Re: SPDX-License-Identifier
On Tue, Feb 25, 2014 at 1:10 PM, One Thousand Gnomes
wrote:
> On Mon, 24 Feb 2014 06:26:52 -0800
> Greg Kroah-Hartman wrote:
>
>> On Mon, Feb 24, 2014 at 03:03:25PM +0100, Michal Simek wrote:
>> >
>> > BTW: Isn't this a good topic for kernel-summit? :-)
>>
>> No, lawyers don't go to the summit, developers do.
>
> More of a topic for the LF. Particularly as any attempt to touch license
> statements in existing drivers would end up needing the corporate lawyer
> of every rights holder on the planet for the file in question to be
> consulted, which is not I suspect going to happen!
That's gonna be a BIG Linux Lawyer Summit ;-)
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
On Mon, 24 Feb 2014 06:26:52 -0800 Greg Kroah-Hartman wrote: > On Mon, Feb 24, 2014 at 03:03:25PM +0100, Michal Simek wrote: > > > > BTW: Isn't this a good topic for kernel-summit? :-) > > No, lawyers don't go to the summit, developers do. More of a topic for the LF. Particularly as any attempt to touch license statements in existing drivers would end up needing the corporate lawyer of every rights holder on the planet for the file in question to be consulted, which is not I suspect going to happen! Alan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
On Mon, Feb 24, 2014 at 03:03:25PM +0100, Michal Simek wrote: > > BTW: Isn't this a good topic for kernel-summit? :-) No, lawyers don't go to the summit, developers do. -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
On 02/24/2014 02:41 PM, Theodore Ts'o wrote: > On Mon, Feb 24, 2014 at 11:12:53AM +0100, Michal Simek wrote: >>> But of course, I'm not a lawyer, and if your company has is paying for >>> the development of the driver, the Golden Rule applies (he who has the >>> Gold, makes the Rules), and each of our respective corporate lawyers >>> may have different opinions about what might happen if the question >>> was ever to be adjudicated in court. >> >> Aren't all these points already answered by SPDX project? >> I believe that they should know how this should be handled properly. > > The SPDX can not give legal advice; not to you, and not to your > company. One lawyer might believe that > > /* > * SPDX-License-Identifier: GPL-2.0 > */ > > Might be sufficient. Others might believe you need to do: > > /* > * Copyright Ty Coon, 2012. > * > * SPDX-License-Identifier: GPL-2.0 > */ > > Still others might believe you need at the very least: > > /* > * Copyright Ty Coon, 2012. > * > * All Rights Reserved. > * > * SPDX-License-Identifier: GPL-2.0 > */ Aren't these differences already present in the header? > > As far as I know, there is no case law on point about whether or not > SPDX-License-Identifier has legal significance, or whether the court > would consider that to be a valid copyright permission statement. So > any "answers" made by any lawyer would be guesses. Of course, an > guess by a lawyer which is retained by *you* or your company and fully > informed with the unique parameters of your situation would constitute > legal advice. Anything else, including anything any of us could say > on this mailing list, would be biovating. :-) I think make sense to wait for Wolfgang about his experience because I believe he has considered it before u-boot change. BTW: Isn't this a good topic for kernel-summit? :-) Thanks, Michal -- Michal Simek, Ing. (M.Eng), OpenPGP -> KeyID: FE3D1F91 w: www.monstr.eu p: +42-0-721842854 Maintainer of Linux kernel - Microblaze cpu - http://www.monstr.eu/fdt/ Maintainer of Linux kernel - Xilinx Zynq ARM architecture Microblaze U-BOOT custodian and responsible for u-boot arm zynq platform signature.asc Description: OpenPGP digital signature
Re: SPDX-License-Identifier
On Mon, Feb 24, 2014 at 11:12:53AM +0100, Michal Simek wrote: > > But of course, I'm not a lawyer, and if your company has is paying for > > the development of the driver, the Golden Rule applies (he who has the > > Gold, makes the Rules), and each of our respective corporate lawyers > > may have different opinions about what might happen if the question > > was ever to be adjudicated in court. > > Aren't all these points already answered by SPDX project? > I believe that they should know how this should be handled properly. The SPDX can not give legal advice; not to you, and not to your company. One lawyer might believe that /* * SPDX-License-Identifier: GPL-2.0 */ Might be sufficient. Others might believe you need to do: /* * Copyright Ty Coon, 2012. * * SPDX-License-Identifier: GPL-2.0 */ Still others might believe