-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update licensing info #451
Conversation
e4c770a
to
e647632
Compare
Commenting to get notified on changes. Lemme know when you're done and I'll review and approve so there's traceability that I approved nuking the Artistic License. If anyone needs a signed piece of paper, I can do that as well. |
e647632
to
0eeb7c7
Compare
0eeb7c7
to
c736b71
Compare
55b260c
to
664cab3
Compare
I'll wait on that approval and this merge before doing a next release. That way hopefully the release can be used as straightforwardly as possible in the new debian merge. |
I'm waiting with the Debian upload until this licensing change lands (and ideally gets in a release). |
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. | ||
|
||
The End | ||
SPDX-License-Identifier: BSD-3-Clause |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think BSD-3-Clause is not a valid license for the whole project. I think there is none, since contrib/atudel
is BSD-4-Clause which is not compatible with GPL https://en.wikipedia.org/wiki/BSD_licenses#4-clause_license_(original_%22BSD_License%22), yet src/vipw.c
is licensed under GPL.
I suggest dropping contrib/atudel
or splitting it out to a separate project.
If vipw.c
stays in the source under GPL, then the the license of the project should be GPL (with BSD parts).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so since those are all separate programs, and this situation is far from being unique; I've seen quite a few projects with non-GPL parts, e.g. an application and a client library to talk to it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andrewshadura Do you have some links? I guess you question the GPL as the whole project's license and not the problem with atudel
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most definitely GPL is not the project’s license, but just the license of one independent program.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andrewshadura I agree that the project is belived to be BSD licensed, but looking at the current state the release tarballs can't be distributed under BSD. If we remove atudel
the resulting tarball can be distributed under GPL, but not under BSD (3 clause), because it contains a GPL licensed source file. If we cut vipw.c
, the remaining tarball can be distributed under BSD (3 clause).
From Debian's perspective I'm OK with keeping vipw.c
in the tarball, but I have to exclude atudel
, for sure, to keep shadow
's source in main
.
It could be claimed, that atudel
and vipw.c
are only bundled, but this needs an explanation in the COPYING file, IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rbalint, you’re misinterpreting it. atudel
has no relationship whatsoever to vipw
except being shipped in the same tarball. It is not a derivative work of vipw
, it’s not based on it, linked with it or anything really except being bundled together.
You cannot claim that the license of the whole package is GPL, because it’s BSD-3-Clause for most files, GPL for vipw
and BSD-4-Clause for atudel
. I don’t think a concept of a "license for the whole package" makes sense at all in this case, but in any case vipw
and atudel
are an exception, so it’s probably okay to say "this package is BSD-3 except this and that".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally I'd planned to remove the copyright statement from the files which fall under the 3 clause BSD license. The COPYING file then just listed the default. It explicitly says that files may list alternative licenses, which vipw does.
Perhaps I should add a paragraph to say that all new files are to be BSD-3. But as @andrewshadura says, vipw and atudel are the exceptions. It may make a difference from a debian packaging perspective, but for the git repo all I'm doing is documenting the existing licenses. We will not relicense other files just because vipw is under src/. In particular, section 2 of the GPL says:
In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
The git repo is (in my estimation) a storage or distribution medium. No other programs in shadow are based on vipw.
Closes shadow-maint#238 Update all files to list SPDX license shortname. Most files are BSD 3 clause license. The exceptions are: serge@sl ~/src/shadow$ git grep SPDX-License | grep -v BSD-3-Clause contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD libmisc/salt.c: * SPDX-License-Identifier: Unlicense src/login_nopam.c: * SPDX-License-Identifier: Unlicense src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later Signed-off-by: Serge Hallyn <[email protected]>
664cab3
to
f93cf25
Compare
Closes #238
Signed-off-by: Serge Hallyn [email protected]