From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id B457E7803D7 for ; Tue, 31 Oct 2023 21:29:43 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=C3P/vevs3kYPtiK9LNGfqGgfJdiFzLUmXI8NeJWMv14=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1698787782; v=1; b=SVQ68tNPBaC4QxUOGFiag36ueS7iH3xGLAGcJKAq+1Sn12b6DcyCoq3ZdGzKOKtAdNcamFaU wT/bytajVxMBJ/jfZ+ZeH88ndGxhmXl86NyXNiuFeReF+ZCSRs8/D87WAvC9FrqOIVgc4AIPqLm d/3xdawcFHE9ac+gnN64OL34= X-Received: by 127.0.0.2 with SMTP id rDcXYY7687511xzfe8dOzGbp; Tue, 31 Oct 2023 14:29:42 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.7746.1698787781953501907 for ; Tue, 31 Oct 2023 14:29:42 -0700 X-Received: from [192.168.4.22] (unknown [47.201.241.95]) by linux.microsoft.com (Postfix) with ESMTPSA id B1D0D20B74C0; Tue, 31 Oct 2023 14:29:40 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B1D0D20B74C0 Message-ID: Date: Tue, 31 Oct 2023 17:29:39 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files To: devel@edk2.groups.io, michael.d.kinney@intel.com, Laszlo Ersek , 'Leif Lindholm' , 'Andrew Fish' Cc: 'Sean Brogan' , Gerd Hoffmann , Oliver Steffen References: <76c83798-2e7e-42df-bd10-673785b987f9@linux.microsoft.com> <68b71576-2395-4ea0-a313-ae86de0f21a3@linux.microsoft.com> <25cfaf16-4b79-c64e-f7b8-ea64fd1d47db@redhat.com> From: "Michael Kubacki" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: LQaVg91yNe7M0ZGPXFAi7COKx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=SVQ68tNP; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io I split out the update to Readme.rst as a preliminary change to sending=20 a new version of the CodeQL patch series. I did this to help isolate feedback related to that general licensing=20 update from the larger CodeQL series. https://edk2.groups.io/g/devel/message/110452 Once that is in, I will update the CodeQL series to remove the=20 additional BSD-2-Clause-Patent from files that contain Apache 2.0 license. Thanks, Michael On 10/31/2023 3:45 PM, Michael D Kinney wrote: > Hi Michael, >=20 > I agree that SPDX is preferred in file headers over license text > in TianoCore projects. >=20 > I just do not know what the rules are when you copy a file from > An external project if you can replace without permission from the > owning project since many of the licenses state that the license > and copyrights need to be preserved. >=20 > Mike >=20 >> -----Original Message----- >> From: Michael Kubacki >> Sent: Tuesday, October 31, 2023 12:34 PM >> To: Kinney, Michael D ; Laszlo Ersek >> ; devel@edk2.groups.io; 'Leif Lindholm' >> ; 'Andrew Fish' >> Cc: 'Sean Brogan' ; Gerd Hoffmann >> ; Oliver Steffen >> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files >> >> On 10/31/2023 3:19 PM, Kinney, Michael D wrote: >>> Michael, >>> >>> I noticed some of the files had Apache 2.0 license and then >>> you added content under BSD-2-Clause-Patent. Why wouldn't >>> you continue with the original Apache 2.0 license? >>> >> I will continue with the original license. >> >>> Also, I am not sure if you can replace the license text with >>> the SPDX identifier if the original file had the text. I know >>> TianoCore did a license change, but we had to get approval from >>> all contributors. >>> >> I interpreted the earlier question (3) to mean appending an SPDX >> identifier to the existing header. >> >> I still think there's some value in that for machine readability and >> consistency with the ID being present in most other source files in >> the >> repo. Do we care to have that? >> >> Note: "Copyright notices" in >> https://spdx.dev/learn/handling-license-info/ instructs not remove or >> modify existing notices. >> >>> Thanks, >>> >>> Mike >>> >>>> -----Original Message----- >>>> From: Laszlo Ersek >>>> Sent: Tuesday, October 31, 2023 10:22 AM >>>> To: Michael Kubacki ; >>>> devel@edk2.groups.io; Kinney, Michael D >> ; >>>> 'Leif Lindholm' ; 'Andrew Fish' >>>> >>>> Cc: 'Sean Brogan' ; Gerd Hoffmann >>>> ; Oliver Steffen >>>> Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files >>>> >>>> On 10/31/23 17:07, Michael Kubacki wrote: >>>>> On 10/28/2023 7:51 AM, Laszlo Ersek wrote: >>>>>> On 10/27/23 23:11, Michael Kubacki wrote: >>>>>>> I'd like to bring attention to Apache License 2.0 code in the >>>> CodeQL >>>>>>> series I sent to the mailing list for steward review. >>>>>>> >>>>>>> In particular, the files in the BaseTools/Plugin/CodeQL/analyze >>>>>>> directory of this patch: >>>>>>> >>>>>>> https://edk2.groups.io/g/devel/message/109696 >>>>>>> >>>>>>> Please let me know if any next steps are needed. >>>>>> >>>>>> (1) I don't know if edk2 accepts contributions under Apache >> License >>>> 2.0; >>>>>> just want to point out that this license is acceptable in Fedora >>>> (and so >>>>>> RHEL too), per >>>>>> . >>>> Assuming >>>>>> we're talking about "Apache Software License 2.0". >>>>>> >>>>> A few submodules are using the Apache License 2.0. >>>>> >>>>> For example, OpenSSL v3: >>>>> >>>>> - https://www.openssl.org/source/license.html >>>>> - >>>> >> https://git.openssl.org/?p=3Dopenssl.git;a=3Dblob_plain;f=3DLICENSE.txt;= hb=3DH >>>> EAD >>>>> >>>>> And cmoocka: >>>>> >>>>> - https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING >>>> >>>> Thanks for identifying those! >>>> >>>>> >>>>> I'm unaware if there was precedent specific to submodules, but I'd >>>>> expect terms like redistribution clauses to already apply >> regardless >>>> of >>>>> tooling used to acquire the source code into the project. >>>> >>>> I believe the same. >>>> >>>>> >>>>>> (2) Should we extend "License Details" and "Code Contributions" >> in >>>>>> "ReadMe.rst"? >>>>>> >>>>> My initial thought was to add the path >>>> (BaseTools\Plugin\CodeQL\analyze) >>>>> to "License Details". >>>>> >>>>> Was that all that you had in mind or to elaborate further in that >>>>> section on the licenses used/allowed? >>>> >>>> - Under "License Details", simply list >> BaseTools/Plugin/CodeQL/analyze >>>> as one of the "components" (i.e., first list) that use a >> "additional >>>> licenses". >>>> >>>> - Under "Code Contributions", we should list "Apache Software >> License >>>> 2.0" as acceptable -- both for this new feature, and for the >> *already* >>>> upstream stuff that you found above. >>>> >>>>> >>>>>> (3) Should the new files (under Apache License 2.0) use an SPDX >>>>>> identifier tag, for easy greppability? >>>>>> >>>>> I'd be happy to add that. >>>> >>>> That's a relief, I didn't know whether you could touch up the >> license >>>> blocks! >>>> >>>> Thanks! >>>> Laszlo >>>> >>>>> >>>>>> (4) With the addition, downstream packages (such as RPMs in >> Fedora >>>> and >>>>>> RHEL) might want to spell out the short SPDX identifier of the >> new >>>>>> license too in their License: tags. >>>>>> >>>>>> Laszlo >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>> >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110453): https://edk2.groups.io/g/devel/message/110453 Mute This Topic: https://groups.io/mt/102230244/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-