Thanks. Licensing is an issue we'll discuss with our legal team. For devs it's easy to miss a subtle detail that will cause troubles years from now. Hence I won't merge this but I leave it open until I get a legal "go"

Thanks - yes, of course please review it carefully. I am doing a licensing review for Debian and I saw two specific problems

1. The current license.txt refers to non-existing directories, refers to some directories twice with different licenses (core), and doesn't grant any license to new directories (e.g. build, hardware/, arduino-builder, arduino-core, etc.)

2. The license only grants GPL-2 and LGPL-2.1 licenses without the "or later version" statement, which will create legal conflicts with libraries and other code in Arduino which are GPL-3 or LGPL-3.

Thanks again

Probably needs to be looked at again due to the 1.6.2 directory structure changing (again)

Hi - I just wanted to ping this to check the status. I'd like to update the debian and ubuntu packages, and right now arduino is not legally distributable. Again, no rush - I just don't want this to fall through the cracks.

I'm not @maqifrnswa, but AIUI this is blocking the latest Arduino tools' inclusion in Debian. Can we get an update on this work?

Yes, it is all that is left blocking updating the Debian packages. This is also important for the project as a whole. Arduino is one of (if not the most) visible open source hardware/software projects. The project is very well documented in general. Well documented licensing structure is needed, sets a good example for the community, and also could be a "teaching" tool on OSS for users.

how is debian going to deal with the weird bundling of arm compilers in hidden directories in $HOME? i guess either patch it to look for a system-wide toolchain debian package or disable the boards manager, or just leave it for the user to handle or not support the arm sam platform?

ARM SAM can't be supported because a bunch of those files are non-free (the license restricts usage of code compiled with their libraries to ARM processors).

See:
https://github.com/arduino/Arduino/blob/master/hardware/arduino/sam/system/CMSIS/CMSIS/CMSIS%20END%20USER%20LICENCE%20AGREEMENT.pdf
2(vi)(a)

And here's debian's rules:
https://www.debian.org/social_contract
See DFSG 1 and 6

I've tried to remove all CMSIS code, but the sam arduino core uses it

Eventually there will be packages in the debian non-free archive to support ARM SAM. Those extra ARM tools (bossac, toolchain) will be made available system wide, and system wide arm toolchain will be used.

Has any progress been made on this yet @ffissore ? I have to say that I'm left a little disappointed that even with lawyers needing to be involved, seven months have nearly passed (four since you assigned yourself to this) on some very minor changes to the license; changes which are completely holding up distribution in some major Linux distributions.

it does seem like quite a small change to involve the lawyers, and has obviously dropped off the radar

It seems like it really isn't a change, but clarifying arduino's intentions. I defense of @ffissore, it's possible that this is politically tricky since there are two "arduino" organizations, each contributed significantly. At the same time, Arduino is one of the world's most famous open-source software/hardware platforms; except at the moment it isn't completely open source software since significant portions are not redistributable.

Is there anything I can help with? David Cuartielles @dcuartielles mentioned he was looking in to this as well.

@ffissore What's the status of this issue? 1.0.5 available in Debian repos is really old and should be updated.

Hi @Avamander sorry that you've missed the news. I don't work for arduino anymore. See https://groups.google.com/a/arduino.cc/forum/#!msg/developers/YJLX6AZHem4/kpsLef7XBAAJ

@facchinm @cmaglie @matthijskooijman

Could you please inform the relevant persons to solve this issue?

couldn't this just be moved to non-free and updated to a non-paleolithic version?

Is CMSIS the only significant problem?

This pull request isn't quite right. It's close, but the "hardware" and "libraries" folders contain many separately developed pieces of software, each with their own license. Many are LGPL or GPL or MIT. A simple blanket summary doesn't really apply.

Any updates on this issue? I want to package arduino for archlinux and I am unsure if thats now okay or not.

Just as a heads-up: Debian Testing also still has 1.0.5 AFAIK due to this issue. Given the plentiful improvements since that release, it would be good time to fix this and get 1.6.x on board in a timely manner.

Debian Stretch: https://wiki.debian.org/DebianStretch

@cmaglie @facchinm @damellis @tigoe @matthijskooijman @sandeepmistry @mbanzi

I've also wrote an email to arduino.cc now. It would be nice if anyone of you could help us clarify the licensing and redistribution issue to provide latest arduino software in the linux distributions.

