Michael, I noticed some of the files had Apache 2.0 license and then you added content under BSD-2-Clause-Patent. Why wouldn't you continue with the original Apache 2.0 license?
Also, I am not sure if you can replace the license text with the SPDX identifier if the original file had the text. I know TianoCore did a license change, but we had to get approval from all contributors. Thanks, Mike > -----Original Message----- > From: Laszlo Ersek <ler...@redhat.com> > Sent: Tuesday, October 31, 2023 10:22 AM > To: Michael Kubacki <mikub...@linux.microsoft.com>; > devel@edk2.groups.io; Kinney, Michael D <michael.d.kin...@intel.com>; > 'Leif Lindholm' <quic_llind...@quicinc.com>; 'Andrew Fish' > <af...@apple.com> > Cc: 'Sean Brogan' <sean.bro...@microsoft.com>; Gerd Hoffmann > <kra...@redhat.com>; Oliver Steffen <ostef...@redhat.com> > Subject: Re: [edk2-devel] CodeQL and Apache Licensed Files > > On 10/31/23 17:07, Michael Kubacki wrote: > > On 10/28/2023 7:51 AM, Laszlo Ersek wrote: > >> On 10/27/23 23:11, Michael Kubacki wrote: > >>> I'd like to bring attention to Apache License 2.0 code in the > CodeQL > >>> series I sent to the mailing list for steward review. > >>> > >>> In particular, the files in the BaseTools/Plugin/CodeQL/analyze > >>> directory of this patch: > >>> > >>> https://edk2.groups.io/g/devel/message/109696 > >>> > >>> Please let me know if any next steps are needed. > >> > >> (1) I don't know if edk2 accepts contributions under Apache License > 2.0; > >> just want to point out that this license is acceptable in Fedora > (and so > >> RHEL too), per > >> <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>. > Assuming > >> we're talking about "Apache Software License 2.0". > >> > > A few submodules are using the Apache License 2.0. > > > > For example, OpenSSL v3: > > > > - https://www.openssl.org/source/license.html > > - > https://git.openssl.org/?p=openssl.git;a=blob_plain;f=LICENSE.txt;hb=H > EAD > > > > And cmoocka: > > > > - https://gitlab.com/cmocka/cmocka/-/blob/master/COPYING > > Thanks for identifying those! > > > > > I'm unaware if there was precedent specific to submodules, but I'd > > expect terms like redistribution clauses to already apply regardless > of > > tooling used to acquire the source code into the project. > > I believe the same. > > > > >> (2) Should we extend "License Details" and "Code Contributions" in > >> "ReadMe.rst"? > >> > > My initial thought was to add the path > (BaseTools\Plugin\CodeQL\analyze) > > to "License Details". > > > > Was that all that you had in mind or to elaborate further in that > > section on the licenses used/allowed? > > - Under "License Details", simply list BaseTools/Plugin/CodeQL/analyze > as one of the "components" (i.e., first list) that use a "additional > licenses". > > - Under "Code Contributions", we should list "Apache Software License > 2.0" as acceptable -- both for this new feature, and for the *already* > upstream stuff that you found above. > > > > >> (3) Should the new files (under Apache License 2.0) use an SPDX > >> identifier tag, for easy greppability? > >> > > I'd be happy to add that. > > That's a relief, I didn't know whether you could touch up the license > blocks! > > Thanks! > Laszlo > > > > >> (4) With the addition, downstream packages (such as RPMs in Fedora > and > >> RHEL) might want to spell out the short SPDX identifier of the new > >> license too in their License: tags. > >> > >> Laszlo > >> > >> > >> > >> > >> > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110441): https://edk2.groups.io/g/devel/message/110441 Mute This Topic: https://groups.io/mt/102230244/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
