[bug#61950] [PATCH] lint: Add 'copyleft' checker.

[Antero Mejr]

Ludovic Courtès <ludo@gnu.org> writes:

>   1. It’s entirely fine for, say, a BSD-3 package to link against
>      Readline (GPLv3+).  The combination is effectively GPLv3+, but
>      that’s perfectly valid legally speaking.

It's fine for FOSS packages, but if you have proprietary-licensed Guix
package where the code can't be open-sourced, bringing in a GPL
dependency is an issue.

This copyleft linter goes along with the other patch where guix lint
exits 1. So you can do something like this in a CI pipeline:

'guix lint -c copyleft my-proprietary-package'

to block developers from adding copyleft dependencies to a non-free package.

>   2. It’s tempting to view devise a “licensing calculus” of sorts and
>      automate assessments of licensing compatibility.  However, I think
>      it’s overestimating both law and our own licensing annotations: how
>      law applies in a specific case isn’t entirely clear until one goes
>      to court, and our ‘license’ fields fail to represent all the
>      relevant nuances anyway (subcomponents having different licenses,
>      dual/multiple licensing, etc.).

True, this linter check is basic and would not constitute legal advice.

It's more of a broad "software license auditing" sort of thing,
to allow engineers to do quick compliance checks. In my experience
it's useful for development in regulated applications of software.

Thanks for the feedback, lmk what you think.