Policy when a project does not provide per-version URL

I’m helping someone to package a proprietary software, unfortunately the URL to download the package is like http://foo.com/mybinary, i.e. it will not change when an update is performed. What is the nix-policy regarding that? Are we supposed to create some sort of git mirror? Is it even legal?

A common pattern is to go through archive.org; see bluemail for an example.

The legality depends on the terms of the license and how those terms would be interpreted in whatever jurisdiction legal action is taken, of course.

If the content at the URL changes over time, it’s not a suitable URL for nix to download things from. You’ll have to archive it somehow, as @rhendric says. For example, we do this for the closed-source version of memtest86.

This depends entirely on the software in question and its license. If it isn’t redistributable, there’s always requireFile. This is how I build FoundryVTT servers on NixOS; I requireFile the archive you can download from the site. It requires users to do something manually, which kind of sucks, but it does sidestep the questions of legality.

Thank you very much, didn’t know it was possible to manually save a page on this website. Seems fairly easy and annonymous actually Save Pages in the Wayback Machine – Internet Archive Help Center

And good point for requireFile