Re: [yocto] Yet another LIC_FILES_CHKSUM question
On Wed, Jun 12, 2013 at 10:38 PM, Flanagan, Elizabeth
elizabeth.flana...@intel.com wrote:
On Wed, Jun 12, 2013 at 1:06 PM, Hans Beckerus hans.becke...@gmail.com
wrote:
On 2013-06-12 7:55, Flanagan, Elizabeth wrote:
On Wed, Jun 12, 2013 at 6:05 AM, Hans Beckérus hans.becke...@gmail.com
wrote:
In what way does LIC_FILES_CHKSUM correlate to what is specified in
LICENSE?
LIC_FILES_CHKSUM *must* be specified unless LICENSE is set to CLOSED.
But, what if the package does not itself provide a license type file?
Is it then ok to simply leave LIC_FILES_CHKSUM = ?
That's kind of a tricky situation. I'm not a lawyer, but I haven't
actually seen an actual instance where there was a stated open source
license that wasn't also in the source. If there is then the correct
path is to probably put actual license text in the upstream as I can
imagine all sorts of legal issues with this. Any lawyers care to field
this on?
-b
Hi Elizabeth, I understand you are not a lawyer ;) I did not really expect
one either.
Let's tweak the question into something slightly different. Assume that
LICENSE is saying eg. GPLv2, but the COPYING file provided by the package
says GPLv3? Iow, there is a mismatch between the what the recipe says and
what the package tells you.
Ah, in that case, the LICENSE is obviously incorrect and the recipe
should be patched, right?
I am a little bit confused to how LICENSE and LIC_FILES_CHKSUM really works
together? Why do we need two different ways of telling what license we use
or actually expect?
This is a way for us to tell that the LICENSE may have changed. If the
text of the license files in LIC_FILES_CHKSUM change, something
happened that needs to be looked at.
Or is LICENSE checked against the files pointed to by
LIC_FILES_CHKSUM? Should it not always be the file(s) stored in the upstream
package that dictates what license should be applied?
They are, but there are a few problems with this
1. Figuring out license automatically is an interesting and kind of
time consuming issue. COPYING isn't *always* the license information.
We've got source that has license information in headers, in COPYING,
in LICENSE, in a lot of places and figuring out is a file contains
license information without a common portable data exchange is kind of
hard (license people see where I'm going here ;) )..
2. This is one of the reasons that Matt Germonprez and a team of
people at the University of Nebraska Omaha are working on implementing
some tooling around SPDX within the project (for more on SPDX see:
www.spdx.org). We need a way to do deep inspection of source as well
as recognize when the upstream has implemented an SPDX file. This
should be implemented in the 1.5 time frame.
So, in a nutshell, scanning for license during every build is time
consuming. We want to do it once, improve the LICENSE data where we
can, and utilize LIC_FILES_CHKSUM to help maintain it, running our
SPDX utilities now and then to be able to find new licenses added that
LIC_FILES_CHKSUM may not know about.
-b
Great! Thanks for the elaborate answer. No confusion there ;)
Btw, would it be possible to apply the patch in some later Yocto
release. We currently do a lot of work in Erlang and the Erlang Public
License is used in many packages. Would be nice to be able to
reference the license with a similar syntax as for e.g. GPL.
Hans
Also, I could see that there was an Erlang Public License file
available in poky. But the file is named ErlPL-1.1 and there were no
maps attached to it, this patch will add that.
Hans
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 3cb143c..ffed997 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -101,9 +101,14 @@ SPDXLICENSEMAP[AFL-1] = AFL-1.2
SPDXLICENSEMAP[AFLv2] = AFL-2.0
SPDXLICENSEMAP[AFLv1] = AFL-1.2
+#Erlang variations
+SPDXLICENSEMAP[ErlPLv1.1] = ErlPL-1.1
+SPDXLICENSEMAP[ErlPL1.1] = ErlPL-1.1
+
#Other variations
SPDXLICENSEMAP[EPLv1.0] = EPL-1.0
+
# Additional license directories. Add your custom licenses
directories this path.
# LICENSE_PATH += ${COREBASE}/custom-licenses
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
--
Elizabeth Flanagan
Yocto Project
Build and Release
On Wed, Jun 12, 2013 at 10:38 PM, Flanagan, Elizabeth
elizabeth.flana...@intel.com wrote:
On Wed, Jun 12, 2013 at 1:06 PM, Hans Beckerus hans.becke...@gmail.com
wrote:
On 2013-06-12 7:55, Flanagan, Elizabeth wrote:
On Wed, Jun 12, 2013 at 6:05 AM, Hans Beckérus hans.becke...@gmail.com
wrote:
In what way does LIC_FILES_CHKSUM correlate to what is specified in
LICENSE?
LIC_FILES_CHKSUM *must* be specified unless LICENSE is set to CLOSED.
But, what if the package does not itself provide a license type file?
Is it then ok to simply leave LIC_FILES_CHKSUM = ?
That's kind of
[yocto] Yet another LIC_FILES_CHKSUM question
In what way does LIC_FILES_CHKSUM correlate to what is specified in LICENSE?
LIC_FILES_CHKSUM *must* be specified unless LICENSE is set to CLOSED.
But, what if the package does not itself provide a license type file?
Is it then ok to simply leave LIC_FILES_CHKSUM = ?
Also, I could see that there was an Erlang Public License file
available in poky. But the file is named ErlPL-1.1 and there were no
maps attached to it, this patch will add that.
Hans
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 3cb143c..ffed997 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -101,9 +101,14 @@ SPDXLICENSEMAP[AFL-1] = AFL-1.2
SPDXLICENSEMAP[AFLv2] = AFL-2.0
SPDXLICENSEMAP[AFLv1] = AFL-1.2
+#Erlang variations
+SPDXLICENSEMAP[ErlPLv1.1] = ErlPL-1.1
+SPDXLICENSEMAP[ErlPL1.1] = ErlPL-1.1
+
#Other variations
SPDXLICENSEMAP[EPLv1.0] = EPL-1.0
+
# Additional license directories. Add your custom licenses
directories this path.
# LICENSE_PATH += ${COREBASE}/custom-licenses
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yet another LIC_FILES_CHKSUM question
On Wed, Jun 12, 2013 at 6:05 AM, Hans Beckérus hans.becke...@gmail.com wrote:
In what way does LIC_FILES_CHKSUM correlate to what is specified in LICENSE?
LIC_FILES_CHKSUM *must* be specified unless LICENSE is set to CLOSED.
But, what if the package does not itself provide a license type file?
Is it then ok to simply leave LIC_FILES_CHKSUM = ?
That's kind of a tricky situation. I'm not a lawyer, but I haven't
actually seen an actual instance where there was a stated open source
license that wasn't also in the source. If there is then the correct
path is to probably put actual license text in the upstream as I can
imagine all sorts of legal issues with this. Any lawyers care to field
this on?
-b
Also, I could see that there was an Erlang Public License file
available in poky. But the file is named ErlPL-1.1 and there were no
maps attached to it, this patch will add that.
Hans
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 3cb143c..ffed997 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -101,9 +101,14 @@ SPDXLICENSEMAP[AFL-1] = AFL-1.2
SPDXLICENSEMAP[AFLv2] = AFL-2.0
SPDXLICENSEMAP[AFLv1] = AFL-1.2
+#Erlang variations
+SPDXLICENSEMAP[ErlPLv1.1] = ErlPL-1.1
+SPDXLICENSEMAP[ErlPL1.1] = ErlPL-1.1
+
#Other variations
SPDXLICENSEMAP[EPLv1.0] = EPL-1.0
+
# Additional license directories. Add your custom licenses
directories this path.
# LICENSE_PATH += ${COREBASE}/custom-licenses
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
--
Elizabeth Flanagan
Yocto Project
Build and Release
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yet another LIC_FILES_CHKSUM question
On 2013-06-12 7:55, Flanagan, Elizabeth wrote:
On Wed, Jun 12, 2013 at 6:05 AM, Hans Beckérus hans.becke...@gmail.com wrote:
In what way does LIC_FILES_CHKSUM correlate to what is specified in LICENSE?
LIC_FILES_CHKSUM *must* be specified unless LICENSE is set to CLOSED.
But, what if the package does not itself provide a license type file?
Is it then ok to simply leave LIC_FILES_CHKSUM = ?
That's kind of a tricky situation. I'm not a lawyer, but I haven't
actually seen an actual instance where there was a stated open source
license that wasn't also in the source. If there is then the correct
path is to probably put actual license text in the upstream as I can
imagine all sorts of legal issues with this. Any lawyers care to field
this on?
-b
Hi Elizabeth, I understand you are not a lawyer ;) I did not really
expect one either.
Let's tweak the question into something slightly different. Assume that
LICENSE is saying eg. GPLv2, but the COPYING file provided by the
package says GPLv3? Iow, there is a mismatch between the what the recipe
says and what the package tells you.
I am a little bit confused to how LICENSE and LIC_FILES_CHKSUM really
works together? Why do we need two different ways of telling what
license we use or actually expect? Or is LICENSE checked against the
files pointed to by LIC_FILES_CHKSUM? Should it not always be the
file(s) stored in the upstream package that dictates what license should
be applied?
