[dm-devel] multipath-tools licenses (was Re: [PATCH] multipath-tools: replace FSF address with a www pointer)
Xose Vazquez Perez
xose.vazquez at gmail.com
Fri Apr 6 16:10:48 UTC 2018
On 03/28/2018 05:14 PM, Martin Wilck wrote:
> On Wed, 2018-03-28 at 00:24 +0200, Xose Vazquez Perez wrote:
> Multiple licenses are acceptable for multipath-tools, too. Yet we need
> to understand, and clearly communicate, which license applies to which
> source file, and what that means for the binaries and libraries that
> are part of the package. And, needless to say, reducing the number of
> licenses and getting rid of the obsolete LGPL-2.0 would simplify
> matters significantly, both for us and other parties.
It would be nice to have the old cvs repo, from 2003-09-18 multipath-0.0.1 to
2005-05-23 multipath-tools-0.4.5, online. Or converted to git.
>> And the SPDX License Identifier is being used:
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr
>> ee/Documentation/process/license-rules.rst
>
> Yeah, it's probably a good idea to do that. I'm not sure if it should
> replace the boilerplate license header or just be added on top of it.
> Either way, when we do this, we should make sure that we understand
> which license covers the individual files, in particular those that
> currently have no license header. We're assuming that these are covered
> by COPYING, but is that actually true for all 130+ files?
>
> This shouldn't be taken too lightly. Assume you add an "LGPL-2.1" SPDX
> header to some file. Company X links to the file in it's proprietary
> product. Later, company Y finds some of its own GPL-2.0 licensed code
> in the same file and sues X over 100 million for GPL breakage. Now X
> claims the money back from the person who inserted the misleading
> license header in the file ...
>
> That sounds paranoid and exaggerated, but I've heard exactly arguments
> like this in discussions about proprietary software using FLOSS. It's
> the kind of thing Black Duck and similar companies make money with.
Kernel guys are replacing boiler plate text with a SPDX tag.
I suppose, by advice and with assistance of the lawyers of The Linux Foundation.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b24413180f5600bcb3bb70fbed5cf186b60864bd
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a04c7278d3042cb30c8a66197d900209a4f2417c
This template could be good enough and neat for multipath-tools:
// SPDX-License-Identifier: <licence(s)>
// File-Originally-From: <project name and <url>>
// <a copyright indicator> <year(s) applicable>, <copyright holder(s)>.
// Author(s): <Name and <e-mail>>
// ...
e.g.
// SPDX-License-Identifier: GPL-2.0-or-later
// File-Originally-From: linux-tool <http://linux-tool.org>
// Copyright 1999, 2001-2018, Foo Corp.
// Author(s): Bar <bar at foo.org>
More information about the dm-devel
mailing list