SPDX: Add canonical licenses for indirect SPDX references in the tree
AbandonedPublic
Actions

Authored by imp on Mar 11 2021, 9:18 PM.

Details

Reviewers

jhb
emaste
gnn
bz

Summary

Add the SPDX 2.2 specification we follow, as well as the acceptable licenses in
the FreeBSD tree to be referneced indirectly. Write up this policy and include
it in the README.txt file.

Please note: BSD-2-Clause-FreeBSD and BSD-2-Clause-NetBSD have been omitted
from this list as they have been deprecated by SPDX. It's unclaer what the
proper thing to do here is, so err on the side of caution by requiring the
exact licenses to be included in these files for now.

Also note: Do not go removing license text from files in the FreeBSD
tree just yet.

Test Plan

Preliminary framework for in-tree indirect license references

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 37783
Build 34672: arc lint + arc unit

Event Timeline

imp created this revision.Mar 11 2021, 9:18 PM

Herald added a reviewer: Core Team. · View Herald TranscriptMar 11 2021, 9:18 PM

imp requested review of this revision.Mar 11 2021, 9:18 PM

Harbormaster completed remote builds in B37783: Diff 85600.Mar 11 2021, 9:18 PM

imp edited the test plan for this revision. (Show Details)Mar 11 2021, 9:19 PM

imp added reviewers: jhb, emaste.

imp removed a reviewer: Core Team.

Note: all the licenses were taken from SPDX's text version of their web site.

LGTM

This revision is now accepted and ready to land.Mar 11 2021, 11:22 PM

Can we just provide a link to SPDX-specification-2-2.pdf rather than including the PDF?

We can include portions of it in README.md/LICENSE.md etc.?

jhb accepted this revision.Mar 15 2021, 3:55 PM

In D29226#654463, @emaste wrote:

Can we just provide a link to SPDX-specification-2-2.pdf rather than including the PDF?

We can include portions of it in README.md/LICENSE.md etc.?

I'm unsure. I'm still seeking advice for which of the many different ways this is done will fit the project's needs best.

I think we can cache a copy of the pdf somewhere against future need, but point to the spdx.org pdf, though. How much of the most important sections we need to include and where is an open question for me at the moment.

FWIW, I got the BSD-1-Clause License approved by OSI, Approval is not terribly important as we only use it for a couple of files in the tree.
OTOH the very simplistic license would be useful to adopt for source header files (*.h).

share/license/text/BSD-1-Clause.txt
1	FWIW, You should replace mentions of BSDI with [Name of Organization], and the stuff like the year as in: https://opensource.org/licenses/BSD-1-Clause
9	Same comment from line 1 applies here.

imp added inline comments.Mar 17 2021, 5:41 AM

share/license/text/BSD-1-Clause.txt
1	I just pulled in what the SPDX guys published verbatim. It is a question I have out to a friend, though, since I don't think any of these files should have a copyright in them. That should always be in the source.

Presumably we need an update to the top-level COPYRIGHT statement to reference SPDX tags as well.

Linux's top-level COPYING contains:

In addition, other licenses may also apply. Please see:

        Documentation/process/license-rules.rst

for more details.

(referencing share/license/README.txt)

emaste added a subscriber: bz.May 21 2021, 6:22 PM

In D29226#682630, @emaste wrote:

Presumably we need an update to the top-level COPYRIGHT statement to reference SPDX tags as well.

Yea, that's part of all this as well... Where do we document things so people know how to construct the license for any given file. what to do when there's multiple sources of data, etc

I think I'll move this to LICENSE at the top level to match the SPDX and Reuse.software specs and structure it a little differently to be in sync with them...

Plus I need to re-grab the text of these licenses since changes that don't change the legal meaning have happened to a few of them.

bz requested changes to this revision.May 22 2021, 2:39 PM

bz added inline comments.

share/license/README.txt
4	follows (not past I assume)
8	[files] do not ..
27	What about Dual licensing? Should this be mentioned as a combination of the below?

This revision now requires changes to proceed.May 22 2021, 2:39 PM

imp added inline comments.May 22 2021, 3:40 PM

share/license/README.txt
27	The spdx standard covers that, no?

imp added inline comments.May 22 2021, 3:47 PM

share/license/README.txt
27	Or are you asking which dual licenses are allowed?

bz added inline comments.May 22 2021, 5:38 PM

share/license/README.txt
27	Yes. Do we need to explicitly cover that for FreeBSD? Or maybe the normal license policy needs to be extended for that? Also above it says "Licenses are represented by a short identifier from the following list" ("a" translates to "one" in my non-native English speaker's head). Does this imply "one or a combination of short identifiers"?

We'll need some text like Linux's (from Documentation/process/license-rules.rst)

3. Syntax:

   A <SPDX License Expression> is either an SPDX short form license
   identifier found on the SPDX License List, or the combination of two
   SPDX short form license identifiers separated by "WITH" when a license
   exception applies. When multiple licenses apply, an expression consists
   of keywords "AND", "OR" separating sub-expressions and surrounded by
   "(", ")" .

imp added inline comments.May 22 2021, 5:54 PM

share/license/README.txt
27	SPDX specifies those expressions. I'll make that clearer.

grehan mentioned this in D30668: Intel I225 Driver.Jun 7 2021, 8:40 AM

bz added inline comments.Nov 28 2021, 7:17 PM

share/license/text/BSD-2-Clause.txt
9	This does not match our default text and should likely be resolved somehow as well in case we'd ever switch to this as new default? Also "All rights reserved" ... but as you said above the copyright should be in the source...