From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+110444+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id D5075D8042B
	for <rebecca@openfw.io>; Tue, 31 Oct 2023 19:34:22 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=kasutlCFZ4VmpwnpfMaiILY8e0xOPsbZOi3bkLVYoqg=;
 c=relaxed/simple; d=groups.io;
 h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1698780861; v=1;
 b=nnonvzHSs5ih0FqSeojZjZilKjnk2dgiAN1p15g93FqzsLvzWVt8afG0WrUqXEYQkbi2cV9c
 TV1eB3DtcC8R+gvjiVAZTgCz/am4suah4Fr8b0rpjvxbI7HP8OQ6zL/vwlzKsFBLs/qI4lEPxh/
 sTzjDA/ZILdOdF4y3ZATWHoQ=
X-Received: by 127.0.0.2 with SMTP id 1oGYYY7687511x9miQRAA11w; Tue, 31 Oct 2023 12:34:21 -0700
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.4914.1698780860841992222
 for <devel@edk2.groups.io>;
 Tue, 31 Oct 2023 12:34:20 -0700
X-Received: from [192.168.4.22] (unknown [47.201.241.95])
	by linux.microsoft.com (Postfix) with ESMTPSA id 422DE20B74C0;
	Tue, 31 Oct 2023 12:34:19 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 422DE20B74C0
Message-ID: <b90fd20d-aae2-4adc-9a34-d969da8208ad@linux.microsoft.com>
Date: Tue, 31 Oct 2023 15:34:18 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
 Laszlo Ersek <lersek@redhat.com>, "devel@edk2.groups.io"
 <devel@edk2.groups.io>, 'Leif Lindholm' <quic_llindhol@quicinc.com>,
 'Andrew Fish' <afish@apple.com>
Cc: 'Sean Brogan' <sean.brogan@microsoft.com>,
 Gerd Hoffmann <kraxel@redhat.com>, Oliver Steffen <osteffen@redhat.com>
References: <76c83798-2e7e-42df-bd10-673785b987f9@linux.microsoft.com>
 <c7233ece-48ec-3741-b512-daf66c4b8e26@redhat.com>
 <68b71576-2395-4ea0-a313-ae86de0f21a3@linux.microsoft.com>
 <25cfaf16-4b79-c64e-f7b8-ea64fd1d47db@redhat.com>
 <CO1PR11MB4929DBD4AC742A95870D11C4D2A0A@CO1PR11MB4929.namprd11.prod.outlook.com>
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
In-Reply-To: <CO1PR11MB4929DBD4AC742A95870D11C4D2A0A@CO1PR11MB4929.namprd11.prod.outlook.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: MQcnx1uOObbdYyoIdaQLgowKx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=nnonvzHS;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none)

On 10/31/2023 3:19 PM, Kinney, Michael D wrote:
> Michael,
>=20
> I noticed some of the files had Apache 2.0 license and then
> you added content under BSD-2-Clause-Patent.  Why wouldn't
> you continue with the original Apache 2.0 license?
>=20
I will continue with the original license.

> Also, I am not sure if you can replace the license text with
> the SPDX identifier if the original file had the text.  I know
> TianoCore did a license change, but we had to get approval from
> all contributors.
>=20
I interpreted the earlier question (3) to mean appending an SPDX=20
identifier to the existing header.

I still think there's some value in that for machine readability and=20
consistency with the ID being present in most other source files in the=20
repo. Do we care to have that?

Note: "Copyright notices" in=20
https://spdx.dev/learn/handling-license-info/ instructs not remove or=20
modify existing notices.

> Thanks,
>=20
> Mike
>=20
>> -----Original Message-----
>> From: Laszlo Ersek <lersek@redhat.com>
>> Sent: Tuesday, October 31, 2023 10:22 AM
>> To: Michael Kubacki <mikuback@linux.microsoft.com>;
>> devel@edk2.groups.io; Kinney, Michael D <michael.d.kinney@intel.com>;
>> 'Leif Lindholm' <quic_llindhol@quicinc.com>; 'Andrew Fish'
>> <afish@apple.com>
>> Cc: 'Sean Brogan' <sean.brogan@microsoft.com>; Gerd Hoffmann
>> <kraxel@redhat.com>; Oliver Steffen <osteffen@redhat.com>
>> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
>>
>> On 10/31/23 17:07, Michael Kubacki wrote:
>>> On 10/28/2023 7:51 AM, Laszlo Ersek wrote:
>>>> On 10/27/23 23:11, Michael Kubacki wrote:
>>>>> I'd like to bring attention to Apache License 2.0 code in the
>> CodeQL
>>>>> series I sent to the mailing list for steward review.
>>>>>
>>>>> In particular, the files in the BaseTools/Plugin/CodeQL/analyze
>>>>> directory of this patch:
>>>>>
>>>>> https://edk2.groups.io/g/devel/message/109696
>>>>>
>>>>> Please let me know if any next steps are needed.
>>>>
>>>> (1) I don't know if edk2 accepts contributions under Apache License
>> 2.0;
>>>> just want to point out that this license is acceptable in Fedora
>> (and so
>>>> RHEL too), per
>>>> <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>.
>> Assuming
>>>> we're talking about "Apache Software License 2.0".
>>>>
>>> A few submodules are using the Apache License 2.0.
>>>
>>> For example, OpenSSL v3:
>>>
>>> - https://www.openssl.org/source/license.html
>>> -
>> https://git.openssl.org/?p=3Dopenssl.git;a=3Dblob_plain;f=3DLICENSE.txt;=
hb=3DH
>> EAD
>>>
>>> And cmoocka:
>>>
>>> - https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING
>>
>> Thanks for identifying those!
>>
>>>
>>> I'm unaware if there was precedent specific to submodules, but I'd
>>> expect terms like redistribution clauses to already apply regardless
>> of
>>> tooling used to acquire the source code into the project.
>>
>> I believe the same.
>>
>>>
>>>> (2) Should we extend "License Details" and "Code Contributions" in
>>>> "ReadMe.rst"?
>>>>
>>> My initial thought was to add the path
>> (BaseTools\Plugin\CodeQL\analyze)
>>> to "License Details".
>>>
>>> Was that all that you had in mind or to elaborate further in that
>>> section on the licenses used/allowed?
>>
>> - Under "License Details", simply list BaseTools/Plugin/CodeQL/analyze
>> as one of the "components" (i.e., first list) that use a "additional
>> licenses".
>>
>> - Under "Code Contributions", we should list "Apache Software License
>> 2.0" as acceptable -- both for this new feature, and for the *already*
>> upstream stuff that you found above.
>>
>>>
>>>> (3) Should the new files (under Apache License 2.0) use an SPDX
>>>> identifier tag, for easy greppability?
>>>>
>>> I'd be happy to add that.
>>
>> That's a relief, I didn't know whether you could touch up the license
>> blocks!
>>
>> Thanks!
>> Laszlo
>>
>>>
>>>> (4) With the addition, downstream packages (such as RPMs in Fedora
>> and
>>>> RHEL) might want to spell out the short SPDX identifier of the new
>>>> license too in their License: tags.
>>>>
>>>> Laszlo
>>>>
>>>>
>>>>
>>>>=20
>>>>
>>>
>=20


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110444): https://edk2.groups.io/g/devel/message/110444
Mute This Topic: https://groups.io/mt/102230244/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-