[Dev] Nonfree AUR Packages

Mon Jun 29 15:48:52 GMT 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 29/06/15 08:15, Kuba Kukielka wrote:
> 
> 
> On 28/06/15 23:02, fauno wrote:
>> Kuba Kukielka <kzer-za at cryptolab.net> writes:
> 
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>> 
>>> Hello!
>>> 
>>> Using a program named `aurlist`, some sed commands and a php 
>>> script, I compiled a list of every single package in AUR 3.
>>> 
>>> - - https://d.maxfile.ro/cknuewoqlk.out
>>> 
>>> With this, I wrote a php script that downloaded every single 
>>> PKGBUILD in the AUR repo. And then used yet another php script
>>> to sort them into folders based of the license tag in the
>>> PKGBUILD. I compiled a list of nonfree packages my script found
>>> (there are probably more). My script is not 100% accurate so I
>>> need to go through it manually.
>>> 
>>> My list is on a etherpad.
>>> 
>>> - - https://pad.riseup.net/p/nonfree_aur
>>> 
>>> I've not finished it yet so any contribution is welcome.
>>> 
>>> (Note that this does not include AUR 4)
>>> 
>>> Here are some status of the current folders.
>>> 
>>> - - free = 48,216 packages - - nonfree = 297 packages - -
>>> custom = 5,265 packages - - other = 3,646 packages
> 
>> very cool! but please take into account that because the 
>> pkgbuild's license says it's free, it doesn't necessarily means
>> the source code is.
> 
>> i've found several packages where the maintainer just left the 
>> default value, or didn't even check, so i'm guessing many of the 
>> 48k free packages are really mislabeled.
> 
>> still, great work!
> 
> 
> Thanks!
> 
> I'm going to finish checking the list today, it's tedious but it
> has to be done.
> 
> I know that a lot of the free packages are nonfree but it is
> really difficult/time-wasting to co through them all.
> 
> The only may I can think of doing this semi-automatically is by
> making a script that finds the source, downloads it and then tries
> to find the LICENSE/COPYING file. If successful, it will print out
> the license, the license would be analysed  by me and then the file
> would get moved to a free/nonfree folder. If my script did not find
> a LICENSE, it would move it into a no_license folder.
> 
> I might take a look in the other folder and add some of the more
> less popular licenses.
> 
> I also came across a problem, my script moved the file to nonfree
> if the PKGBUILD had "none" in it, meaning no license. This package
> called `cava` was labelled "no license" but after looking at the
> source, it wan the MIT license.
> 
> But that's what you have to deal with if you are working with 
> user-generated content.
> 

I finished looking over the list, may someone look over my pad and add
the packages with the plus (+) next to them to the blacklist please?

- - https://pad.riseup.net/p/nonfree_aur

I would also like someone to look over the packages with a (?) or (-)
to see if they are free or not.

I might also consider doing AUR 4 too.