Henry Spencer's license
by Petr Šabata
Dear legal,
While checking the contents of our `perl' package, I noticed the following:
(...)
/* NOTE: this is derived from Henry Spencer's regexp code, and should not
* confused with the original package (see point 3 below). Thanks, Henry!
*/
/* Additional note: this code is very heavily munged from Henry's version
* in places. In some spots I've traded clarity for efficiency, so don't
* blame Henry for some of the lack of readability.
*/
/* The names of the functions have been changed from regcomp and
* regexec to pregcomp and pregexec in order to avoid conflicts
* with the POSIX routines of the same names.
*/
(...)
* pregcomp and pregexec -- regsub and regerror are not used in perl
*
* Copyright (c) 1986 by University of Toronto.
* Written by Henry Spencer. Not derived from licensed software.
*
* Permission is granted to anyone to use this software for any
* purpose on any computer system, and to redistribute it freely,
* subject to the following restrictions:
*
* 1. The author is not responsible for the consequences of use of
* this software, no matter how awful, even if they arise
* from defects in it.
*
* 2. The origin of this software must not be misrepresented, either
* by explicit claim or by omission.
*
* 3. Altered versions must be plainly marked as such, and must not
* be misrepresented as being the original software.
*
**** Alterations to Henry's code are...
****
**** Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
**** 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
**** by Larry Wall and others
****
**** You may distribute under the terms of either the GNU General Public
**** License or the Artistic License, as specified in the README file.
(...)
You can see the whole file here:
https://metacpan.org/source/SHAY/perl-5.20.1/regexec.c
I looked but couldn't find any common name for this license
of Henry's. Is it on our list? Is it free? What name should
I use in the License tag?
Thank you,
Petr
2 weeks, 2 days
Re: SPDX Statistics - Pavel edition
by Richard Fontana
On Sun, Jan 29, 2023 at 11:41 AM Miroslav Suchý <msuchy(a)redhat.com> wrote:
>
> Tip: do you want to audit licenses in your tarball? Unpack the tarball and try:
>
> dnf install askalono-cli
>
> askalono crawl /path/to/directory
Regarding askalono: I had not heard of it prior to getting involved in
this whole Fedora initiative around the Callaway->SPDX migration and
the revamped legal documentation. Since then I've used it quite a bit,
mostly for some non-Fedora-related work.
askalono is a easy-to-use tool which is good to reach for in some
situations, but one should be aware of its limitations and
primitiveness. It can't recognize or understand:
* license notices/license texts that are comments in source files (it
specifically looks only for files that are named LICENSE or COPYING or
some obvious variant on those)
* license notices/license texts in README files
* license files that contain multiple license texts (or it will only
recognize the first of them)
* nonstandard/archaic/legacy licenses (which covers most of the
licenses being reviewed in issues in fedora-license-data)
I've found it useful for quick analysis of packages coming out of
ecosystems featuring projects known to have (1) highly standardized
approaches to layout of license information, (2) generally simple
license makeup, and (3) cultural preferences for a highly limited set
of licenses (for example, Rust crates that don't bundle legacy C code,
Golang modules, Node.js npm packages). For things that don't have such
simple characteristics (such as a lot of relatively old, historically
complex Fedora packages) it is probably not going to be too useful for
its "crawl" functionality. And for the task of trying to identify
previously-overlooked or abstracted-away licenses in Fedora packages
it is basically not useful at all.
So: a good tool to have in the toolbox, but its limitations should be
understood, and I don't think it can really be recommended as an audit
tool by itself, given its limitations, even for the kinds of packages
it is relatively useful for.
Richard
1 month, 3 weeks
License change: snakemake 7.20.0 is MIT AND Unlicense
by Ben Beasley
The entire project remains (SPDX) MIT, except:
- versioneer.py is Unlicense (but is not packaged in the binary RPMs)
- snakemake/_version.py says:
This file is released into the public domain.
which would be LicenseRef-Fedora-Public-Domain, except that the comments
in versioneer.py make it clear that Unlicense is intended for the
generated files as well. The License field now reflects this.
Older versions of versioneer.py had similar language, but with CC0-1.0
instead of Unlicense.
1 month, 4 weeks
Exception needed for KDE GitLab CI scripts being licensed CC0-1.0
by Neal Gompa
Hey folks,
So I was working through the review of flatpak-kcm[1], where I
discovered that KDE GitLab CI scripts are currently licensed CC0-1.0.
I'm in the process of making a request to KDE to consider relicensing
all such code/scripts to MIT, but in the meantime, is it okay for us
to have CC0-1.0 listed for this specific case?
Thanks in advance,
[1]: https://bugzilla.redhat.com/2162953
--
真実はいつも一つ!/ Always, there's only one truth!
1 month, 4 weeks
SPDX office hours - Second Session
by David Cantrell
Hello.
The owners of SPDX Change proposal want to have this Change as smooth as
possible. And we decided to setup Office hours.
Do you have any questions about SPDX migration?
Do you hesitate about what steps you should take?
How to proceed with your package? We will do our best to help you.
This is intended to be bi-weekly.
Every time in a different time, to match the time of different people in
different time zones.
