Re: [ptxdist] [PATCH 00/34] License updates
Hi, Thanks for this series. I've looked at all of the patches now and I've done some checking that this makes sense. I've had comments for some of them. I'm currently running build tests for the rest (this is mostly to check that the md5sums are ok). These should hit master soon. I hope I got all of them, but you should probably rebase your brach once I've pushed the initial batch. Michael On Fri, May 10, 2019 at 11:24:00AM +0200, Alexander Dahl wrote: > I reviewed lots of packages for licensing issues and this patch series > is the outcome. There are basically three types of patches: > > 1) Add license information where it was missing > 2) Add license file hashes for otherwise already correct packages > 3) Fix license information where the given licenses are/became wrong > 4) Combinations of the above > > When mistakes were traceable to specific changesets, I added Fixes: > lines and the original author in Cc. This is not meant to offend > anyone, but to get a second opinion or review. This legal stuff is > hard, I get headaches from this. This is also why some commit messages > are longer than others. > > Please review these patches carefully, I'm no lawyer. Some small > upstream projects make it easy to check each file, some would require > to inspect over 100 source files, if you want to do it right. Almost > none so far uses those still quite new SPDX license identifiers in the > file headers (sudo does in a version not yet available in ptxdist). > > Some patches contain additional notes with remarks or questions. > > Thanks to Roland Hieber for his SPDX matching tool [1], which made all > this a lot easier. You should however not solely depend on that tool, > but have a look into the current SPDX license list [3] and exceptions > [4]. > > Also helpful was the Debian project. They carry detailed copyright > information with their packages (well, most of them), e.g.: > > https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.33.1-0.1_copyright > > And I also had a look on the license information the buildroot project > [2] has in its packages. Maybe someone wants to send them patches as > well. ;-) > > Some additional notes on which packages should be reviewed and > probably updated: > > * U-Boot > * util-linux-ng > > Let me know, if I should reorder or change or squash something, but I > would also be happy, if just a subset would be applied. > > Greets > Alex > > P.S.: For people enjoying a long read about this whole license mess, > here you go: https://invisible-island.net/ncurses/ncurses-license.html > > P.P.S.: If you did not already know, the FSFE started the REUSE > initiative to make all this somewhat easier, so if you're an upstream > developer, have a look: https://reuse.software/ > > [1] https://github.com/rohieb/spdx-license-match > [2] https://buildroot.org/ > [3] https://spdx.org/licenses/ > [4] https://spdx.org/licenses/exceptions-index.html -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0| Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917- | ___ ptxdist mailing list ptxdist@pengutronix.de
[ptxdist] [PATCH 00/34] License updates
Hei hei, I reviewed lots of packages for licensing issues and this patch series is the outcome. There are basically three types of patches: 1) Add license information where it was missing 2) Add license file hashes for otherwise already correct packages 3) Fix license information where the given licenses are/became wrong 4) Combinations of the above When mistakes were traceable to specific changesets, I added Fixes: lines and the original author in Cc. This is not meant to offend anyone, but to get a second opinion or review. This legal stuff is hard, I get headaches from this. This is also why some commit messages are longer than others. Please review these patches carefully, I'm no lawyer. Some small upstream projects make it easy to check each file, some would require to inspect over 100 source files, if you want to do it right. Almost none so far uses those still quite new SPDX license identifiers in the file headers (sudo does in a version not yet available in ptxdist). Some patches contain additional notes with remarks or questions. Thanks to Roland Hieber for his SPDX matching tool [1], which made all this a lot easier. You should however not solely depend on that tool, but have a look into the current SPDX license list [3] and exceptions [4]. Also helpful was the Debian project. They carry detailed copyright information with their packages (well, most of them), e.g.: https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.33.1-0.1_copyright And I also had a look on the license information the buildroot project [2] has in its packages. Maybe someone wants to send them patches as well. ;-) Some additional notes on which packages should be reviewed and probably updated: * U-Boot * util-linux-ng Let me know, if I should reorder or change or squash something, but I would also be happy, if just a subset would be applied. Greets Alex P.S.: For people enjoying a long read about this whole license mess, here you go: https://invisible-island.net/ncurses/ncurses-license.html P.P.S.: If you did not already know, the FSFE started the REUSE initiative to make all this somewhat easier, so if you're an upstream developer, have a look: https://reuse.software/ [1] https://github.com/rohieb/spdx-license-match [2] https://buildroot.org/ [3] https://spdx.org/licenses/ [4] https://spdx.org/licenses/exceptions-index.html Alexander Dahl (34): at: Add license identifiers and hashes at91bootstrap: Add license information boost: Add license file hash busybox: Add license file hash libnl3: Fix license and add license hash dropbear: Add license information figlet: Fix license and add license file hashes flex: Fix license and add license file hash json-c: Add license file hash coreutils: Add license file hash libarchive: Add license file hash libfaketime: Add license file hash libgmp: Fix license libgmp: Add license file hashes libmnl: Fix license and add license file hashes libmodbus3: Fix license and add license file hashes libnet: Add license information libnftnl: Fix license and add license file hash libpcap: Fix license and add license file hash libpopt: Add license file hash libxml2: Fix license and add license file hash lighttpd: Fix licenses and add more license file hashes lm_sensors: Add license file hashes log4cplus: Fix licenses and add license file hash mtd-utils: Add license file hash ncurses: Use 'COPYING' for license file hash net-snmp: Fix licenses and add license file hash nftables: Add license file hash opkg: Add license file hash readline: Add license file hash rt-tests: Fix licenses and add license file hash sudo: Fix licenses and add license file hash tree: Fix licenses and add license file hashes u-boot-tools: Fix licenses and add license file hashes rules/at.make| 5 - rules/at91bootstrap.make | 4 rules/boost.make | 1 + rules/busybox.make | 1 + rules/coreutils.make | 1 + rules/dropbear.make | 2 ++ rules/figlet.make| 8 +++- rules/flex.make | 3 ++- rules/json-c.make| 1 + rules/libarchive.make| 1 + rules/libfaketime.make | 1 + rules/libgmp.make| 7 ++- rules/libmnl.make| 3 ++- rules/libmodbus3.make| 5 - rules/libnet.make| 2 ++ rules/libnftnl.make | 3 ++- rules/libnl3.make| 4 +++- rules/libpcap.make | 3 ++- rules/libpopt.make | 1 + rules/libxml2.make | 4 +++- rules/lighttpd.make | 7 +-- rules/lm_sensors.make| 3 +++ rules/log4cplus.make | 3 ++- rules/mtd-utils.make | 2 ++ rules/ncurses.make | 3 +-- rules/net-snmp.make | 3 ++- rules/nftables.make | 1 + rules/opkg.make | 1 + rules/readline.make | 1 + rules/rt-tests.make | 3 ++- rules/sudo.make | 3 ++- rules/tree.make | 5 - rules/u-boot-tools.make | 5 - 33 files changed, 80 insertions(+), 20
