Page MenuHomeFreeBSD

SPDX: Add canonical licenses for indirect SPDX references in the tree
Needs RevisionPublic

Authored by imp on Mar 11 2021, 9:18 PM.

Details

Reviewers
jhb
emaste
gnn
bz
Summary

Add the SPDX 2.2 specification we follow, as well as the acceptable licenses in
the FreeBSD tree to be referneced indirectly. Write up this policy and include
it in the README.txt file.

Please note: BSD-2-Clause-FreeBSD and BSD-2-Clause-NetBSD have been omitted
from this list as they have been deprecated by SPDX. It's unclaer what the
proper thing to do here is, so err on the side of caution by requiring the
exact licenses to be included in these files for now.

Also note: Do not go removing license text from files in the FreeBSD
tree just yet.

Test Plan

Preliminary framework for in-tree indirect license references

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 37783
Build 34672: arc lint + arc unit

Event Timeline

imp requested review of this revision.Mar 11 2021, 9:18 PM
imp added reviewers: jhb, emaste.
imp removed a reviewer: Core Team.

Note: all the licenses were taken from SPDX's text version of their web site.

gnn added a subscriber: gnn.

LGTM

This revision is now accepted and ready to land.Mar 11 2021, 11:22 PM

Can we just provide a link to SPDX-specification-2-2.pdf rather than including the PDF?

We can include portions of it in README.md/LICENSE.md etc.?

Can we just provide a link to SPDX-specification-2-2.pdf rather than including the PDF?

We can include portions of it in README.md/LICENSE.md etc.?

I'm unsure. I'm still seeking advice for which of the many different ways this is done will fit the project's needs best.

I think we can cache a copy of the pdf somewhere against future need, but point to the spdx.org pdf, though. How much of the most important sections we need to include and where is an open question for me at the moment.

FWIW, I got the BSD-1-Clause License approved by OSI, Approval is not terribly important as we only use it for a couple of files in the tree.
OTOH the very simplistic license would be useful to adopt for source header files (*.h).

share/license/text/BSD-1-Clause.txt
1

FWIW, You should replace mentions of BSDI with [Name of Organization], and the stuff like the year as in:

https://opensource.org/licenses/BSD-1-Clause

9

Same comment from line 1 applies here.

share/license/text/BSD-1-Clause.txt
1

I just pulled in what the SPDX guys published verbatim.

It is a question I have out to a friend, though, since I don't think any of these files should have a copyright in them. That should always be in the source.

Presumably we need an update to the top-level COPYRIGHT statement to reference SPDX tags as well.

Linux's top-level COPYING contains:

In addition, other licenses may also apply. Please see:

        Documentation/process/license-rules.rst

for more details.

(referencing share/license/README.txt)

Presumably we need an update to the top-level COPYRIGHT statement to reference SPDX tags as well.

Yea, that's part of all this as well... Where do we document things so people know how to construct the license for any given file. what to do when there's multiple sources of data, etc

I think I'll move this to LICENSE at the top level to match the SPDX and Reuse.software specs and structure it a little differently to be in sync with them...

Plus I need to re-grab the text of these licenses since changes that don't change the legal meaning have happened to a few of them.

bz requested changes to this revision.May 22 2021, 2:39 PM
bz added inline comments.
share/license/README.txt
4

follows (not past I assume)

8

[files] do not ..

27

What about Dual licensing? Should this be mentioned as a combination of the below?

This revision now requires changes to proceed.May 22 2021, 2:39 PM
share/license/README.txt
27

The spdx standard covers that, no?

share/license/README.txt
27

Or are you asking which dual licenses are allowed?

share/license/README.txt
27

Yes. Do we need to explicitly cover that for FreeBSD? Or maybe the normal license policy needs to be extended for that?

Also above it says "Licenses are represented by a short identifier from the following list" ("a" translates to "one" in my non-native English speaker's head). Does this imply "one or a combination of short identifiers"?

We'll need some text like Linux's (from Documentation/process/license-rules.rst)

3. Syntax:

   A <SPDX License Expression> is either an SPDX short form license
   identifier found on the SPDX License List, or the combination of two
   SPDX short form license identifiers separated by "WITH" when a license
   exception applies. When multiple licenses apply, an expression consists
   of keywords "AND", "OR" separating sub-expressions and surrounded by
   "(", ")" .
share/license/README.txt
27

SPDX specifies those expressions. I'll make that clearer.