For more half-baked ideas, see my ideas tag.
I had this idea when we were discussing the complexity of tracing the licensing of gnulib modules in libraries. It’s quite easy with gnulib to accidentally include a GPL module in your library that would otherwise be LGPL, thus (in theory — I don’t want to go into the legal arguments) “infecting” your LGPL library.
Here’s the idea: In each source file (or gnulib module or whatever is a convenient “licensing unit”) include a linker section describing the license. When the final library or binary is compiled, you can trivially see whether it includes the wrong licenses or mixes licenses inappropriately.
Here is how you do it. In each source file, add a line like this:
/* This library is GPL 3+. */
static int lib1_gpl3p __attribute__((section ("LICENSES")));
When you statically link a program or library, use readelf or objdump to reveal the licenses of the libraries it was linked against:
$ objdump -j LICENSES -t prog prog: file format elf64-x86-64 SYMBOL TABLE: 00000000006008dc l d LICENSES 0000000000000000 LICENSES 00000000006008dc l O LICENSES 0000000000000004 main_gpl3p 00000000006008e0 l O LICENSES 0000000000000004 lib1_gpl3p 00000000006008e4 l O LICENSES 0000000000000004 lib2_lgpl2p
(Dynamic linking is a little bit different: you’d add the same information to the header, or have to write a small tool which chased through the dependencies from ldd enumerating the licenses).
Richard WM Jones 