you need at the very least: /* * Copyright Ty Coon, 2012. * * All Rights Reserved. * * SPDX-License-Identifier: GPL-2.0 */ As far as I know, there is no case law on point about whether or not SPDX-License-Identifier has legal significance, or whether the court would consider that to be a valid copyright permission statement. So any "answers" made by any lawyer would be guesses. Of course, an guess by a lawyer which is retained by *you* or your company and fully informed with the unique parameters of your situation would constitute legal advice. Anything else, including anything any of us could say on this mailing list, would be biovating. :-) Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
On 02/21/2014 08:01 PM, Theodore Ts'o wrote: > On Fri, Feb 21, 2014 at 09:57:20AM -0800, Greg Kroah-Hartman wrote: >>> But shouldn't we at least write somewhere >>> that it has connection to spdx.org where you can find out that licenses. >> >> Why? Are these licenses so unknown that no one knows what they are? >> And, as part of the kernel-as-a-whole-work, they all resolve to GPLv2 >> anyway, and we have that license in the source tree, so nothing else >> should be needed. > > Note that not all lawyers are in agreement about this, so if this is a > driver being developed by a company, you may want to ask your > corporate counsel if they have an opinion about this. I've received > advice of the form that it's not obvious that regardless of whether or > not us *engineers* understand what all of the licensing terms mean, > what's important is whether someone who is accused of "borrowing" > GPL'ed code and dropping it in a driver for some other OS can convince > a judge whether or not it's considered "obvious" from a legal > perspective what an SPDX header means, and what is implied by an SPDX > license identifer. > > Also note that with the advent of web sites that allow people to do > web searches and turn up a singleton file via some gitweb interface, > the fact that the full license text is distributed alongside the > tarball might or might have as much legal significance as it once had. > > But of course, I'm not a lawyer, and if your company has is paying for > the development of the driver, the Golden Rule applies (he who has the > Gold, makes the Rules), and each of our respective corporate lawyers > may have different opinions about what might happen if the question > was ever to be adjudicated in court. Thanks Ted. Aren't all these points already answered by SPDX project? I believe that they should know how this should be handled properly. Thanks, Michal -- Michal Simek, Ing. (M.Eng), OpenPGP -> KeyID: FE3D1F91 w: www.monstr.eu p: +42-0-721842854 Maintainer of Linux kernel - Microblaze cpu - http://www.monstr.eu/fdt/ Maintainer of Linux kernel - Xilinx Zynq ARM architecture Microblaze U-BOOT custodian and responsible for u-boot arm zynq platform signature.asc Description: OpenPGP digital signature
Re: SPDX-License-Identifier
On Fri, Feb 21, 2014 at 09:57:20AM -0800, Greg Kroah-Hartman wrote: > > But shouldn't we at least write somewhere > > that it has connection to spdx.org where you can find out that licenses. > > Why? Are these licenses so unknown that no one knows what they are? > And, as part of the kernel-as-a-whole-work, they all resolve to GPLv2 > anyway, and we have that license in the source tree, so nothing else > should be needed. Note that not all lawyers are in agreement about this, so if this is a driver being developed by a company, you may want to ask your corporate counsel if they have an opinion about this. I've received advice of the form that it's not obvious that regardless of whether or not us *engineers* understand what all of the licensing terms mean, what's important is whether someone who is accused of "borrowing" GPL'ed code and dropping it in a driver for some other OS can convince a judge whether or not it's considered "obvious" from a legal perspective what an SPDX header means, and what is implied by an SPDX license identifer. Also note that with the advent of web sites that allow people to do web searches and turn up a singleton file via some gitweb interface, the fact that the full license text is distributed alongside the tarball might or might have as much legal significance as it once had. But of course, I'm not a lawyer, and if your company has is paying for the development of the driver, the Golden Rule applies (he who has the Gold, makes the Rules), and each of our respective corporate lawyers may have different opinions about what might happen if the question was ever to be adjudicated in court. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
