From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io, michael.d.kinney@intel.com,
Laszlo Ersek <lersek@redhat.com>,
'Leif Lindholm' <quic_llindhol@quicinc.com>,
'Andrew Fish' <afish@apple.com>
Cc: 'Sean Brogan' <sean.brogan@microsoft.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Oliver Steffen <osteffen@redhat.com>
Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
Date: Tue, 31 Oct 2023 17:29:39 -0400 [thread overview]
Message-ID: <d354650f-d739-4a79-87f4-54ddeac9eff3@linux.microsoft.com> (raw)
In-Reply-To: <CO1PR11MB492992BB64E68CE2BDCCA745D2A0A@CO1PR11MB4929.namprd11.prod.outlook.com>
I split out the update to Readme.rst as a preliminary change to sending
a new version of the CodeQL patch series.
I did this to help isolate feedback related to that general licensing
update from the larger CodeQL series.
https://edk2.groups.io/g/devel/message/110452
Once that is in, I will update the CodeQL series to remove the
additional BSD-2-Clause-Patent from files that contain Apache 2.0 license.
Thanks,
Michael
On 10/31/2023 3:45 PM, Michael D Kinney wrote:
> Hi Michael,
>
> I agree that SPDX is preferred in file headers over license text
> in TianoCore projects.
>
> I just do not know what the rules are when you copy a file from
> An external project if you can replace without permission from the
> owning project since many of the licenses state that the license
> and copyrights need to be preserved.
>
> Mike
>
>> -----Original Message-----
>> From: Michael Kubacki <mikuback@linux.microsoft.com>
>> Sent: Tuesday, October 31, 2023 12:34 PM
>> To: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
>> <lersek@redhat.com>; devel@edk2.groups.io; 'Leif Lindholm'
>> <quic_llindhol@quicinc.com>; 'Andrew Fish' <afish@apple.com>
>> Cc: 'Sean Brogan' <sean.brogan@microsoft.com>; Gerd Hoffmann
>> <kraxel@redhat.com>; Oliver Steffen <osteffen@redhat.com>
>> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
>>
>> On 10/31/2023 3:19 PM, Kinney, Michael D wrote:
>>> Michael,
>>>
>>> I noticed some of the files had Apache 2.0 license and then
>>> you added content under BSD-2-Clause-Patent. Why wouldn't
>>> you continue with the original Apache 2.0 license?
>>>
>> I will continue with the original license.
>>
>>> Also, I am not sure if you can replace the license text with
>>> the SPDX identifier if the original file had the text. I know
>>> TianoCore did a license change, but we had to get approval from
>>> all contributors.
>>>
>> I interpreted the earlier question (3) to mean appending an SPDX
>> identifier to the existing header.
>>
>> I still think there's some value in that for machine readability and
>> consistency with the ID being present in most other source files in
>> the
>> repo. Do we care to have that?
>>
>> Note: "Copyright notices" in
>> https://spdx.dev/learn/handling-license-info/ instructs not remove or
>> modify existing notices.
>>
>>> Thanks,
>>>
>>> Mike
>>>
>>>> -----Original Message-----
>>>> From: Laszlo Ersek <lersek@redhat.com>
>>>> Sent: Tuesday, October 31, 2023 10:22 AM
>>>> To: Michael Kubacki <mikuback@linux.microsoft.com>;
>>>> devel@edk2.groups.io; Kinney, Michael D
>> <michael.d.kinney@intel.com>;
>>>> 'Leif Lindholm' <quic_llindhol@quicinc.com>; 'Andrew Fish'
>>>> <afish@apple.com>
>>>> Cc: 'Sean Brogan' <sean.brogan@microsoft.com>; Gerd Hoffmann
>>>> <kraxel@redhat.com>; Oliver Steffen <osteffen@redhat.com>
>>>> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files
>>>>
>>>> On 10/31/23 17:07, Michael Kubacki wrote:
>>>>> On 10/28/2023 7:51 AM, Laszlo Ersek wrote:
>>>>>> On 10/27/23 23:11, Michael Kubacki wrote:
>>>>>>> I'd like to bring attention to Apache License 2.0 code in the
>>>> CodeQL
>>>>>>> series I sent to the mailing list for steward review.
