From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 33056D800EA for ; Fri, 3 Nov 2023 13:06:20 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=R+6uCV+ybw+FxbiDcO7pXbssIQm/ZiU6JMgz9Osb2eg=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1699016778; v=1; b=KvcWC9TMfCqxDi5kcDV9bNJaWj/JTSVfVPBuVBHXdYyA8hOYHtfgc2oH02goTCw2qvkIOn2r wsziTNcWbtRPzcEHzQMa5dxuODANBOBm6VrRnViy43+SJLKI3AH9HGIEoc6FRQepZ/KXDr4jMGP B0D6JuYhU9aQpQKL26H05gT8= X-Received: by 127.0.0.2 with SMTP id sa2cYY7687511x0gfqHwjhIW; Fri, 03 Nov 2023 06:06:18 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.50500.1699016778136139980 for ; Fri, 03 Nov 2023 06:06:18 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-592-PQWGih7aNeKZ_USaX6obyg-1; Fri, 03 Nov 2023 09:06:14 -0400 X-MC-Unique: PQWGih7aNeKZ_USaX6obyg-1 X-Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2816782A621; Fri, 3 Nov 2023 13:06:13 +0000 (UTC) X-Received: from [10.39.192.20] (unknown [10.39.192.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 31A04C1290F; Fri, 3 Nov 2023 13:06:11 +0000 (UTC) Message-ID: Date: Fri, 3 Nov 2023 14:06:10 +0100 MIME-Version: 1.0 Subject: Re: [edk2-devel] [PATCH v4 8/8] ReadMe.rst: Add CodeQL/analyze directory under other licenses To: devel@edk2.groups.io, mikuback@linux.microsoft.com Cc: Andrew Fish , Leif Lindholm , Michael D Kinney References: <20231102200313.1010-1-mikuback@linux.microsoft.com> <20231102200313.1010-9-mikuback@linux.microsoft.com> From: "Laszlo Ersek" In-Reply-To: <20231102200313.1010-9-mikuback@linux.microsoft.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: oOwVNMlClslEiMdxzpzmBexFx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=KvcWC9TM; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) On 11/2/23 21:03, Michael Kubacki wrote: > From: Michael Kubacki >=20 > The code in this directory is licensed under Apache License, Version > 2.0. Therefore, the directory is listed under paths with licenses > other than BSD-2-Clause Plus Patent. The directory link points to the > complete Apache License, Version 2.0 on apache.org. >=20 > Cc: Andrew Fish > Cc: Laszlo Ersek > Cc: Leif Lindholm > Cc: Michael D Kinney > Signed-off-by: Michael Kubacki > --- > ReadMe.rst | 1 + > 1 file changed, 1 insertion(+) >=20 > diff --git a/ReadMe.rst b/ReadMe.rst > index 06fb122ef382..808ccd37af50 100644 > --- a/ReadMe.rst > +++ b/ReadMe.rst > @@ -73,6 +73,7 @@ The majority of the content in the EDK II open source p= roject uses a > source project contains the following components that are covered by add= itional > licenses: > =20 > +- `BaseTools/Plugin/CodeQL/analyze `__ > - `BaseTools/Source/C/LzmaCompress `__ > - `BaseTools/Source/C/VfrCompile/Pccts `__ > - `CryptoPkg\Library\BaseCryptLib\SysCall\inet_pton.c `__ I've carefully read through the cover letter now (impressive work!). I have some questions, with reference to Leif's comment at as well: - Is the BaseTools/Plugin/CodeQL/analyze subdirectory not supposed to contain a standalone "COPYING" or similar file? If not, then the current patch seems fine: Reviewed-by: Laszlo Ersek - I'd like to understand where the BaseTools/Plugin/CodeQL/analyze/ contents (three files) originate from. If it was authored by Microsoft, then I don't understand (per v4 series changelog in the cover letter) why the Microsoft copyright notice had to be removed. And if it is not original work by Microsoft, but work derived by Microsoft from other original work, then it should contain both the original copyright notices, and Microsofts. The file-top comments in those three files reference https://github.com/advanced-security/filter-sarif as the origin. Do the original files in that repository contain copyright notices? (Or does their containing project come with a COPYING or similar file?) I'm not looking for a license specification (SPDX or natural language), but specifically for copyright notices on the original work. Does the organization perhaps use an over-arching copyright notice somewhere? If none of those apply, then I agree that the content added in patch#2 ("BaseTools/Plugin/CodeQL: Add CodeQL build plugin") appears fine. Very unusual to me, but IANAL... Thanks, Laszlo -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110620): https://edk2.groups.io/g/devel/message/110620 Mute This Topic: https://groups.io/mt/102350800/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-