk Eddelbuettel
> <edd at debian.org> wrote:
> | >
> | > (Subject: renamed as thread hijacked from the ParallelR thread
> | >
> | > On 23 April 2009 at 14:44, Gabor Grothendieck wrote:
> | > | Aside from R there are the add-on packages.
> | > |
> | > | A frequency table showing the licenses of the CRAN packages
> | > | that the all or almost all packages have some sort of free
> software license
> | > | with GPL licenses being most common. (A few packages have
> | > | to noncommercial use and that may conflict with GPL, not
> sure.) That is
> | > | not to say that there are no other types of packages but any
> such packages
> | > | are not on CRAN.
> | >
> | > I fear that is not quite the case. There are quite a few
> packages like that.
> | Not the case? My post included a list of all License fields from
> | DESCRIPTION file of every CRAN package so the list is definitive.
> Correct me if I am wrong in the paragraph you kindly left standing
> above, you
> seem to suggest that
> "all or almost all packages have some sort of free software license"
> and that while non-free licenses may exist,
> "any such packages are not on CRAN".
> I believe this statement to be false.
> There are packages with restrictive licenese on CRAN. They were
> contained in
> the list of licenses you assembled, and my point is that it is
> overly hard to
> identify them (if one were to tty to avoid using these packages).
> As a non-exhautive list with possible misclassifications, cran2deb
> has these packasges as 'maybe not free' and does not build them:
> We are missing some recently added packages, and we may yet flag
> several from
> the list above as free. Some may be listed because of non-free
> But to take a concrete example, 'realized' is not something I am
> supposed to
> install at work. Yet install.packages() currently has not way
> knowing that.
> Are we approximately on the same page ?
There is a list of acceptable entries that are defined as part of the
specs in R-exts (see page 4). Perhaps this needs to be "tightened" a
bit, at least in so far as packages passing R CMD check for the
purpose of inclusion on CRAN. That would include perhaps altering the
ability to use the 'file LICENSE' option, which at present leaves the
door wide open for non-standard approaches. It may also have to check
for DEPENDS and whether they too are on CRAN and passed the
appropriate license checks.
Packages that fail this check should not be included on CRAN and the
package author would then be obligated to find other distribution
resources or contact the CRAN maintainers to advocate that their
licensing schema should be acceptable.
Then the end user can at least have some comfort in knowing that
anything they get from CRAN comes under a compatible license for
general use without restriction. They would have to intentionally use
other sources for packages that fail the CRAN requirements.
If other distribution venues, such as Debian/Ubuntu/Fedora elect to
tighten those restrictions even further when making .debs or RPMs
available, then that is a decision that they get to make and end users
will need to be aware of those as well. Albeit I don't envision the
aforementioned Linux distros including packages that should be a
problem for most end users relative to usage restrictions given their
own license review processes.
More information about the R-devel