>>>>>>>
>>>>>>> In particular, the files in the BaseTools/Plugin/CodeQL/analyze
>>>>>>> directory of this patch:
>>>>>>>
>>>>>>> https://edk2.groups.io/g/devel/message/109696
>>>>>>>
>>>>>>> Please let me know if any next steps are needed.
>>>>>>
>>>>>> (1) I don't know if edk2 accepts contributions under Apache
>> License
>>>> 2.0;
>>>>>> just want to point out that this license is acceptable in Fedora
>>>> (and so
>>>>>> RHEL too), per
>>>>>> <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>.
>>>> Assuming
>>>>>> we're talking about "Apache Software License 2.0".
>>>>>>
>>>>> A few submodules are using the Apache License 2.0.
>>>>>
>>>>> For example, OpenSSL v3:
>>>>>
>>>>> - https://www.openssl.org/source/license.html
>>>>> -
>>>>
>> https://git.openssl.org/?p=openssl.git;a=blob_plain;f=LICENSE.txt;hb=H
>>>> EAD
>>>>>
>>>>> And cmoocka:
>>>>>
>>>>> - https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING
>>>>
>>>> Thanks for identifying those!
>>>>
>>>>>
>>>>> I'm unaware if there was precedent specific to submodules, but I'd
>>>>> expect terms like redistribution clauses to already apply
>> regardless
>>>> of
>>>>> tooling used to acquire the source code into the project.
>>>>
>>>> I believe the same.
>>>>
>>>>>
>>>>>> (2) Should we extend "License Details" and "Code Contributions"
>> in
>>>>>> "ReadMe.rst"?
>>>>>>
>>>>> My initial thought was to add the path
>>>> (BaseTools\Plugin\CodeQL\analyze)
>>>>> to "License Details".
>>>>>
>>>>> Was that all that you had in mind or to elaborate further in that
>>>>> section on the licenses used/allowed?
>>>>
>>>> - Under "License Details", simply list
>> BaseTools/Plugin/CodeQL/analyze
>>>> as one of the "components" (i.e., first list) that use a
>> "additional
>>>> licenses".
>>>>
>>>> - Under "Code Contributions", we should list "Apache Software
>> License
>>>> 2.0" as acceptable -- both for this new feature, and for the
>> *already*
>>>> upstream stuff that you found above.
>>>>
>>>>>
>>>>>> (3) Should the new files (under Apache License 2.0) use an SPDX
>>>>>> identifier tag, for easy greppability?
>>>>>>
>>>>> I'd be happy to add that.
>>>>
>>>> That's a relief, I didn't know whether you could touch up the
>> license
>>>> blocks!
>>>>
>>>> Thanks!
>>>> Laszlo
>>>>
>>>>>
>>>>>> (4) With the addition, downstream packages (such as RPMs in
>> Fedora
>>>> and
>>>>>> RHEL) might want to spell out the short SPDX identifier of the
>> new
>>>>>> license too in their License: tags.
>>>>>>
>>>>>> Laszlo
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110453): https://edk2.groups.io/g/devel/message/110453
Mute This Topic: https://groups.io/mt/102230244/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-31 21:29 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-27 21:11 [edk2-devel] CodeQL and Apache Licensed Files Michael Kubacki
2023-10-28 11:51 ` Laszlo Ersek
2023-10-31 16:07 ` Michael Kubacki
2023-10-31 17:22 ` Laszlo Ersek
2023-10-31 19:19 ` Michael D Kinney
2023-10-31 19:34 ` Michael Kubacki
2023-10-31 19:45 ` Michael D Kinney
2023-10-31 21:29 ` Michael Kubacki [this message]
2023-10-31 19:22 ` Pedro Falcato
2023-10-31 19:42 ` Michael D Kinney
2023-10-31 19:49 ` Pedro Falcato
2023-11-01 11:11 ` Leif Lindholm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d354650f-d739-4a79-87f4-54ddeac9eff3@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox