Opened 2 years ago
Closed 2 years ago
#65462 closed defect (fixed)
ffmpeg: binaries no longer distributable, due to rav1e; openssl11 now in play
Reported by: | mascguy (Christopher Nielsen) | Owned by: | mascguy (Christopher Nielsen) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.7.2 |
Keywords: | Cc: | i0ntempest, MarcusCalhoun-Lopez (Marcus Calhoun-Lopez), herbygillot (Herby Gillot), cjones051073 (Chris Jones) | |
Port: | ffmpeg rav1e |
Description (last modified by mascguy (Christopher Nielsen))
With the addition of dependency rav1e
, ffmpeg +gpl2
is no longer distributable:
$ ../macports-infra/jobs/port_binary_distributable.tcl -v ffmpeg "ffmpeg" is not distributable because its license "gpl" conflicts with license "OpenSSL" of dependency "openssl11"
Meanwhile rav1e
has no lib/runtime deps, and a non-conflicting BSD license:
$ port info rav1e rav1e @0.5.1_1 (multimedia) Description: the fastest and safest AV1 encoder Homepage: https://github.com/xiph/rav1e Build Dependencies: cargo-c, nasm, rust, cargo Platforms: darwin License: BSD
Ultimately openssl11
appears to be coming from rust
and cargo
, which both have lib deps on it. But should that license be propagated to downstream ports that build with them?
Change History (11)
comment:1 Changed 2 years ago by mascguy (Christopher Nielsen)
Description: | modified (diff) |
---|
comment:2 Changed 2 years ago by mascguy (Christopher Nielsen)
comment:3 Changed 2 years ago by i0ntempest
That's a *really* far connection from openssl11 to ffmpeg... I doubt it would really affect anything. But that said I don't know a lot about licenses, better ask the experts.
comment:4 Changed 2 years ago by mascguy (Christopher Nielsen)
Description: | modified (diff) |
---|
comment:5 Changed 2 years ago by Christopher Nielsen <mascguy@…>
comment:6 Changed 2 years ago by mascguy (Christopher Nielsen)
While this is now fixed, leaving ticket open for further discussion: Want to be sure there's consensus from @jmroot and others.
comment:7 follow-up: 8 Changed 2 years ago by jmroot (Joshua Root)
The license_noconflict belongs in rav1e if it doesn't use rust in a way that creates a derivative work. (And it should be license_noconflict rust
, as that's the direct dependency.) Language runtimes can be tricky though. GCC for example has an extra license exception for its runtime components so that everything compiled with it isn't automatically GPLv3: https://gcc.gnu.org/onlinedocs/gcc-12.1.0/libstdc++/manual/manual/license.html
I don't know what the situation is with rust. Alternatively, if rust doesn't create a derivative work with openssl11, that could be specified, though that seems unlikely.
comment:8 Changed 2 years ago by mascguy (Christopher Nielsen)
Cc: | herbygillot cjones051073 added |
---|
comment:9 Changed 2 years ago by mascguy (Christopher Nielsen)
Replying to jmroot:
I don't know what the situation is with rust. Alternatively, if rust doesn't create a derivative work with openssl11, that could be specified, though that seems unlikely.
It's my understanding that software built by rust
, isn't inherently a derivative work of openssl11
. Rather, that would only be the case if the component depends on a crate that binds to the latter, such as https://crates.io/crates/openssl.
Based on a quick review of the portfile for rav1e
- as well as the build log, to verify what crates are being downloaded - I don't see (?) such a dependency.
I'm not 100% certain on all of the above, though.
Marcus/Chris/Herby, your folks' thoughts?
comment:10 Changed 2 years ago by mascguy (Christopher Nielsen)
It looks like cargo
and rust
can migrate to openssl3
, which may help:
comment:11 Changed 2 years ago by jmroot (Joshua Root)
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Great, better outcome all round.
rav1e
is also distributable, which makes this even more interesting: