On Thu, 6 Oct 2022 at 15:27, Peter via lists.yoctoproject.org
"It is over. There are no excuses left if you are still using meta-gplv2."
"There are other ways of removing GPLv3 components from modern OE/YP builds and we'd like to focus people's attention onto those."
Where can we find more details re the best ways of removing GPLv3 components please?
Or, starting with a clean slate and adding back only what we actually need (for i.MX 8X and Qt Commercial).
Have tried searching, but going round in circles, as all the results so far still point back to meta-gplv2.
Including the "How do I":
"If you use INCOMPATIBLE_LICENSE to exclude GPLv3 or set PREFERRED_VERSION to substitute a GPLv2 version of a GPLv3 recipe, then you must add the meta-gplv2 layer to your configuration."
The context is that some of our customers require Secure Boot and Chain of Trust (in an embedded environment).
If we keep GPLv3 components, then we need to provide "any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work".
The suggested way nowadays is to set INCOMPATIBLE_LICENSE only for the
image that is actually going to ship in a product, then work your way
throgh specific gpl3 dependencies that get pulled in, and eliminate
them one by one - precisely how is impossible to tell beforehands, but
typical problems are bash scripts (which you need to package
separately and not include into the product, or rewrite in posix shell
and use #!/bin/sh), or optional dependencies on things like readline,
which can be switched off via PACKAGECONFIG tweaks.