From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Date: Thu, 10 Oct 2019 11:54:09 +0200 From: Roland Hieber Message-ID: <20191010095409.hcyhlggjvlyutsyt@pengutronix.de> References: <1570564910-29185-1-git-send-email-apr@cn-eng.de> <1570564910-29185-3-git-send-email-apr@cn-eng.de> <20191009082202.dxfxkayiq2tkrezh@pengutronix.de> <1be7ada837de247acec740d265b7c029bcd6e95b.camel@cn-eng.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1be7ada837de247acec740d265b7c029bcd6e95b.camel@cn-eng.de> Subject: Re: [ptxdist] [PATCH 2/2] libnl3: fix license identifier (GPL-2.0-only -> LGPL-2.1-only) List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: Andreas Pretzsch Cc: ptxdist@pengutronix.de On Wed, Oct 09, 2019 at 11:46:15PM +0200, Andreas Pretzsch wrote: > On Wed, 2019-10-09 at 10:22 +0200, Roland Hieber wrote: > > On Tue, Oct 08, 2019 at 10:01:50PM +0200, Andreas Pretzsch wrote: > > > One of the changes 3.4.0 -> 3.5.0 was to add SPDX tags all > > > across the source files. They are now tagged as LGPL-2.1-only. > > > > > > The lib code itself had written LGPL-2.1-only headers already, > > > as did most of the commandline tools (src/nf-* and src/nl-*). > > > Very few of the cli tools have written GPL-2.0-only headers > > > even now, but the LGPL-2.1-only SPDX tag was added there also. > > > But given the use of those cli tools, and the meaning of LGPL > > > for regular executables, they are probably fine as LGPL, too. > > > > > > For details, see https://github.com/thom311/libnl/pull/219 > > > It was accepted mainline as commit cee0b1b 'Add SPDX identifiers'. > > > > > > Therefore update the license tag in the rule to follow mainline. > > > > > > Signed-off-by: Andreas Pretzsch > > > --- > > > rules/libnl3.make | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/rules/libnl3.make b/rules/libnl3.make > > > index 153c7b80e..5b3af0065 100644 > > > --- a/rules/libnl3.make > > > +++ b/rules/libnl3.make > > > @@ -22,7 +22,7 @@ LIBNL3_SUFFIX := tar.gz > > > LIBNL3_URL := > > > https://github.com/thom311/libnl/releases/download/$(LIBNL3_RELEASE)/$(LIBNL3).$(LIBNL3_SUFFIX > > > ) > > > LIBNL3_SOURCE := $(SRCDIR)/$(LIBNL3).$(LIBNL3_SUFFIX) > > > LIBNL3_DIR := $(BUILDDIR)/$(LIBNL3) > > > -LIBNL3_LICENSE := GPL-2.0-only > > > +LIBNL3_LICENSE := LGPL-2.1-only > > > > It's also a good idea to add > > LIBNL3_LICENSE_FILES := > > file://COPYING;md5=4fbd65380cdd255951079008b364516c > > so we get a hint where the license is and when it changes again. > > Well, this won't help here. As we have seen with this mixup. > Which is why I am not a fan of this approach for the normal case, > redundant at best, misleading at worst, like here... > > > > I threw licensecheck [1] at the code. There a few files which have > > comments identifying them as GPL-2.0-only, but also now have a > > "SPDX-License-Identifier: LGPL-2.1-only" tag: > > > > ./src/idiag-socket-details.c GPL (v2) > > ./src/nl-addr-add.c GPL (v2) > > ./src/nl-addr-delete.c GPL (v2) > > ./src/nl-addr-list.c GPL (v2) > > ./src/nl-cls-add.c GPL (v2) > > Essentially, these are short examples feeding command line arguments > into library functions or dumps their result verbatim, using lib calls. > So the threshold of originality is questionable anyway. > But in a strict view, they are GPLv2-only, not LGPL, correct. > And yes, they are installed and usable on the system. > > Still, from a ptxdist point of view, the result is quite the > same. Components distributed are under a copyleft license, with the > known consequences. Which are the same in this case. For ptxdist users. > If somebody takes above example/cli code and modifies it / includes it > in own code, different story. The first thing to note (and care about) > for this person would be the header in the source. Not ptxdist's issue. > > Which is why I went the way of repeating upstreams pragmatic (and > somewhat sloppy, given) solution. > > Of course, an upstream fix would be best. > > > > as well as several files in ./include/linux-private/linux/, which are > > GPL-2.0 WITH Linux-syscall-note or GPL-2.0+ WITH Linux-syscall-note > > (obviously copied from the kernel, although I don't understand why). > > Which essentially says "This is an API. You need it to use Linux. Take > it and use it, it has no license effect on your code.". > Whatever Oracle dreamed of, back in the days... > > So I tend to not mention these extra, for a ptxdist package license > tag. > > But again, I'm not authoritative here. Neither by legal expertise (I am > not a lawyer, esp. not an IP one), not by decision. > > > > ./lib/xfrm and ./include/netlink/ are BSD-3-Clause. > > Sorry, I meant ./lib/xfrm/* and ./include/netlink/xfrm/* > > Ok, these are really annoying. And we probably need to care. > While BSD-3 can be included in GPL just fine, the copyright notice has > to be included in the distributed license book. Including the copyright > holder (here: Texas Instruments), to my knowledge. At least we did so > before. > > And this is probably nothing upstream can easily fix (like the GPL/LGPL > mixup), I guess. > > Didn't see those, thanks for bringing it up ! > > > > So I guess until we can argue that those files don't make it into a > > compiled binary, > > They will. They are installed as libnl-xfrm-3 as far as I can see. > > > the license statement should be > > LGPL-2.1-only AND GPL-2.0-only AND GPL-2.0 WITH Linux-syscall-note > > and GPL-2.0+ WITH Linux-syscall-note and BSD-3-Clause. > > Plus a LIBNL3_LICENSE_FILES tag for at least one of the BSD-3 files. > If we want to go this route. What a PITA... > Someone please remind me why I decided for engineering as profession? > > > Now, how to proceed... > > a) blow up the license tag as above (5 lics + bsd-file-header) > b) keep LGPL-2.1-only (following upstream), add bsd-file-header > [ and try to get GPL/LGPL fixed upstream, for next release ] I think the fixup patch from Michael just now is already the most appropriate choice here. Upstream knows about the GPL-2.0 issue in the tools, so there is nothing left for us to do here except wait for a fix and a release. This is not the first package where the LICENSE file says different things than the source files... :) - Roland > > Honestly, I don't know. > I tend to b), but IANAL and ptx has to decide finally. > > Roland, Michael, Alexander, what do you think ? > > Roland, you can update this before 2019.10 release ? > You're closest to source... > > Best regards, > Andreas > > -- > > carpe noctem engineering > Ingenieurbuero fuer Hard- & Software-Entwicklung Andreas Pretzsch > Dipl.-Ing. (FH) Andreas Pretzsch Tel. +49-(0)7307-936088-1 > Lange Strasse 28a Fax: +49-(0)7307-936088-9 > 89250 Senden, Germany email: apr@cn-eng.de > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Roland Hieber | r.hieber@pengutronix.de | Pengutronix e.K. | https://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5086 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de