Wednesday 2023-02-01 01:00-02:00 UTC
(8pm 2023-01-31 EST, 5pm 2023-01-31 PST, 2am 2023-02-01 CET, 10am 2023-02-01 JST)
Google Meet joining info
Video call link: meet.google.com/zsu-tbci-cfi
Or dial: (US) +1 413-752-4319 PIN: 755 481 969#
More phone numbers: https://meet.google.com/tel/zsu-tbci-cfi?pin=7170141193104&hs=1&pli=1
Or join via SIP: 7170141193104(a)gmeet.redhat.com
--
David Cantrell <dcantrell(a)redhat.com>
Red Hat, Inc. | Boston, MA | EST5EDT
2 months
Who wants to try matching these?
by David Cantrell
The first is from strlcat.c and strlcpy.c from NetBSD:
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller(a)courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE
* FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
(Todd Miller is also the author of sudo, so I would not be surprised if he has
code like this in sudo as well.)
The second is timegm.c from NetBSD as well, but this might just be for fun
because here's all we get in that file:
/* $NetBSD: timegm.c,v 1.3 2005/05/11 01:01:56 lukem Exp $ */
/* from ? */
Ha!
The third one is from snprintf.c in NetBSD:
/*
* Copyright Patrick Powell 1995
* This code is based on code written by Patrick Powell (papowell(a)astart.com)
* It may be used for any purpose as long as this notice remains intact
* on all source code distributions
*/
Right.... so???
--
David Cantrell <dcantrell(a)redhat.com>
Red Hat, Inc. | Boston, MA | EST5EDT
2 months
License compliance in fedora-review
by Benson Muite
Fedora-review has a license check component that lists license types
available in a package. However, not all licenses are compliant with
each other. A chart indicating which licenses can be included with other
licenses is available at:
https://dwheeler.com/essays/floss-license-slide.html
Would it be possible to create a similar chart for all SPDX identifiers
that can be used in Fedora? This would enable adding such a check to
fedora-review.
2 months
Here's another couple
by David Cantrell
xmalloc.c from tmux:
/*
* Author: Tatu Ylonen <ylo(a)cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo(a)cs.hut.fi>, Espoo, Finland
* All rights reserved
* Created: Mon Mar 20 22:09:17 1995 ylo
*
* Versions of malloc and friends that check their results, and never return
* failure (they call fatal if they encounter an error).
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
Which to me means this originated from the original ssh, not that that's
relevant. Just historical. So how does this one match?
And what about:
/*
* Portions Copyright (c) 1995 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* To the extent it has a right to do so, IBM grants an immunity from suit
* under its patents, if any, for the use, sale or manufacture of products to
* the extent that such products are used for performing Domain Name System
* dynamic updates in TCP/IP networks by means of the Software. No immunity is
* granted for any product per se or for any other function of any product.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
Thanks,
--
David Cantrell <dcantrell(a)redhat.com>
Red Hat, Inc. | Boston, MA | EST5EDT
2 months
xscreensaver and x11-ssh-askpass licenses
by David Cantrell
Happy New Year, everyone!
Among the various packages I maintain is one called x11-ssh-askpass. The
project itself is old but still runs and there are users. I am trying to
generate an SPDX license expression for this package and am asking for help
for clarification.
x11-ssh-askpass uses code from xscreensaver (jwz.org/xscreensaver). In the
Fedora package for xscreensaver we call it MIT licensed. The xscreensaver
project provides sample spec file to build and RPM and in that spec file they
call themselves BSD licensed. However, I see this at least in xscreensaver.c:
/* xscreensaver, Copyright © 1991-2022 Jamie Zawinski <jwz(a)jwz.org>
*
* Permission to use, copy, modify, distribute, and sell this software and its
* documentation for any purpose is hereby granted without fee, provided that
* the above copyright notice appear in all copies and that both that
* copyright notice and this permission notice appear in supporting
* documentation. No representations are made about the suitability of this
* software for any purpose. It is provided "as is" without express or
* implied warranty.
*
Would we call this MIT? It begins mostly the same way but reduces the as-is
paragraph to I guess the last two sentences. Or would this be more ISC or
even HPND? ISC doesn't feel right but also feels less wrong somehow to me.
HPND....???
With the xscreensaver license sorted out, that leaves the remaining original
code in x11-ssh-askpass which carries this license:
The remaining portions fall under the following copyright and license:
by Jim Knoble <jmknoble(a)pobox.com>
Copyright (C) 1999,2000,2001 Jim Knoble
Permission to use, copy, modify, distribute, and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and
that both that copyright notice and this permission notice appear in
supporting documentation.
+------------+
| Disclaimer |
+------------+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
express or implied, including but not limited to the warranties of
merchantability, fitness for a particular purpose and
noninfringement. In no event shall the author(s) be liable for any
claim, damages or other liability, whether in an action of contract,
tort or otherwise, arising from, out of or in connection with the
software or the use or other dealings in the software.
Again....MIT, ISC, HPND, something else? Anyone have any ideas?
Thanks,
--
David Cantrell <dcantrell(a)redhat.com>
Red Hat, Inc. | Boston, MA | EST5EDT
2 months