Does anyone have feedback on this license review questionmark On Tue, Aug 29, 2023 at 12:11:38PM +0100, Daniel P. Berrangé wrote: > Hi Legal > > The 'sgx-sdk' package is currently open for review with a view to > adding to Fedora: > > https://bugzilla.redhat.com/show_bug.cgi?id=2085444 > > One of the last stumbling blocks is that it includes a copy of the > "dlmalloc" code under the CC0 license, which is now a forbidden > code license for packages being newly added to Fedora. > > The authors of sgx-sdk have contacted the original author of > dlmalloc, and he apparently suggested that since CC0 is a public > domain license, they can just add a second license header of their > choosing to the source files and Fedora can then ignore the orignial > CC0 license. > > This smells fishy to me, as I can't come with rationale for why > adding a second "BSD" license header to the source file and justify > Fedora ignoring the original CC0. The original code would still > explicitly not have a patent grant, and an extra license doesn't > seem to alter that fact. > > It was pointed out that this approach has already been taken by > OpenJDK, where they took CC0 code and added a GPL-v2-only header: > > https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/java/util/concurrent/AbstractExecutorService.java > > OpenJDK though would be grandfathered in, since it existed in > Fedora before CC0 was forbidden, so I'm not sure that can be > relied on as a precedent. > > I am not a lawyer, so I want an expert opinion on this suggestion > that adding a 2nd license header allows Fedora to ignore the > original CC0 license. If it is true, then it would appear to > make the whole exercise of banning CC0 effectively pointless. > > > I had also suggested downgrading to an older version of dlmalloc > which had the CC Public Domain license, rather than CC0, but the > sgx-sdk maintainers rejected that as they're concerned it has > security relevant flaws. > > With regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| > _______________________________________________ > legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
