From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E2C489419D1 for ; Tue, 31 Oct 2023 16:07:27 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=gaX6BW7TVdrLiS8D7NMQA7yDxLDqE7i211a3OzpctNM=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1698768446; v=1; b=jZ6oCOUtflJWtcx3v7jeijE+256Codz8+TSr6JwxvArVNOijqgMw6XJOCOp+FP1DribLDsK0 /JsM/Rq3pIDdfpUB6l81LtEXtPL6GJvZtISwsosS+3AbGtKi8pTtSzStQVsFcwcrZ67PzQK2FlZ TWibFss0EJqLN9z6IrWqyi9k= X-Received: by 127.0.0.2 with SMTP id jUnUYY7687511xMqNGj3YfQ2; Tue, 31 Oct 2023 09:07:26 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.2836.1698768446042147012 for ; Tue, 31 Oct 2023 09:07:26 -0700 X-Received: from [192.168.4.22] (unknown [47.201.241.95]) by linux.microsoft.com (Postfix) with ESMTPSA id B950420B74C0; Tue, 31 Oct 2023 09:07:24 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B950420B74C0 Message-ID: <68b71576-2395-4ea0-a313-ae86de0f21a3@linux.microsoft.com> Date: Tue, 31 Oct 2023 12:07:23 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files To: devel@edk2.groups.io, lersek@redhat.com, "Kinney, Michael D" , 'Leif Lindholm' , 'Andrew Fish' Cc: 'Sean Brogan' , Gerd Hoffmann , Oliver Steffen References: <76c83798-2e7e-42df-bd10-673785b987f9@linux.microsoft.com> From: "Michael Kubacki" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: NFLivP5wBUaEpAqUDymCpfZvx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=jZ6oCOUt; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 10/28/2023 7:51 AM, Laszlo Ersek wrote: > On 10/27/23 23:11, Michael Kubacki wrote: >> I'd like to bring attention to Apache License 2.0 code in the CodeQL >> series I sent to the mailing list for steward review. >> >> In particular, the files in the BaseTools/Plugin/CodeQL/analyze >> directory of this patch: >> >> https://edk2.groups.io/g/devel/message/109696 >> >> Please let me know if any next steps are needed. >=20 > (1) I don't know if edk2 accepts contributions under Apache License 2.0; > just want to point out that this license is acceptable in Fedora (and so > RHEL too), per > . Assuming > we're talking about "Apache Software License 2.0". >=20 A few submodules are using the Apache License 2.0. For example, OpenSSL v3: - https://www.openssl.org/source/license.html - https://git.openssl.org/?p=3Dopenssl.git;a=3Dblob_plain;f=3DLICENSE.txt;h= b=3DHEAD And cmoocka: - https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING I'm unaware if there was precedent specific to submodules, but I'd=20 expect terms like redistribution clauses to already apply regardless of=20 tooling used to acquire the source code into the project. > (2) Should we extend "License Details" and "Code Contributions" in > "ReadMe.rst"? >=20 My initial thought was to add the path (BaseTools\Plugin\CodeQL\analyze)=20 to "License Details". Was that all that you had in mind or to elaborate further in that=20 section on the licenses used/allowed? > (3) Should the new files (under Apache License 2.0) use an SPDX > identifier tag, for easy greppability? >=20 I'd be happy to add that. > (4) With the addition, downstream packages (such as RPMs in Fedora and > RHEL) might want to spell out the short SPDX identifier of the new > license too in their License: tags. >=20 > Laszlo >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110433): https://edk2.groups.io/g/devel/message/110433 Mute This Topic: https://groups.io/mt/102230244/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-