[orange-vmprotect-sdk] new port#50013
Conversation
|
the VMProtect SDK EULA doesn’t look like a permissive open-source license.. why are you repackaging it? why are you bundling ".idea" in the release files? |
VMprotect SDK is open source and available to everyone. I make port for convince of it integration. I store .idea folder in repository to make it easier for other developer to maintain it and complying with code style. VMprotect sdk also available in Rust and Go language package managers. Its time to bring it into vpckg. VMprotect has not free license but it's only applies only on product itself not on sdk. |
dg0yt
left a comment
There was a problem hiding this comment.
Nice-to-have:
vcpkg format-manifest scripts/test_ports/vcpkg-ci-vmprotect-sdk/vcpkg.json- Ensure that every file ends with a line break (emtpy line in VS Code). There should be no red
(-)at the end of files here in GH.
upstream EULA clearly defines the product as commercial with redistribution restrictions. it is not an OSI-approved open-source license and does not allow packaging/distribution as vcpkg does. please provide a valid SPDX-compatible license text! |
in vcpkg, the port’s directory is expected to reflect the upstream source and the port recipe, not arbitrary local IDE environment data. keeping .idea in the port polls the repo with irrelevant files that don’t contribute anything the package manager needs; invites noise/conflicts in diffs and builds, and isn’t portable to users who don’t use that IDE.. |
its my own realization of VMprotect SDK, so its not part of VMprotect product that can be restricted by EULA |
even if you personally wrote code that wraps or re-exposes the SDK, the SDK you’re packaging still depends on the upstream binaries/documents that are governed by that EULA. packaging/redistributing those artifacts in vcpkg implies you’re redistributing VMProtect’s commercial software under terms it doesn’t allow. the rights granted by a proprietary EULA don’t magically become open source just because someone wrote a shim around them - redistributing the underlying proprietary bits is still restricted not a lawyer btw, just expressing my concerns |
It does not contain any vmprotect binaries and only rely on source of vmprotct-sdk repository itself. VMProtect only insert own code instead these markers when you protect a binary file. vmprotect-sdk do NOT include any .lib .dll files that bundled with vmprotect and could not be applied as a parts of vmprotect. |
This package doesn't distribute any parts of commercial software because this is a different implementation of the VMProtect's SDK (only the library names match). |
I dont think this is fullfilled here. So the port name probably needs changing. |
I think name fits perfectly and it doesn't conflict with anything |
Aw here we go for |
lets wait for what official vcpkg will say. Frankly i think to just leave it as vmprotect-sdk, its just more clear |
|
Thank you for clarification. |
|
another concern I'm willing to raise is the state of the CMakeLists in the upstream - for no apparent reason it seems to require C++26?? +1 for |
vcpkg does not make license restrictions on what is in our registry so long the license restrictions themselves do not forbid it. @orange-cpp can you be specific about how your repo is different than the ones in the DMCA takedown notice here? https://github.com/github/dmca/blob/master/2025/05/2025-05-13-vmprotect.md
Are you saying that you are the source of that DMCA takedown and that you believe @orange-cpp 's repo is unaffected?
Unfortunately I think we need
and so on. (I know some of those are explicitly for go but they seem to have C++ headers) |
If there's an official ACK from the owners of https://vmpsoft.com/ that this is what they want associated with their name I think that would also be sufficient. |
In general we are only sticklers about the name of the port, rather than symbols, CMake configs, or headers because that's the bit we basically can't ever change to mean something else. (We do have to remove things if there are actual conflicts but we aren't sticklers about hypothetical future conflicts outside of the port's name) |
Okay i will rename it, thx. |
As vmpsoft said, my sdk realization is written by myself, so its not part of VMprotect and it doesn't not contain initial VMprotect source code and cannot be DMCA'ed. Only function names match for compatibility. These DMCA was initiated because repositories leaked VMprotect original source codes. |
|
@BillyONeal renamed port to |
|
|
||
| project(vcpkg-ci-vmprotect-sdk) | ||
|
|
||
| set(CMAKE_CXX_STANDARD 20) |
There was a problem hiding this comment.
Source code mentions cxx 23 cppstd. Should we adjust it to 23 here as well?
There was a problem hiding this comment.
Ah, in that case that confirms it and also says even more strongly that it shouldn't take vmprotect's name (in case @vmpsoft would ever decide to use that name themselves as it seems pretty unambiguously "owned" by them) |
So does orange-vmprotect-sdk as a name is okay? |
BillyONeal
left a comment
There was a problem hiding this comment.
Yes I just wasn't positive everything else was ready to go yet but looks good!
Thx you! |
find_packagecalls are REQUIRED, are satisfied byvcpkg.json's declared dependencies, or disabled with CMAKE_DISABLE_FIND_PACKAGE_Xxx.vcpkg.jsonmatches what upstream says.vcpkg.jsonmatches what upstream says../vcpkg x-add-version --alland committing the result.