[dm-devel] multipath-tools licenses (was Re: [PATCH] multipath-tools: replace FSF address with a www pointer)
Martin Wilck
mwilck at suse.com
Wed Mar 28 15:14:28 UTC 2018
On Wed, 2018-03-28 at 00:24 +0200, Xose Vazquez Perez wrote:
> On 03/26/2018 06:07 PM, Benjamin Marzinski wrote:
>
> > If we can limit the project to two (or if necessary 3) licenses, we
> > can
> > just include all the license files, and explain what applies to
> > what
> > in the README. I haven't really looked at how other projects that
> > have
> > multiple licenses for parts of their code do things, so perhaps
> > there is
> > a more standard way.
>
> Multiple licences, for modules, are accepted in the Linux kernel:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr
> ee/include/linux/module.h#n171
Multiple licenses are acceptable for multipath-tools, too. Yet we need
to understand, and clearly communicate, which license applies to which
source file, and what that means for the binaries and libraries that
are part of the package. And, needless to say, reducing the number of
licenses and getting rid of the obsolete LGPL-2.0 would simplify
matters significantly, both for us and other parties.
> And the SPDX License Identifier is being used:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr
> ee/Documentation/process/license-rules.rst
Yeah, it's probably a good idea to do that. I'm not sure if it should
replace the boilerplate license header or just be added on top of it.
Either way, when we do this, we should make sure that we understand
which license covers the individual files, in particular those that
currently have no license header. We're assuming that these are covered
by COPYING, but is that actually true for all 130+ files?
This shouldn't be taken too lightly. Assume you add an "LGPL-2.1" SPDX
header to some file. Company X links to the file in it's proprietary
product. Later, company Y finds some of its own GPL-2.0 licensed code
in the same file and sues X over 100 million for GPL breakage. Now X
claims the money back from the person who inserted the misleading
license header in the file ...
That sounds paranoid and exaggerated, but I've heard exactly arguments
like this in discussions about proprietary software using FLOSS. It's
the kind of thing Black Duck and similar companies make money with.
Regards
Martin
--
Dr. Martin Wilck <mwilck at suse.com>, Tel. +49 (0)911 74053 2107
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
More information about the dm-devel
mailing list