On 03/28/2018 05:14 PM, Martin Wilck wrote: > On Wed, 2018-03-28 at 00:24 +0200, Xose Vazquez Perez wrote: > Multiple licenses are acceptable for multipath-tools, too. Yet we need > to understand, and clearly communicate, which license applies to which > source file, and what that means for the binaries and libraries that > are part of the package. And, needless to say, reducing the number of > licenses and getting rid of the obsolete LGPL-2.0 would simplify > matters significantly, both for us and other parties. It would be nice to have the old cvs repo, from 2003-09-18 multipath-0.0.1 to 2005-05-23 multipath-tools-0.4.5, online. Or converted to git. >> And the SPDX License Identifier is being used: >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr >> ee/Documentation/process/license-rules.rst > > Yeah, it's probably a good idea to do that. I'm not sure if it should > replace the boilerplate license header or just be added on top of it. > Either way, when we do this, we should make sure that we understand > which license covers the individual files, in particular those that > currently have no license header. We're assuming that these are covered > by COPYING, but is that actually true for all 130+ files? > > This shouldn't be taken too lightly. Assume you add an "LGPL-2.1" SPDX > header to some file. Company X links to the file in it's proprietary > product. Later, company Y finds some of its own GPL-2.0 licensed code > in the same file and sues X over 100 million for GPL breakage. Now X > claims the money back from the person who inserted the misleading > license header in the file ... > > That sounds paranoid and exaggerated, but I've heard exactly arguments > like this in discussions about proprietary software using FLOSS. It's > the kind of thing Black Duck and similar companies make money with. Kernel guys are replacing boiler plate text with a SPDX tag. I suppose, by advice and with assistance of the lawyers of The Linux Foundation. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b24413180f5600bcb3bb70fbed5cf186b60864bd https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a04c7278d3042cb30c8a66197d900209a4f2417c This template could be good enough and neat for multipath-tools: // SPDX-License-Identifier: <licence(s)> // File-Originally-From: <project name and <url>> // <a copyright indicator> <year(s) applicable>, <copyright holder(s)>. // Author(s): <Name and <e-mail>> // ... e.g. // SPDX-License-Identifier: GPL-2.0-or-later // File-Originally-From: linux-tool <http://linux-tool.org> // Copyright 1999, 2001-2018, Foo Corp. // Author(s): Bar <bar@xxxxxxx> -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