On Fri, Feb 21, 2014 at 06:26:08PM +0100, Michal Simek wrote: > On 02/21/2014 05:56 PM, Greg Kroah-Hartman wrote: > > On Fri, Feb 21, 2014 at 10:20:45AM -0600, Felipe Balbi wrote: > >> Hi, > >> > >> On Fri, Feb 21, 2014 at 05:18:39PM +0100, Michal Simek wrote: > >>> On 02/21/2014 05:12 PM, Felipe Balbi wrote: > On Fri, Feb 21, 2014 at 05:04:26PM +0100, Michal Simek wrote: > > On 02/21/2014 05:04 PM, Greg Kroah-Hartman wrote: > >> On Fri, Feb 21, 2014 at 07:38:16AM +0100, Michal Simek wrote: > >>> BTW: u-boot started to use SPDX-License-Identifier > >>> which will be nice to start to use. > >> > >> I agree, feel free to start sending patches to use this type of > >> identifier for drivers. > > > > But we probably need to add that Licenses to one location. > > Documentation/Licenses? > > Just add to the drivers themselves, just like u-boot is doing. A simple: > > $ git grep -e SPDX-License-Identifier > > will tell you filename and license. Or did I misunderstand your question > ? > >>> > >>> But for doing this it is probably necessary to have location where > >>> you will place that licenses and you will explain what it is how > >>> it is done by Wolfgang in this commit. > >>> > >>> http://git.denx.de/?p=u-boot.git;a=commitdiff;h=eca3aeb352c964bdb28b8e191d6326370245e03f > >>> > >>> Then yes, adding one line is enough. > >> > >> spdx.org has all licenses, why don't we just rely on that instead of > >> adding every other license to the kernel source ? > > > > Yes, all that will be acceptable is a one-line identifier in the file. > > No need to have all the different licenses in the kernel source, that's > > crazy and not needed at all. > > > > I've told the SPDX people this in the past, and they keep promising that > > they will do the comment work, but it's been months and I have yet to > > see a single patch... > > But shouldn't we at least write somewhere > that it has connection to spdx.org where you can find out that licenses. Why? Are these licenses so unknown that no one knows what they are? And, as part of the kernel-as-a-whole-work, they all resolve to GPLv2 anyway, and we have that license in the source tree, so nothing else should be needed. greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
On 02/21/2014 05:56 PM, Greg Kroah-Hartman wrote: > On Fri, Feb 21, 2014 at 10:20:45AM -0600, Felipe Balbi wrote: >> Hi, >> >> On Fri, Feb 21, 2014 at 05:18:39PM +0100, Michal Simek wrote: >>> On 02/21/2014 05:12 PM, Felipe Balbi wrote: On Fri, Feb 21, 2014 at 05:04:26PM +0100, Michal Simek wrote: > On 02/21/2014 05:04 PM, Greg Kroah-Hartman wrote: >> On Fri, Feb 21, 2014 at 07:38:16AM +0100, Michal Simek wrote: >>> BTW: u-boot started to use SPDX-License-Identifier >>> which will be nice to start to use. >> >> I agree, feel free to start sending patches to use this type of >> identifier for drivers. > > But we probably need to add that Licenses to one location. > Documentation/Licenses? Just add to the drivers themselves, just like u-boot is doing. A simple: $ git grep -e SPDX-License-Identifier will tell you filename and license. Or did I misunderstand your question ? >>> >>> But for doing this it is probably necessary to have location where >>> you will place that licenses and you will explain what it is how >>> it is done by Wolfgang in this commit. >>> >>> http://git.denx.de/?p=u-boot.git;a=commitdiff;h=eca3aeb352c964bdb28b8e191d6326370245e03f >>> >>> Then yes, adding one line is enough. >> >> spdx.org has all licenses, why don't we just rely on that instead of >> adding every other license to the kernel source ? > > Yes, all that will be acceptable is a one-line identifier in the file. > No need to have all the different licenses in the kernel source, that's > crazy and not needed at all. > > I've told the SPDX people this in the past, and they keep promising that > they will do the comment work, but it's been months and I have yet to > see a single patch... But shouldn't we at least write somewhere that it has connection to spdx.org where you can find out that licenses. I have no problem to use this one-line identifier at all. Thanks, Michal -- Michal Simek, Ing. (M.Eng), OpenPGP -> KeyID: FE3D1F91 w: www.monstr.eu p: +42-0-721842854 Maintainer of Linux kernel - Microblaze cpu - http://www.monstr.eu/fdt/ Maintainer of Linux kernel - Xilinx Zynq ARM architecture Microblaze U-BOOT custodian and responsible for u-boot arm zynq platform signature.asc Description: OpenPGP digital signature