I think the problem is that arduino consists of so many subprojects that you cannot clearly list all licenses correct to everyone. To me it seems clear which licenses the software uses and I've split them in those packages:
https://www.archlinux.org/packages/?sort=&q=arduino&maintainer=&flagged=

I am not a lawyer and I am not debian. Maybe those who claim the licenses are unclear should give statement of what needs to be changed. I was just wondering if its okay if I package arduino like that, because a few people questioned it. But it seems okay, and if anything is incorrect with the license people can tell me and I will fix it.

The problem why no (up to date) debian/ubuntu package exist is possibly just laziness.

This new project layout (post 1.8) is clear. I think that the debian package can be updated now. Thanks for reorganizing it (whomever did that)!

Using @maqifrnswa's text as inspiration I come up to this:

4f3414f

BTW I'm wondering how useful is this file? It seems that, besides the Java IDE (that is GPL-2+ without any doubt), all the other contributions have mixed licensing:

• AVR Core is composed by core, bootloaders, libraries, firmwares... each one with his own license.
• Libraries... each one with different license.
• Examples and reference, idem...

IMHO we can wipe out all the text and just leave something like:

Arduino is composed of many parts (the IDE, the embedded core, the tools, etc.)
each one with his own license. Please refer to the source code of each part for
the correct licensing information.

what do you think?

@cmaglie, even though that would satisfy some licenses, (though probably not all, since I think a binary distribution also needs to provide notices for some licenses, and the ones in the source code are removed during compilation), it would not be practical for distributions. As a Debian maintainer, I know that Debian packages are required to have a copyright file that collects copyright and licensing information for the entire package. If no central licensing information is provided, this means that, for every release, the maintainer has no choice but to go through all files, or the entire git log, to see if anything changes in the licensing. If there is a central licensing file, than it's a matter of updating it whenever a license change is merged, which should hardly be extra work.

it would not be practical for distributions

do you have any proposal to move forward? I'm open to suggestions.

Um, I'm getting really tired of 1.0.5. any progress with this?

This problem led me to discover atom/platformio. Thankfully I will never touch the arduino IDE (it hardly deserves that name) again.

@maqifrnswa @matthijskooijman
did the updated license recap in cmaglie@d0bed51 works for you?

@cmaglie, I finally got around to looking at your proposal. On the whole, it seems good to me. It's not as detailed as would be ideal (i.e. listing all specific files and directories with different licenses), but it should be a good start for anyone that needs to figure out the license of something. Some remarks:

• You moved the license.txt file into app, but that now contains the GPL and LGPL without further clarification, which is probably just confusing. Why not leave these at the end of the LICENSE file, and add something like:

Below, the full text of the GPL and LGPL license are given. Refer to the summary above and individual source files to confirm what these licenses apply to.

• Your summary does not talk about the build directory, which contains some build files and a lot of images and other related files, which do not have any license annotation of their own? So these should certainly be mentioned in the LICENSE file, though I'm not sure what their actual license is.
• Your summary does not talk about the hardware directory (which also includes a libraries directory again).
• The build downloads a lot of additional archives containing software. Something should certainly be said about these (probably refer to the sources for them and indicate their licenses, or where to find their licenses).

This still isn't resolved? I've got daily problems with this, as my hackerspace only runs free software, and the new arduino is still undistributable!

so, no1curr?

What is preventing this from being fixed? Forcing people to install from snaps simply won't work in many cases, and the Arduino software (despite being cross-architecture capable) is not built for up-and-coming libre software systems (see #8778 for instance).

Does anyone have recommendations for an alternative, more secure IDE / development environment that can take an existing Arduino project and allow compilation / upload to the hardware? Downloading dozens of prebuilt files from the central Arduino servers as part of the "build from source" does not engender any confidence.

This still isn't resolved? I've got daily problems with this, as my hackerspace only runs free software, and the new arduino is still undistributable!

Same problem here, but more in terms of not having support for the architecture our CAD systems run on (POWER) because of this licensing problem and Arduino's insistence on not allowing a full build from source without extreme difficulty. In turn, this makes it very difficult to use or recommend Arduino products, as it is nearly impossible to build a properly audited version of the software (at minimum, the multiple eyes principle is completely broken here, since most people rely on the prebuilt packages alone).

Really guys, it's a bit of shame not being able to provide a common solution in the Raspbian repos.
I use 1.8.10 daily on Rasbpian Stretch and it works quite well.
5 years of having an outdated Repo at Raspbian just due to some obscure legal dispute?

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}