[Dev] Nonfree AUR Packages

Kuba Kukielka kzer-za at cryptolab.net
Mon Jun 29 15:42:28 GMT 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 28/06/15 23:02, fauno wrote:
> Kuba Kukielka <kzer-za at cryptolab.net> writes:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> 
>> Hello!
>> 
>> Using a program named `aurlist`, some sed commands and a php 
>> script, I compiled a list of every single package in AUR 3.
>> 
>> - - https://d.maxfile.ro/cknuewoqlk.out
>> 
>> With this, I wrote a php script that downloaded every single 
>> PKGBUILD in the AUR repo. And then used yet another php script
>> to sort them into folders based of the license tag in the
>> PKGBUILD. I compiled a list of nonfree packages my script found
>> (there are probably more). My script is not 100% accurate so I
>> need to go through it manually.
>> 
>> My list is on a etherpad.
>> 
>> - - https://pad.riseup.net/p/nonfree_aur
>> 
>> I've not finished it yet so any contribution is welcome.
>> 
>> (Note that this does not include AUR 4)
>> 
>> Here are some status of the current folders.
>> 
>> - - free = 48,216 packages - - nonfree = 297 packages - - custom 
>> = 5,265 packages - - other = 3,646 packages
> 
> very cool! but please take into account that because the pkgbuild's
> license says it's free, it doesn't necessarily means the source
> code is.
> 
> i've found several packages where the maintainer just left the 
> default value, or didn't even check, so i'm guessing many of the 
> 48k free packages are really mislabeled.
> 
> still, great work!
> 

Thanks!

I'm going to finish checking the lost today, it's tedious but it has
to be done.

I know that a lot of the free packages are nonfree but it is really
difficult/time-wasting to co through them all.

The only may I can think of doing this semi-automatically is by making
a script that finds the source, downloads it and then tries to find
the LICENSE/COPYING file. If successful, it will print out the
license, the license would be analysed  by me and then the file would
get moved to a free/nonfree folder. If my script did not find a
LICENSE, it would move it into a no_license folder.

I might take a look in the other folder and add some of the more less
popular licenses.

I also came across a problem, my script moved the file to nonfree if
the PKGBUILD had "none" in it, meaning no license. This package called
`cava` was labelled "no license" but after looking at the source, it
wan the MIT license.

But that's what you have to deal with if you are working with
user-generated content.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVkWdVAAoJEI2NIwdfk/klvVcQAIM8BExBVXzgdmfwFY2AaD5y
mJ8b9RvN+Sj+2i8DvehDGDZFHXMnOCpJz3QyW0jIHGbaGbOo4aVZudShtYVs2I2p
/4WAHBewYhfU/FihpSvcV3jph3ALdWd3ZQCdOn/VfSzh2eCkIKjqD9MjZuBUjn5m
bXWa84F+loCw+bq0vRLdU20EgfPNe5r+ZxS5EK185XQUz8MSs0yVcrJnD4efrcte
agsOiQreWWBiKsWDVvtGigOp2vWCrKz/npejlEah7jAQB+O0Edwqv17rC/oASv2K
ZpUUxuXHvWqJF/T9oRL89Kxuz9V/swGcwrCNlFW0ioLCvsvxl/Sb6w0Yv9noQ5qP
F8lXeXIPoku8HX+Rb6bJ0evQ35hErumxHmGJg5SWLyzhyZwF1QHvoM4jNFMu3Jrt
jCfUW7C1Z/orQmh/OntERDpcsgtbK4wid5hkQRfhKWsjf+fcO5TDeupCTEnrbEDb
W1VFi02FAwymCxP+K0hVlIvBF+gbyYrfDZg6RsIwBwC19fAGMfvgY4aNth6DWjkl
pCwkP3+ZEKooW93nwi1csAgnhkeMbZ0Neq5RCrKjx0wZShiuDL5YTtg4ANBsg03R
B/2rdVpLAyZbSULOLfEqQ//sdHOLs/BHDYZCQhdezQOGxTp1iIT1WHehMAhgdZy+
v4k3IDQ2/tMOXYyK7H9k
=Xq9R
-----END PGP SIGNATURE-----

More information about the Dev mailing list