Re: SPDX-License-Identifier
On Fri, Feb 21, 2014 at 10:20:45AM -0600, Felipe Balbi wrote: > Hi, > > On Fri, Feb 21, 2014 at 05:18:39PM +0100, Michal Simek wrote: > > On 02/21/2014 05:12 PM, Felipe Balbi wrote: > > > On Fri, Feb 21, 2014 at 05:04:26PM +0100, Michal Simek wrote: > > >> On 02/21/2014 05:04 PM, Greg Kroah-Hartman wrote: > > >>> On Fri, Feb 21, 2014 at 07:38:16AM +0100, Michal Simek wrote: > > BTW: u-boot started to use SPDX-License-Identifier > > which will be nice to start to use. > > >>> > > >>> I agree, feel free to start sending patches to use this type of > > >>> identifier for drivers. > > >> > > >> But we probably need to add that Licenses to one location. > > >> Documentation/Licenses? > > > > > > Just add to the drivers themselves, just like u-boot is doing. A simple: > > > > > > $ git grep -e SPDX-License-Identifier > > > > > > will tell you filename and license. Or did I misunderstand your question ? > > > > But for doing this it is probably necessary to have location where > > you will place that licenses and you will explain what it is how > > it is done by Wolfgang in this commit. > > > > http://git.denx.de/?p=u-boot.git;a=commitdiff;h=eca3aeb352c964bdb28b8e191d6326370245e03f > > > > Then yes, adding one line is enough. > > spdx.org has all licenses, why don't we just rely on that instead of > adding every other license to the kernel source ? Yes, all that will be acceptable is a one-line identifier in the file. No need to have all the different licenses in the kernel source, that's crazy and not needed at all. I've told the SPDX people this in the past, and they keep promising that they will do the comment work, but it's been months and I have yet to see a single patch... greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SPDX-License-Identifier
Hi, On Fri, Feb 21, 2014 at 05:18:39PM +0100, Michal Simek wrote: > On 02/21/2014 05:12 PM, Felipe Balbi wrote: > > On Fri, Feb 21, 2014 at 05:04:26PM +0100, Michal Simek wrote: > >> On 02/21/2014 05:04 PM, Greg Kroah-Hartman wrote: > >>> On Fri, Feb 21, 2014 at 07:38:16AM +0100, Michal Simek wrote: > BTW: u-boot started to use SPDX-License-Identifier > which will be nice to start to use. > >>> > >>> I agree, feel free to start sending patches to use this type of > >>> identifier for drivers. > >> > >> But we probably need to add that Licenses to one location. > >> Documentation/Licenses? > > > > Just add to the drivers themselves, just like u-boot is doing. A simple: > > > > $ git grep -e SPDX-License-Identifier > > > > will tell you filename and license. Or did I misunderstand your question ? > > But for doing this it is probably necessary to have location where > you will place that licenses and you will explain what it is how > it is done by Wolfgang in this commit. > > http://git.denx.de/?p=u-boot.git;a=commitdiff;h=eca3aeb352c964bdb28b8e191d6326370245e03f > > Then yes, adding one line is enough. spdx.org has all licenses, why don't we just rely on that instead of adding every other license to the kernel source ? cheers -- balbi signature.asc Description: Digital signature
Re: SPDX-License-Identifier
On 02/21/2014 05:12 PM, Felipe Balbi wrote: > On Fri, Feb 21, 2014 at 05:04:26PM +0100, Michal Simek wrote: >> On 02/21/2014 05:04 PM, Greg Kroah-Hartman wrote: >>> On Fri, Feb 21, 2014 at 07:38:16AM +0100, Michal Simek wrote: BTW: u-boot started to use SPDX-License-Identifier which will be nice to start to use. >>> >>> I agree, feel free to start sending patches to use this type of >>> identifier for drivers. >> >> But we probably need to add that Licenses to one location. >> Documentation/Licenses? > > Just add to the drivers themselves, just like u-boot is doing. A simple: > > $ git grep -e SPDX-License-Identifier > > will tell you filename and license. Or did I misunderstand your question ? But for doing this it is probably necessary to have location where you will place that licenses and you will explain what it is how it is done by Wolfgang in this commit. http://git.denx.de/?p=u-boot.git;a=commitdiff;h=eca3aeb352c964bdb28b8e191d6326370245e03f Then yes, adding one line is enough. Thanks, Michal -- Michal Simek, Ing. (M.Eng), OpenPGP -> KeyID: FE3D1F91 w: www.monstr.eu p: +42-0-721842854 Maintainer of Linux kernel - Microblaze cpu - http://www.monstr.eu/fdt/ Maintainer of Linux kernel - Xilinx Zynq ARM architecture Microblaze U-BOOT custodian and responsible for u-boot arm zynq platform signature.asc Description: OpenPGP digital signature
