Is referencing the GPL in the package's README enough of a "license"?

Tom 'spot' Callaway tcallawa at redhat.com
Wed Mar 7 06:51:28 UTC 2007 

On Tue, 2007-03-06 at 22:13 -0800, Peter Gordon wrote:
> Hi, all.
> 
> I have a question about the legal status of a package I'm working on.
> I'm nearly done with writing a nice package of Tavis Ormandy's scanmem
> utility [1]. However, it contains no full license text, and the headers
> in the source files only contain author/version informations. The only
> reference to a license aside from what's on the website is that the
> README file (which I include as %doc) contains the following line:
> 
> 	License: GPL
> 
> Is this reference enough, or should I also include a full copy of the
> GPL as %doc as well? (If so, I'll email Tavis and bug him about
> including it in the tarball.)

So, here's the best answer that I have (IANAL, this is just what I've
picked up from observation):

The best way is for all of the source code to document the full license
(or if the full license is long, an abridged version) in a header
comment:

/* This code is under the Foo Bar License.
 * You may Foo with this license, or Bar if you choose.
 * Yadda, yadda, yadda, abridged license text here.
 */

The next best way is for the source code itself to refer to the license
in a dedicated file:

/* This code is under the Foo Bar License.
 * This code should have included a copy of the Foo Bar
 * License in LICENSE.
 */

If the code doesn't say what license it is under, strictly speaking, its
not legally under that license. Unfortunately, lots of code doesn't
license itself this way, so we have to assume the intent of the
author/authors.

When assuming the intent, we look for files called "COPYRIGHT" or
"LICENSE", that contain the full license text(s) for the code within the
software component.

Barring that, we look for README files that contain the full license
text(s) for the code within the software component.

Worst case scenario: There is nothing but a reference to the license on
a website in a README file (or COPYING/LICENSE).

Actually, worst case is when there is no documentation anywhere on the
license within the source tarball. Then we have to trust the website
distributing it. This is really not ok for Fedora.

The reference to the license is a good start, but its really not what
Fedora (or in this specific case, what the FSF) wants. Ask upstream if
they are willing to at least include a full copy of the license text(s)
in the tarball, if not reference/include in the source code.

See:
http://www.gnu.org/licenses/gpl.html#SEC4

(If for whatever reason they say no, you're not required to artificially
insert a copy of the GPL license text into the package. Depending on the
ilegal interpretation, this may introduce legal liability on you. You
need to decide whether you are comfortable with that or not. This is why
it is ideal for upstream to add it, so this is a non-issue. If upstream
says no, and you decide not to add it, but upstream clarifies that it is
indeed under the license noted in the README, you can put it in Fedora
as is.)

~spot

More information about the Fedora-maintainers mailing list