From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+110433+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id E2C489419D1
	for <rebecca@openfw.io>; Tue, 31 Oct 2023 16:07:27 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=gaX6BW7TVdrLiS8D7NMQA7yDxLDqE7i211a3OzpctNM=;
 c=relaxed/simple; d=groups.io;
 h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1698768446; v=1;
 b=jZ6oCOUtflJWtcx3v7jeijE+256Codz8+TSr6JwxvArVNOijqgMw6XJOCOp+FP1DribLDsK0
 /JsM/Rq3pIDdfpUB6l81LtEXtPL6GJvZtISwsosS+3AbGtKi8pTtSzStQVsFcwcrZ67PzQK2FlZ
 TWibFss0EJqLN9z6IrWqyi9k=
X-Received: by 127.0.0.2 with SMTP id jUnUYY7687511xMqNGj3YfQ2; Tue, 31 Oct 2023 09:07:26 -0700
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.2836.1698768446042147012
 for <devel@edk2.groups.io>;
 Tue, 31 Oct 2023 09:07:26 -0700
X-Received: from [192.168.4.22] (unknown [47.201.241.95])
	by linux.microsoft.com (Postfix) with ESMTPSA id B950420B74C0;
	Tue, 31 Oct 2023 09:07:24 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B950420B74C0
Message-ID: <68b71576-2395-4ea0-a313-ae86de0f21a3@linux.microsoft.com>
Date: Tue, 31 Oct 2023 12:07:23 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
To: devel@edk2.groups.io, lersek@redhat.com,
 "Kinney, Michael D" <michael.d.kinney@intel.com>,
 'Leif Lindholm' <quic_llindhol@quicinc.com>, 'Andrew Fish' <afish@apple.com>
Cc: 'Sean Brogan' <sean.brogan@microsoft.com>,
 Gerd Hoffmann <kraxel@redhat.com>, Oliver Steffen <osteffen@redhat.com>
References: <76c83798-2e7e-42df-bd10-673785b987f9@linux.microsoft.com>
 <c7233ece-48ec-3741-b512-daf66c4b8e26@redhat.com>
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
In-Reply-To: <c7233ece-48ec-3741-b512-daf66c4b8e26@redhat.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: NFLivP5wBUaEpAqUDymCpfZvx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=jZ6oCOUt;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

On 10/28/2023 7:51 AM, Laszlo Ersek wrote:
> On 10/27/23 23:11, Michael Kubacki wrote:
>> I'd like to bring attention to Apache License 2.0 code in the CodeQL
>> series I sent to the mailing list for steward review.
>>
>> In particular, the files in the BaseTools/Plugin/CodeQL/analyze
>> directory of this patch:
>>
>> https://edk2.groups.io/g/devel/message/109696
>>
>> Please let me know if any next steps are needed.
>=20
> (1) I don't know if edk2 accepts contributions under Apache License 2.0;
> just want to point out that this license is acceptable in Fedora (and so
> RHEL too), per
> <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>. Assuming
> we're talking about "Apache Software License 2.0".
>=20
A few submodules are using the Apache License 2.0.

For example, OpenSSL v3:

- https://www.openssl.org/source/license.html
- https://git.openssl.org/?p=3Dopenssl.git;a=3Dblob_plain;f=3DLICENSE.txt;h=
b=3DHEAD

And cmoocka:

- https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING

I'm unaware if there was precedent specific to submodules, but I'd=20
expect terms like redistribution clauses to already apply regardless of=20
tooling used to acquire the source code into the project.

> (2) Should we extend "License Details" and "Code Contributions" in
> "ReadMe.rst"?
>=20
My initial thought was to add the path (BaseTools\Plugin\CodeQL\analyze)=20
to "License Details".

Was that all that you had in mind or to elaborate further in that=20
section on the licenses used/allowed?

> (3) Should the new files (under Apache License 2.0) use an SPDX
> identifier tag, for easy greppability?
>=20
I'd be happy to add that.

> (4) With the addition, downstream packages (such as RPMs in Fedora and
> RHEL) might want to spell out the short SPDX identifier of the new
> license too in their License: tags.
>=20
> Laszlo
>=20
>=20
>=20
>=20
>=20


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110433): https://edk2.groups.io/g/devel/message/110433
Mute This Topic: https://groups.io/mt/102230244/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-