On Wed, 2018-03-28 at 00:24 +0200, Xose Vazquez Perez wrote: > On 03/26/2018 06:07 PM, Benjamin Marzinski wrote: > > > If we can limit the project to two (or if necessary 3) licenses, we > > can > > just include all the license files, and explain what applies to > > what > > in the README. I haven't really looked at how other projects that > > have > > multiple licenses for parts of their code do things, so perhaps > > there is > > a more standard way. > > Multiple licences, for modules, are accepted in the Linux kernel: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr > ee/include/linux/module.h#n171 Multiple licenses are acceptable for multipath-tools, too. Yet we need to understand, and clearly communicate, which license applies to which source file, and what that means for the binaries and libraries that are part of the package. And, needless to say, reducing the number of licenses and getting rid of the obsolete LGPL-2.0 would simplify matters significantly, both for us and other parties. > And the SPDX License Identifier is being used: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr > ee/Documentation/process/license-rules.rst Yeah, it's probably a good idea to do that. I'm not sure if it should replace the boilerplate license header or just be added on top of it. Either way, when we do this, we should make sure that we understand which license covers the individual files, in particular those that currently have no license header. We're assuming that these are covered by COPYING, but is that actually true for all 130+ files? This shouldn't be taken too lightly. Assume you add an "LGPL-2.1" SPDX header to some file. Company X links to the file in it's proprietary product. Later, company Y finds some of its own GPL-2.0 licensed code in the same file and sues X over 100 million for GPL breakage. Now X claims the money back from the person who inserted the misleading license header in the file ... That sounds paranoid and exaggerated, but I've heard exactly arguments like this in discussions about proprietary software using FLOSS. It's the kind of thing Black Duck and similar companies make money with. Regards Martin -- Dr. Martin Wilck <mwilck@xxxxxxxx>, Tel. +49 (0)911 74053 2107 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
