public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: Michael Kubacki <mikuback@linux.microsoft.com>,
	Laszlo Ersek <lersek@redhat.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	"'Leif Lindholm'" <quic_llindhol@quicinc.com>,
	'Andrew Fish' <afish@apple.com>
Cc: 'Sean Brogan' <sean.brogan@microsoft.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Oliver Steffen <osteffen@redhat.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
Date: Tue, 31 Oct 2023 19:45:20 +0000	[thread overview]
Message-ID: <CO1PR11MB492992BB64E68CE2BDCCA745D2A0A@CO1PR11MB4929.namprd11.prod.outlook.com> (raw)
In-Reply-To: <b90fd20d-aae2-4adc-9a34-d969da8208ad@linux.microsoft.com>

Hi Michael,

I agree that SPDX is preferred in file headers over license text
in TianoCore projects.

I just do not know what the rules are when you copy a file from
An external project if you can replace without permission from the
owning project since many of the licenses state that the license
and copyrights need to be preserved.

Mike

> -----Original Message-----
> From: Michael Kubacki <mikuback@linux.microsoft.com>
> Sent: Tuesday, October 31, 2023 12:34 PM
> To: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; devel@edk2.groups.io; 'Leif Lindholm'
> <quic_llindhol@quicinc.com>; 'Andrew Fish' <afish@apple.com>
> Cc: 'Sean Brogan' <sean.brogan@microsoft.com>; Gerd Hoffmann
> <kraxel@redhat.com>; Oliver Steffen <osteffen@redhat.com>
> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
> 
> On 10/31/2023 3:19 PM, Kinney, Michael D wrote:
> > Michael,
> >
> > I noticed some of the files had Apache 2.0 license and then
> > you added content under BSD-2-Clause-Patent.  Why wouldn't
> > you continue with the original Apache 2.0 license?
> >
> I will continue with the original license.
> 
> > Also, I am not sure if you can replace the license text with
> > the SPDX identifier if the original file had the text.  I know
> > TianoCore did a license change, but we had to get approval from
> > all contributors.
> >
> I interpreted the earlier question (3) to mean appending an SPDX
> identifier to the existing header.
> 
> I still think there's some value in that for machine readability and
> consistency with the ID being present in most other source files in
> the
> repo. Do we care to have that?
> 
> Note: "Copyright notices" in
> https://spdx.dev/learn/handling-license-info/ instructs not remove or
> modify existing notices.
> 
> > Thanks,
> >
> > Mike
> >
> >> -----Original Message-----
> >> From: Laszlo Ersek <lersek@redhat.com>
> >> Sent: Tuesday, October 31, 2023 10:22 AM
> >> To: Michael Kubacki <mikuback@linux.microsoft.com>;
> >> devel@edk2.groups.io; Kinney, Michael D
> <michael.d.kinney@intel.com>;
> >> 'Leif Lindholm' <quic_llindhol@quicinc.com>; 'Andrew Fish'
> >> <afish@apple.com>
> >> Cc: 'Sean Brogan' <sean.brogan@microsoft.com>; Gerd Hoffmann
> >> <kraxel@redhat.com>; Oliver Steffen <osteffen@redhat.com>
> >> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
> >>
> >> On 10/31/23 17:07, Michael Kubacki wrote:
> >>> On 10/28/2023 7:51 AM, Laszlo Ersek wrote:
> >>>> On 10/27/23 23:11, Michael Kubacki wrote:
> >>>>> I'd like to bring attention to Apache License 2.0 code in the
> >> CodeQL
> >>>>> series I sent to the mailing list for steward review.
> >>>>>
> >>>>> In particular, the files in the BaseTools/Plugin/CodeQL/analyze
> >>>>> directory of this patch:
> >>>>>
> >>>>> https://edk2.groups.io/g/devel/message/109696
> >>>>>
> >>>>> Please let me know if any next steps are needed.
> >>>>
> >>>> (1) I don't know if edk2 accepts contributions under Apache
> License
> >> 2.0;
> >>>> just want to point out that this license is acceptable in Fedora
> >> (and so
> >>>> RHEL too), per
> >>>> <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>.
> >> Assuming
> >>>> we're talking about "Apache Software License 2.0".
> >>>>
> >>> A few submodules are using the Apache License 2.0.
> >>>
> >>> For example, OpenSSL v3:
> >>>
> >>> - https://www.openssl.org/source/license.html
> >>> -
> >>
> https://git.openssl.org/?p=openssl.git;a=blob_plain;f=LICENSE.txt;hb=H
> >> EAD
> >>>
> >>> And cmoocka:
> >>>
> >>> - https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING
> >>
> >> Thanks for identifying those!
> >>
> >>>
> >>> I'm unaware if there was precedent specific to submodules, but I'd
> >>> expect terms like redistribution clauses to already apply
> regardless
> >> of
> >>> tooling used to acquire the source code into the project.
> >>
> >> I believe the same.
> >>
> >>>
> >>>> (2) Should we extend "License Details" and "Code Contributions"
> in
> >>>> "ReadMe.rst"?
> >>>>
> >>> My initial thought was to add the path
> >> (BaseTools\Plugin\CodeQL\analyze)
> >>> to "License Details".
> >>>
> >>> Was that all that you had in mind or to elaborate further in that
> >>> section on the licenses used/allowed?
> >>
> >> - Under "License Details", simply list
> BaseTools/Plugin/CodeQL/analyze
> >> as one of the "components" (i.e., first list) that use a
> "additional
> >> licenses".
> >>
> >> - Under "Code Contributions", we should list "Apache Software
> License
> >> 2.0" as acceptable -- both for this new feature, and for the
> *already*
> >> upstream stuff that you found above.
> >>
> >>>
> >>>> (3) Should the new files (under Apache License 2.0) use an SPDX
> >>>> identifier tag, for easy greppability?
> >>>>
> >>> I'd be happy to add that.
> >>
> >> That's a relief, I didn't know whether you could touch up the
> license
> >> blocks!
> >>
> >> Thanks!
> >> Laszlo
> >>
> >>>
> >>>> (4) With the addition, downstream packages (such as RPMs in
> Fedora
> >> and
> >>>> RHEL) might want to spell out the short SPDX identifier of the
> new
> >>>> license too in their License: tags.
> >>>>
> >>>> Laszlo
> >>>>
> >>>>
> >>>>
> >>>> 
> >>>>
> >>>
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110446): https://edk2.groups.io/g/devel/message/110446
Mute This Topic: https://groups.io/mt/102230244/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  reply	other threads:[~2023-10-31 19:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-27 21:11 [edk2-devel] CodeQL and Apache Licensed Files Michael Kubacki
2023-10-28 11:51 ` Laszlo Ersek
2023-10-31 16:07   ` Michael Kubacki
2023-10-31 17:22     ` Laszlo Ersek
2023-10-31 19:19       ` Michael D Kinney
2023-10-31 19:34         ` Michael Kubacki
2023-10-31 19:45           ` Michael D Kinney [this message]
2023-10-31 21:29             ` Michael Kubacki
2023-10-31 19:22   ` Pedro Falcato
2023-10-31 19:42     ` Michael D Kinney
2023-10-31 19:49       ` Pedro Falcato
2023-11-01 11:11         ` Leif Lindholm

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CO1PR11MB492992BB64E68CE2BDCCA745D2A0A@CO1PR11MB4929.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox