Dear Daniel, In message <CAEBXXD80CzGeL9HZkx3pQTZXF7OiFkF9+Z5_jOqabR=zls6...@mail.gmail.com> you wrote: > > Correct me if I am wrong, but u-boot is not licensed under the GPLv2+, > but under the GPLv2+ with a special exception:
Actually if you look at U-Boot as a whole, it is GPL-2.0 only. There are large parts that are GPL-2.0+, and we try to have newly added code licensed under GPL-2.0+ as well, but there are large parts of code that were imported from other projects (mainly the Linux kernel) which are GPL-2.0 only. I dare to say that you cannot easily build a reasonably powerful configuration of U-Boot that does not include GPL-2.0 only code, so the resulting licese for U-Boot as a whole is GPL-2.0 only, plus the exception you mention. > so the SPDX license identifier is incomplete for your particular intentions. We never tried to assign a license ID to the project as a whole; the README attempts to describe the status quo. If somebode asks for a precise statement we have to tell him what I explained above: GPL-2.0 only plus the exception for standalone programs. > Interestingly, if I take a single file from u-boot and reuse it, the > exception will probably not be relevant. Correct. > Now, with regard to complex licensing, take for example the file: > > ./drivers/usb/gadget/f_mass_storage.c in U-boot. ... > the file in u-boot replaces this notice with: ... > * SPDX-License-Identifier: GPL-2.0+ BSD-3-Clause ... > now, it is not clear the the license of the file is. For your purposes > (as a consumer of f_mass_storage.c) is probably enough. > But now it is not clear that the file can be used under either the > BSD-3 or the GPLv2+ if somebody cherry picks the file (as you did). You are right in so far, as the current version of our Licenses/README does not contain a definition yet how such a line with multiple license IDs shall be interpreted. This is one of the things we still have to fix. Sorry, but this is still work in progress, and we're trying to figure out how to deal with such things efficiently as we go. Assume we add a phrase like: "If a "SPDX-License-Identifier:" line references more than one Unique License Identifier, then this means that the respective file canbe used under the terms of either of these licenses." Do you think this would be sufficient to solve the problem you have spottet? [Thanks for pointing out. I remember I had this on my list some time ago, but obviously I forgot about it.] > Note also that the license is not exactly spdx-BSD3 (it will not match > the guideliness of SPDX because of the extra clause). So in a way, the > SPDX license in this file is incorrect. I don't see what you mean here. If we remove the "ALTERNATIVELY" part, the remainder of the license header matches exactly the BSD 3-clause "New" or "Revised" License as listed at http://spdx.org/licenses/BSD-3-Clause#licenseText Or am I missing something? > For the ones that are not author by you, you are making a licensing > analysis and conclusion before you can use > an SPDX identifier. Yes, that's true. Actually this is the whole purpose of the action; we try to perform this work once and record the results in an easily parable way, instead of having everybody who has to get some license clearing to do this over and over again. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de A verbal contract isn't worth the paper it's written on. -- Samuel Goldwyn _______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
