Update licensing info #451
Conversation
hallyn
force-pushed
the
2021-12-05/license
branch
from
e4c770a
to
e647632
Compare
|
Commenting to get notified on changes. Lemme know when you're done and I'll review and approve so there's traceability that I approved nuking the Artistic License. If anyone needs a signed piece of paper, I can do that as well. |
hallyn
force-pushed
the
2021-12-05/license
branch
from
e647632
to
0eeb7c7
Compare
hallyn
force-pushed
the
2021-12-05/license
branch
from
0eeb7c7
to
c736b71
Compare
hallyn
force-pushed
the
2021-12-05/license
branch
2 times, most recently
from
55b260c
to
664cab3
Compare
I'll wait on that approval and this merge before doing a next release. That way hopefully the release can be used as straightforwardly as possible in the new debian merge. |
|
I'm waiting with the Debian upload until this licensing change lands (and ideally gets in a release). |
| MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. | ||
|
|
||
| The End | ||
| SPDX-License-Identifier: BSD-3-Clause |
There was a problem hiding this comment.
I think BSD-3-Clause is not a valid license for the whole project. I think there is none, since contrib/atudel is BSD-4-Clause which is not compatible with GPL https://en.wikipedia.org/wiki/BSD_licenses#4-clause_license_(original_%22BSD_License%22), yet src/vipw.c is licensed under GPL.
I suggest dropping contrib/atudel or splitting it out to a separate project.
If vipw.c stays in the source under GPL, then the the license of the project should be GPL (with BSD parts).
There was a problem hiding this comment.
I don't think so since those are all separate programs, and this situation is far from being unique; I've seen quite a few projects with non-GPL parts, e.g. an application and a client library to talk to it.
There was a problem hiding this comment.
@andrewshadura Do you have some links? I guess you question the GPL as the whole project's license and not the problem with atudel.
There was a problem hiding this comment.
Most definitely GPL is not the project’s license, but just the license of one independent program.
There was a problem hiding this comment.
@andrewshadura I agree that the project is belived to be BSD licensed, but looking at the current state the release tarballs can't be distributed under BSD. If we remove atudel the resulting tarball can be distributed under GPL, but not under BSD (3 clause), because it contains a GPL licensed source file. If we cut vipw.c, the remaining tarball can be distributed under BSD (3 clause).
From Debian's perspective I'm OK with keeping vipw.c in the tarball, but I have to exclude atudel, for sure, to keep shadow's source in main.
It could be claimed, that atudel and vipw.c are only bundled, but this needs an explanation in the COPYING file, IMO.
There was a problem hiding this comment.
@rbalint, you’re misinterpreting it. atudel has no relationship whatsoever to vipw except being shipped in the same tarball. It is not a derivative work of vipw, it’s not based on it, linked with it or anything really except being bundled together.
You cannot claim that the license of the whole package is GPL, because it’s BSD-3-Clause for most files, GPL for vipw and BSD-4-Clause for atudel. I don’t think a concept of a "license for the whole package" makes sense at all in this case, but in any case vipw and atudel are an exception, so it’s probably okay to say "this package is BSD-3 except this and that".
There was a problem hiding this comment.
Originally I'd planned to remove the copyright statement from the files which fall under the 3 clause BSD license. The COPYING file then just listed the default. It explicitly says that files may list alternative licenses, which vipw does.
Perhaps I should add a paragraph to say that all new files are to be BSD-3. But as @andrewshadura says, vipw and atudel are the exceptions. It may make a difference from a debian packaging perspective, but for the git repo all I'm doing is documenting the existing licenses. We will not relicense other files just because vipw is under src/. In particular, section 2 of the GPL says:
In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
The git repo is (in my estimation) a storage or distribution medium. No other programs in shadow are based on vipw.
Closes shadow-maint#238 Update all files to list SPDX license shortname. Most files are BSD 3 clause license. The exceptions are: serge@sl ~/src/shadow$ git grep SPDX-License | grep -v BSD-3-Clause contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD libmisc/salt.c: * SPDX-License-Identifier: Unlicense src/login_nopam.c: * SPDX-License-Identifier: Unlicense src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later Signed-off-by: Serge Hallyn <[email protected]>
hallyn
force-pushed
the
2021-12-05/license
branch
from
664cab3
to
f93cf25
Compare
Closes #238
Signed-off-by: Serge Hallyn [email protected]