Dne 29. 08. 23 v 13:11 Daniel P. Berrangé napsal(a):
Hi Legal
The 'sgx-sdk' package is currently open for review with a view to
adding to Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=2085444
One of the last stumbling blocks is that it includes a copy of the
"dlmalloc" code under the CC0 license, which is now a forbidden
code license for packages being newly added to Fedora.
Just FTR, if I am not mistaken, dlmalloc license was also found problematic during work on wasi-libc [1], where after all, different implementation of malloc (emmalloc) was used. Wouldn't this be option also for sgx-sdk?
Vít [1] https://github.com/WebAssembly/wasi-libc/issues/319
The authors of sgx-sdk have contacted the original author of dlmalloc, and he apparently suggested that since CC0 is a public domain license, they can just add a second license header of their choosing to the source files and Fedora can then ignore the orignial CC0 license. This smells fishy to me, as I can't come with rationale for why adding a second "BSD" license header to the source file and justify Fedora ignoring the original CC0. The original code would still explicitly not have a patent grant, and an extra license doesn't seem to alter that fact. It was pointed out that this approach has already been taken by OpenJDK, where they took CC0 code and added a GPL-v2-only header: https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/java/util/concurrent/AbstractExecutorService.java OpenJDK though would be grandfathered in, since it existed in Fedora before CC0 was forbidden, so I'm not sure that can be relied on as a precedent. I am not a lawyer, so I want an expert opinion on this suggestion that adding a 2nd license header allows Fedora to ignore the original CC0 license. If it is true, then it would appear to make the whole exercise of banning CC0 effectively pointless. I had also suggested downgrading to an older version of dlmalloc which had the CC Public Domain license, rather than CC0, but the sgx-sdk maintainers rejected that as they're concerned it has security relevant flaws. With regards, Daniel
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