Hans
Also, I could see that there was an Erlang Public License file
available in poky. But the file is named ErlPL-1.1 and there were no
maps attached to it, this patch will add that.
Hans
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 3cb143c..ffed997 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -101,9 +101,14 @@ SPDXLICENSEMAP[AFL-1] = AFL-1.2
SPDXLICENSEMAP[AFLv2] = AFL-2.0
SPDXLICENSEMAP[AFLv1] = AFL-1.2
+#Erlang variations
+SPDXLICENSEMAP[ErlPLv1.1] = ErlPL-1.1
+SPDXLICENSEMAP[ErlPL1.1] = ErlPL-1.1
+
#Other variations
SPDXLICENSEMAP[EPLv1.0] = EPL-1.0
+
# Additional license directories. Add your custom licenses
directories this path.
# LICENSE_PATH += ${COREBASE}/custom-licenses
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yet another LIC_FILES_CHKSUM question
On Wed, Jun 12, 2013 at 1:06 PM, Hans Beckerus hans.becke...@gmail.com wrote:
On 2013-06-12 7:55, Flanagan, Elizabeth wrote:
On Wed, Jun 12, 2013 at 6:05 AM, Hans Beckérus hans.becke...@gmail.com
wrote:
In what way does LIC_FILES_CHKSUM correlate to what is specified in
LICENSE?
LIC_FILES_CHKSUM *must* be specified unless LICENSE is set to CLOSED.
But, what if the package does not itself provide a license type file?
Is it then ok to simply leave LIC_FILES_CHKSUM = ?
That's kind of a tricky situation. I'm not a lawyer, but I haven't
actually seen an actual instance where there was a stated open source
license that wasn't also in the source. If there is then the correct
path is to probably put actual license text in the upstream as I can
imagine all sorts of legal issues with this. Any lawyers care to field
this on?
-b
Hi Elizabeth, I understand you are not a lawyer ;) I did not really expect
one either.
Let's tweak the question into something slightly different. Assume that
LICENSE is saying eg. GPLv2, but the COPYING file provided by the package
says GPLv3? Iow, there is a mismatch between the what the recipe says and
what the package tells you.
Ah, in that case, the LICENSE is obviously incorrect and the recipe
should be patched, right?
I am a little bit confused to how LICENSE and LIC_FILES_CHKSUM really works
together? Why do we need two different ways of telling what license we use
or actually expect?
This is a way for us to tell that the LICENSE may have changed. If the
text of the license files in LIC_FILES_CHKSUM change, something
happened that needs to be looked at.
Or is LICENSE checked against the files pointed to by
LIC_FILES_CHKSUM? Should it not always be the file(s) stored in the upstream
package that dictates what license should be applied?
They are, but there are a few problems with this
1. Figuring out license automatically is an interesting and kind of
time consuming issue. COPYING isn't *always* the license information.
We've got source that has license information in headers, in COPYING,
in LICENSE, in a lot of places and figuring out is a file contains
license information without a common portable data exchange is kind of
hard (license people see where I'm going here ;) )..
2. This is one of the reasons that Matt Germonprez and a team of
people at the University of Nebraska Omaha are working on implementing
some tooling around SPDX within the project (for more on SPDX see:
www.spdx.org). We need a way to do deep inspection of source as well
as recognize when the upstream has implemented an SPDX file. This
should be implemented in the 1.5 time frame.
So, in a nutshell, scanning for license during every build is time
consuming. We want to do it once, improve the LICENSE data where we
can, and utilize LIC_FILES_CHKSUM to help maintain it, running our
SPDX utilities now and then to be able to find new licenses added that
LIC_FILES_CHKSUM may not know about.
-b
Hans
Also, I could see that there was an Erlang Public License file
available in poky. But the file is named ErlPL-1.1 and there were no
maps attached to it, this patch will add that.
Hans
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 3cb143c..ffed997 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -101,9 +101,14 @@ SPDXLICENSEMAP[AFL-1] = AFL-1.2
SPDXLICENSEMAP[AFLv2] = AFL-2.0
SPDXLICENSEMAP[AFLv1] = AFL-1.2
+#Erlang variations
+SPDXLICENSEMAP[ErlPLv1.1] = ErlPL-1.1
+SPDXLICENSEMAP[ErlPL1.1] = ErlPL-1.1
+
#Other variations
SPDXLICENSEMAP[EPLv1.0] = EPL-1.0
+
# Additional license directories. Add your custom licenses
directories this path.
# LICENSE_PATH += ${COREBASE}/custom-licenses
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
--
Elizabeth Flanagan
Yocto Project
Build and Release
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
